Privacy Policy

Last Updated: March 28, 2026

Introduction

NibbleFind ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application.

This policy complies with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and California Privacy Rights Act (CPRA).

Information We Collect

Personal Information You Provide

When you create an account and use NibbleFind, we collect:

• Account Information: Email address, full name, password (encrypted)
• Profile Information: Phone number (optional), role (customer or business)
• Business Information (for vendor accounts): Business name, category, description, address, photos, operating hours, payment methods, tags
• Location Data:
  • GPS coordinates (when you use location features)
  • Address information you provide
  • Daily locations for mobile vendors (optional)
• User-Generated Content: Ratings and reviews, favorite vendors

Automatically Collected Information

• Device Information: Device type, operating system version
• Authentication Data: Login sessions, sign-in method (email/password, Google, Apple)
• Usage Data: Features you use, actions you take in the app
• Timestamps: When you create, update, or delete data

How We Use Your Information

We use your information for:

• Account Management: Creating and maintaining your account
• Service Delivery: Displaying vendor listings, showing nearby vendors, enabling search and filtering
• Business Listings: Publishing and managing your vendor profile (for business users)
• Location Services: Showing vendors near you, geocoding addresses
• Communication: Responding to your requests and providing customer support
• Security: Preventing fraud, enforcing our Terms of Service
• Legal Compliance: Meeting legal obligations and protecting our rights

Legal Basis for Processing (GDPR)

We process your data based on:

• Consent: You explicitly agree to our data collection (e.g., location access, account creation)
• Contract Performance: Processing is necessary to provide our services
• Legitimate Interests: Improving our services, preventing fraud, ensuring security
• Legal Obligations: Complying with applicable laws

Data Sharing and Disclosure

We Share Your Information With:

• Firebase/Google Cloud Platform: Our infrastructure provider for hosting, authentication, database, and storage services
• Geocoding Services: To convert addresses to map coordinates
• Authentication Providers: Google Sign-In, Apple Sign-In (if you choose these options)

We Do Not:

• Sell Your Personal Information: We do not and will never sell your data to third parties
• Share for Advertising: We do not share your data with advertising networks
• Rent or Trade Data: Your information is never rented or traded

Public Information:

The following information is publicly visible in the app:

• Business vendor listings (name, category, description, location, photos, hours, ratings)
• Your ratings of vendors (associated with your account but not your name)

The following information is private:

• Your email address, phone number, favorites list, full profile details

Your Privacy Rights

All Users:

• Access: Request a copy of your personal data
• Correction: Update or correct your information
• Deletion: Delete your account and all associated data
• Data Portability: Export your data in a structured format
• Withdraw Consent: Opt out of optional data collection (e.g., location services)

California Residents (CCPA/CPRA):

• Right to Know: What personal information we collect and how it's used
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We don't sell data, so no opt-out is needed
• Right to Non-Discrimination: We won't discriminate for exercising your rights
• Right to Correct: Request correction of inaccurate information
• Right to Limit Sensitive Data Use: Control use of sensitive personal information (e.g., precise location)

EU Residents (GDPR):

• Right to Access: Obtain confirmation of data processing
• Right to Rectification: Correct inaccurate data
• Right to Erasure ("Right to be Forgotten"): Delete your data
• Right to Restrict Processing: Limit how we use your data
• Right to Data Portability: Receive your data in machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Lodge a Complaint: Contact your local data protection authority

How to Exercise Your Rights

Delete Your Account:

1. Go to Account Settings
2. Scroll to "Danger Zone"
3. Type "DELETE" and confirm
4. All your data will be permanently removed within 72 hours

If you have uninstalled the app and need to request account deletion, please contact us at support@nibblefind.com.

Download Your Data:

1. Go to Account Settings
2. Tap "Download My Data"
3. Receive a JSON file with all your personal information

Update Your Information:

• Edit your profile in Account Settings
• Update your vendor listing anytime

Contact Us:

For privacy requests or questions, email us at support@nibblefind.com.

Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: All data is permanently deleted immediately upon account deletion
• Backups: Backup copies are deleted within 30 days
• Legal Requirements: We may retain certain data if required by law

Data Security

We implement industry-standard security measures:

• Encryption: Passwords are encrypted; data in transit uses HTTPS/TLS
• Authentication: Firebase Authentication with secure session management
• Access Controls: Firestore security rules ensure users can only access their own data
• Regular Audits: We review our security practices regularly

However, no system is 100% secure. We cannot guarantee absolute security.

Children's Privacy (COPPA)

NibbleFind is not intended for children under 13 (or 16 in the EU). We do not knowingly collect data from children. If we discover we've collected data from a child, we will delete it immediately.

If you believe a child has provided us with personal information, please contact us at support@nibblefind.com.

Location Data (Sensitive Personal Information)

Location data is considered sensitive under CPRA. We collect precise location:

• When: You create/update a vendor listing or use "Find Nearby" features
• Why: To show vendors on the map and enable location-based search
• How to Control:
  • Deny location permissions in your device settings
  • Enter addresses manually instead of using GPS
  • Delete your account to remove all location history

International Data Transfers

Your data is stored on Firebase servers, which may be located outside your country. We ensure appropriate safeguards are in place (e.g., Standard Contractual Clauses for EU data).

Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted with a new "Last Updated" date. Continued use of NibbleFind after changes constitutes acceptance.

For material changes, we will notify you via email or in-app notification.

Contact Us

For privacy questions, concerns, or to exercise your rights:

Email: support@nibblefind.com

Back to Home