Let's Brunch Privacy

Your privacy matters. Protect yourself with a secure VPN.
Sponsored

Privacy Policy

Effective Date: October 11, 2025
Last Updated: October 11, 2025

Introduction

Welcome to Let's Brunch ("we," "our," or "us"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application, website, and related services (collectively, the "Service"). Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access the Service.

Information We Collect

Personal Information

We collect information you provide directly to us, such as when you create an account, use our Service, or contact us for support.

User Account Information

  • Name and Contact Information: Full name, email address, phone number
  • Profile Information: Profile picture, bio, date of birth, age, gender, race, ethnicity
  • Location Data: Current location, preferred search radius, location preferences
  • Preferences: Cuisine preferences, music preferences, ambiance preferences
  • Account Settings: Currency preference, language, dark mode preference, notification preferences

Restaurant Owner Information

  • Business Information: Restaurant name, address, phone number, email, cuisine type, price range
  • Location Data: Restaurant coordinates (latitude/longitude), city, state, zip code
  • Business Details: Description, operating hours, menu information, photos
  • Verification Information: Business license, tax identification, verification documents

Content and Activity Information

  • Reviews and Ratings: Reviews you write, ratings you provide, photos you upload
  • Reservations: Booking history, reservation preferences, party size, special requests
  • Social Interactions: Posts, comments, likes, follows, social connections
  • Vibe Check Posts: Photos, videos, and content you share through our vibe check feature
  • Search History: Restaurants you search for, filters you use, saved searches

Payment Information

  • Payment Methods: Credit card information, billing address (processed securely through third-party payment processors)
  • Transaction History: Purchase history, subscription payments, refunds
  • Subscription Data: Subscription status, expiration dates, plan details

Device and Technical Information

  • Device Information: Device type, operating system, device identifiers, IP address
  • App Usage Data: Features used, time spent in app, crash reports, performance data
  • Push Notification Tokens: Device tokens for sending push notifications
  • Analytics Data: App interactions, user journey, feature usage statistics

Automatically Collected Information

Location Information

  • Precise Location: GPS coordinates when you enable location services
  • Approximate Location: General area based on IP address or network information
  • Location History: Places you've visited, restaurants you've checked into

Usage Analytics

  • App Performance: Loading times, crash reports, error logs
  • User Behavior: Pages visited, features used, time spent on different sections
  • Device Performance: Battery usage, network connectivity, device specifications

Cookies and Tracking Technologies

  • Essential Cookies: Required for basic app functionality
  • Analytics Cookies: Help us understand how users interact with our Service
  • Marketing Cookies: Used to deliver relevant advertisements
  • Preference Cookies: Remember your settings and preferences

How We Use Your Information

Service Provision

  • Account Management: Create and maintain your user account
  • Restaurant Discovery: Show you relevant restaurants based on your preferences and location
  • Reservation Management: Process and manage your restaurant reservations
  • Social Features: Enable interactions with other users, reviews, and content sharing
  • Payment Processing: Process payments for reservations, subscriptions, and premium features

Personalization and Recommendations

  • Customized Content: Provide personalized restaurant recommendations
  • Targeted Search Results: Show relevant restaurants based on your preferences
  • Location-Based Services: Display nearby restaurants and location-specific content
  • Preference Learning: Improve recommendations based on your usage patterns

Communication

  • Service Updates: Send important updates about your account or reservations
  • Marketing Communications: Send promotional offers, new feature announcements (with your consent)
  • Customer Support: Respond to your inquiries and provide technical support
  • Push Notifications: Send location-based alerts, reservation reminders, and social notifications

Analytics and Improvement

  • Service Enhancement: Analyze usage patterns to improve our Service
  • Feature Development: Understand which features are most valuable to users
  • Performance Monitoring: Monitor app performance and identify issues
  • User Experience Optimization: Improve user interface and user experience

Legal and Safety

  • Compliance: Comply with applicable laws and regulations
  • Safety and Security: Protect against fraud, abuse, and security threats
  • Dispute Resolution: Resolve disputes and enforce our terms of service
  • Legal Requests: Respond to legal requests from authorities

Information Sharing and Disclosure

With Your Consent

We may share your information with your explicit consent for specific purposes, such as:

  • Sharing your reviews or posts with other users
  • Connecting your account with social media platforms
  • Participating in promotional campaigns

Service Providers

We share information with trusted third-party service providers who assist us in operating our Service:

Payment Processors

  • Stripe: Process payments and manage subscription billing
  • Data Shared: Payment information, billing address, transaction history
  • Purpose: Secure payment processing and subscription management

Cloud Services

  • AWS (Amazon Web Services): Host our servers and databases
  • Data Shared: All user data stored securely in encrypted databases
  • Purpose: Reliable hosting and data storage

Analytics Services

  • Google Analytics: Analyze app usage and user behavior
  • Firebase: App performance monitoring and crash reporting
  • Data Shared: Usage statistics, device information, app performance data
  • Purpose: Improve app performance and user experience

Communication Services

  • Brevo (Email Service): Send transactional and marketing emails
  • Firebase Push Notifications: Send push notifications to mobile devices
  • Data Shared: Email addresses, device tokens, notification preferences
  • Purpose: Reliable communication delivery

Location Services

  • Google Maps API: Provide map functionality and location services
  • Data Shared: Location coordinates, search queries, map interactions
  • Purpose: Accurate location-based services

Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity, subject to the same privacy protections.

