Privacy Policy

QartBite Inc. ("QartBite," "we," "us," or "our") operates the QartBite platform, an AI-powered food vendor intelligence service accessible at qartbite.com. This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our website, mobile application, and related services (collectively, the "Services").

1. Information We Collect

We collect information to provide and improve our Services. The types of information we collect include:

a) Information You Provide

• Account Information: When you create an account, we collect your name, email address, and authentication credentials (via Google OAuth or email sign-up).
• Vendor Claims: If you are a food vendor claiming a profile, we collect business name, location, contact details, and menu information.
• Communications: When you contact us for support or provide feedback, we collect the content of those communications.
• Payment Information: Subscription payments are processed by our third-party payment processor (Paddle). We do not store your full credit card details.

b) Information Collected Automatically

• Usage Data: Pages viewed, search queries, vendors explored, features used, and interaction timestamps.
• Device Information: Browser type, operating system, device identifiers, screen resolution, and language preferences.
• Location Data: Approximate location based on IP address, and precise location if you grant permission for nearby vendor search.
• Log Data: IP addresses, access times, referring URLs, and error logs for debugging and security purposes.

c) Information from Third Parties

• Public Reviews: We aggregate publicly available reviews from third-party platforms (e.g., Google) to generate vendor safety and quality scores. These reviews are publicly posted content and are not considered private data.
• Authentication Providers: If you sign in using Google, we receive your name, email, and profile picture as authorized by your Google account settings.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: Deliver vendor search results, safety scores, quality metrics, and personalized recommendations.
• AI-Powered Analysis: Process public review data through our AI pipeline to extract 23 structured quality metrics, detect fraudulent reviews, and generate vendor scores.
• Improve Our Platform: Analyze usage patterns to enhance features, fix bugs, and optimize performance.
• Communications: Send service-related notifications, respond to inquiries, and provide customer support.
• Security & Fraud Prevention: Detect and prevent unauthorized access, abuse, and fraudulent activity on our platform.
• Legal Compliance: Comply with applicable laws, regulations, and legal obligations.

3. Information Sharing & Disclosure

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers: We work with trusted third-party providers who assist in operating our Services, including cloud hosting (Hetzner), payment processing (Paddle), error monitoring (Sentry), CDN (Cloudflare), and AI processing (Google Gemini). These providers are contractually bound to protect your data.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Safety & Rights Protection:We may share information to protect the safety of our users, enforce our Terms of Service, or protect QartBite's legal rights.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• Aggregated Data: We may share anonymized, aggregated data that cannot identify you (e.g., average vendor scores by neighborhood) for research or marketing purposes.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption of data in transit via TLS/SSL (enforced by Cloudflare)
• Secure authentication via OAuth 2.0 and session tokens
• Access controls and least-privilege principles for internal systems
• Regular security monitoring and error tracking
• Redis-based rate limiting to prevent abuse

5. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience:

• Essential Cookies: Required for authentication, session management, and core functionality. These cannot be disabled.
• Functional Cookies: Remember your preferences such as selected city, search filters, and display settings.
• Analytics Cookies: Help us understand how users interact with our Services so we can improve them. We use privacy-respecting analytics tools.

You can manage cookie preferences through your browser settings. Disabling certain cookies may limit functionality.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete personal data.
• Deletion: Request deletion of your personal data, subject to legal retention requirements.
• Data Portability: Request your data in