Legal Requirements

We may disclose your information if required by law or in response to:

  • Valid legal requests from government authorities
  • Court orders or subpoenas
  • Legal proceedings where disclosure is necessary
  • Protection of our rights, property, or safety

Safety and Security

We may share information to:

  • Prevent fraud and abuse
  • Protect against security threats
  • Investigate suspicious activities
  • Enforce our terms of service

Data Security

Security Measures

We implement comprehensive security measures to protect your information:

Technical Safeguards

  • Encryption: All data is encrypted in transit and at rest using industry-standard encryption
  • Secure Servers: Data is stored on secure, monitored servers with restricted access
  • Access Controls: Strict access controls limit who can view your personal information
  • Regular Audits: Regular security audits and vulnerability assessments

Administrative Safeguards

  • Employee Training: Staff are trained on data protection and privacy practices
  • Data Minimization: We only collect and retain information necessary for our services
  • Incident Response: Comprehensive incident response procedures for data breaches
  • Privacy by Design: Privacy considerations are built into all new features

Physical Safeguards

  • Secure Facilities: Data centers are physically secured with multiple layers of protection
  • Environmental Controls: Climate control and fire suppression systems protect hardware
  • Access Logging: All physical access to data centers is logged and monitored

Data Breach Response

In the unlikely event of a data breach, we will:

  • Notify affected users within 72 hours of discovery
  • Report the breach to relevant authorities as required by law
  • Provide guidance on protective measures users can take
  • Conduct a thorough investigation and implement additional safeguards

Your Rights and Choices

Access and Portability

  • View Your Data: Access all personal information we have about you
  • Data Export: Request a copy of your data in a portable format
  • Account Information: Update your account information at any time

Correction and Updates

  • Profile Updates: Modify your profile information, preferences, and settings
  • Contact Information: Update your email address, phone number, and other contact details
  • Location Settings: Adjust your location sharing preferences

Deletion and Deactivation

  • Account Deletion: Request complete deletion of your account and associated data
  • Data Retention: Understand our data retention policies and request data deletion
  • Opt-Out: Opt out of marketing communications while maintaining account functionality

Privacy Controls

  • Location Services: Control when and how we access your location
  • Push Notifications: Manage notification preferences for different types of alerts
  • Marketing Communications: Opt in or out of promotional emails and messages
  • Social Features: Control visibility of your profile and content to other users

California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

  • Right to Know: Request information about personal information collected and shared
  • Right to Delete: Request deletion of personal information
  • Right to Opt-Out: Opt out of the sale of personal information (we do not sell personal information)
  • Right to Non-Discrimination: Exercise privacy rights without discrimination

European Privacy Rights (GDPR)

If you are in the European Union, you have additional rights:

  • Right of Access: Request access to your personal data
  • Right to Rectification: Correct inaccurate personal data
  • Right to Erasure: Request deletion of personal data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we process your personal data
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing of personal data for marketing purposes

Data Retention

Retention Periods

We retain your information for different periods depending on the type of data:

Account Information

  • Active Accounts: Retained while your account is active
  • Inactive Accounts: Deleted after 3 years of inactivity
  • Deleted Accounts: Permanently deleted within 30 days of deletion request

Transaction Data

  • Payment Records: Retained for 7 years for accounting and tax purposes
  • Reservation History: Retained for 2 years for customer service purposes
  • Review Data: Retained indefinitely unless you request deletion

Analytics Data

  • Usage Statistics: Aggregated and anonymized data retained indefinitely
  • Personal Analytics: Deleted after 2 years or upon account deletion

Legal Requirements

Some data may be retained longer if required by law or for legitimate business purposes such as:

  • Fraud prevention
  • Legal compliance
  • Dispute resolution
  • Security purposes

Children's Privacy

Age Restrictions

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13.

Parental Controls

If you are a parent or guardian and believe your child has provided personal information to us, please contact us immediately. We will take steps to delete such information from our systems.

Age Verification

We may implement age verification measures to ensure compliance with children's privacy laws.

International Data Transfers

Global Operations

Let's Brunch operates globally, and your information may be transferred to and processed in countries other than your own.

Adequate Protection

When transferring data internationally, we ensure adequate protection through:

  • Standard Contractual Clauses: EU-approved contractual clauses for data transfers
  • Adequacy Decisions: Transfers to countries with adequate data protection
  • Certification Schemes: Participation in recognized privacy certification programs

Your Rights

Regardless of where your data is processed, you retain all privacy rights outlined in this policy.

Third-Party Services

Integrated Services

Our Service integrates with various third-party services:

Social Media Platforms

  • Facebook, Instagram, Twitter: Social login and content sharing
  • Data Shared: Profile information, social connections, content preferences
  • Your Control: Manage permissions through your social media account settings

Payment Services

  • Stripe, PayPal: Payment processing and subscription management
  • Data Shared: Payment information, transaction history, billing details
  • Security: All payment data is encrypted and processed securely

Maps and Location

  • Google Maps, Apple Maps: Location services and mapping functionality
  • Data Shared: Location coordinates, search queries, route information
  • Privacy: Location data is only shared when necessary for service functionality

Third-Party Policies

These third-party services have their own privacy policies. We encourage you to review their policies to understand how they handle your information.

Marketing and Advertising

Personalized Advertising

We may use your information to provide personalized advertisements:

  • Interest-Based Ads: Ads based on your preferences and behavior
  • Location-Based Ads: Ads relevant to your current or frequent locations
  • Retargeting: Ads for restaurants you've viewed or interacted with

Advertising Partners

We work with advertising partners who may collect information about you:

  • Ad Networks: Third-party advertising networks
  • Analytics Providers: Services that analyze ad performance
  • Social Media Platforms: Advertising on social media platforms

Your Choices

You can control advertising preferences:

  • Opt-Out Tools: Use industry opt-out tools for interest-based advertising
  • Device Settings: Adjust ad tracking settings on your device
  • Account Settings: Manage advertising preferences in your account

Changes to This Privacy Policy

Policy Updates

We may update this Privacy Policy from time to time to reflect:

  • Changes in our data practices
  • New features or services
  • Legal or regulatory requirements
  • Industry best practices

Notification Methods

We will notify you of significant changes through:

  • In-App Notifications: Prominent notifications within the app
  • Email Notifications: Email alerts to your registered email address
  • Website Updates: Updates posted on our website
  • Effective Date: Clear indication of when changes take effect

Your Continued Use

Continued use of our Service after changes to this Privacy Policy constitutes acceptance of the updated policy.

Contact Information

Privacy Questions

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: contact@letsbrunchusa.com
Address: Let's Brunch Privacy Team
123 Restaurant Row
Culinary City, CC 12345
United States

Data Protection Officer

For EU residents, you can contact our Data Protection Officer: Email: contact@letsbrunchusa.com

Response Time

We will respond to your privacy inquiries within 30 days of receipt.

Legal Basis for Processing (GDPR)

Lawful Bases

We process your personal data based on the following lawful bases:

Consent

  • Marketing communications
  • Location tracking
  • Social features
  • Analytics and profiling

Contract Performance

  • Account creation and management
  • Reservation processing
  • Payment processing
  • Customer support

Legitimate Interests

  • Service improvement and development
  • Fraud prevention and security
  • Analytics and research
  • Business operations

Legal Obligation

  • Compliance with applicable laws
  • Tax and accounting requirements
  • Legal requests from authorities

Withdrawal of Consent

You can withdraw consent at any time by:

  • Updating your account preferences
  • Contacting our support team
  • Using opt-out mechanisms provided

Special Categories of Data

Sensitive Information

We may process special categories of personal data with appropriate safeguards:

Health Information

  • Dietary Restrictions: Food allergies and dietary preferences
  • Accessibility Needs: Information about accessibility requirements
  • Purpose: Provide appropriate restaurant recommendations and accommodations

Biometric Data

  • Profile Photos: Facial images in profile pictures
  • Purpose: User identification and social features
  • Protection: Encrypted storage and limited access

Additional Protections

Special categories of data receive additional protection:

  • Explicit Consent: Clear consent for processing sensitive data
  • Purpose Limitation: Processing only for specified purposes
  • Data Minimization: Collecting only necessary sensitive information
  • Enhanced Security: Additional security measures for sensitive data

Data Processing Activities

Detailed Processing Information

User Registration and Authentication

  • Data Processed: Name, email, phone, password (hashed)
  • Purpose: Account creation and user authentication
  • Retention: Duration of account plus 3 years
  • Legal Basis: Contract performance

Location Services

  • Data Processed: GPS coordinates, location history, search queries
  • Purpose: Restaurant discovery and location-based recommendations
  • Retention: 2 years or until account deletion
  • Legal Basis: Consent and legitimate interests

Payment Processing

  • Data Processed: Payment method details, billing address, transaction history
  • Purpose: Processing payments and managing subscriptions
  • Retention: 7 years for accounting purposes
  • Legal Basis: Contract performance and legal obligation

Social Features

  • Data Processed: Reviews, ratings, posts, social connections
  • Purpose: Enabling social interactions and content sharing
  • Retention: Indefinitely unless deleted by user
  • Legal Basis: Consent

Analytics and Improvement

  • Data Processed: Usage patterns, feature interactions, performance data
  • Purpose: Service improvement and feature development
  • Retention: Aggregated data retained indefinitely
  • Legal Basis: Legitimate interests

Compliance and Certifications

Industry Standards

We comply with industry standards and best practices:

  • SOC 2 Type II: Security, availability, and confidentiality controls
  • ISO 27001: Information security management system
  • PCI DSS: Payment card industry data security standards

Privacy Frameworks

We follow established privacy frameworks:

  • Privacy by Design: Privacy considerations built into all systems
  • Data Protection Impact Assessments: Regular assessments of data processing activities
  • Privacy Training: Regular training for all employees on privacy practices

Regular Audits

We conduct regular audits to ensure compliance:

  • Internal Audits: Quarterly internal privacy and security audits
  • External Audits: Annual third-party security and privacy audits
  • Penetration Testing: Regular security testing of our systems

Your Privacy Rights - Detailed

Right to Access

You have the right to request:

  • Confirmation that we process your personal data
  • Access to your personal data
  • Information about how we use your data
  • Information about data sharing and transfers

Right to Rectification

You can request correction of:

  • Inaccurate personal data
  • Incomplete personal data
  • Outdated information

Right to Erasure

You can request deletion when:

  • Data is no longer necessary for its original purpose
  • You withdraw consent and there's no other legal basis
  • Data has been unlawfully processed
  • Data must be erased for legal compliance

Right to Restrict Processing

You can request restriction when:

  • You contest the accuracy of data
  • Processing is unlawful but you prefer restriction to deletion
  • We no longer need the data but you need it for legal claims
  • You object to processing pending verification

Right to Data Portability

You can request:

  • Your data in a structured, commonly used format
  • Direct transfer to another service provider (where technically feasible)
  • Data you provided to us based on consent or contract

Right to Object

You can object to processing:

  • For direct marketing purposes
  • Based on legitimate interests
  • For research or statistical purposes

Automated Decision Making

Algorithmic Processing

We use automated systems for:

  • Restaurant Recommendations: Based on preferences and behavior
  • Content Moderation: Automated detection of inappropriate content
  • Fraud Detection: Automated identification of suspicious activities
  • Personalized Experiences: Customized user interfaces and content

Your Rights

You have the right to:

  • Human Review: Request human review of automated decisions
  • Explanation: Receive explanation of automated decision-making
  • Objection: Object to automated processing
  • Correction: Request correction of automated decisions

Transparency

We provide transparency about:

  • Algorithmic Systems: How our recommendation systems work
  • Decision Factors: What factors influence automated decisions
  • Accuracy Measures: How we measure and improve accuracy
  • Bias Mitigation: Steps we take to prevent algorithmic bias

Data Breach Procedures

Incident Response

In case of a data breach, we will:

Immediate Response (0-24 hours)

  • Contain the breach and prevent further unauthorized access
  • Assess the scope and impact of the breach
  • Notify relevant internal teams and authorities
  • Begin investigation and documentation

Notification Phase (24-72 hours)

  • Notify affected users within 72 hours
  • Report to relevant data protection authorities
  • Provide guidance on protective measures
  • Establish communication channels for affected users

Recovery Phase (72+ hours)

  • Implement additional security measures
  • Conduct thorough investigation
  • Provide regular updates to affected users
  • Review and improve security procedures

User Notification

We will notify you of data breaches through:

  • Primary Method: Email to your registered email address
  • Secondary Method: In-app notification
  • Severe Breaches: Phone call for critical breaches
  • Public Disclosure: Website notice for widespread breaches

Contact Us

General Inquiries

For general questions about this Privacy Policy: Email: contact@letsbrunchusa
Address: Let's Brunch Privacy Team
123 Restaurant Row
Culinary City, CC 12345
United States

Data Protection Officer (EU)

For EU residents and GDPR-related inquiries: Email: contact@letsbrunchusa

Legal Requests

For legal matters and law enforcement requests: Email: contact@letsbrunchusa Address: Let's Brunch Legal Department
123 Restaurant Row
Culinary City, CC 12345
United States

Response Commitments

  • General Inquiries: Response within 5 business days
  • Privacy Rights Requests: Response within 30 days
  • Data Breach Notifications: Immediate notification for critical breaches
  • Legal Requests: Response within required legal timeframes

This Privacy Policy is effective as of October 11, 2025, and was last updated on October 11, 2025.

By using Let's Brunch, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.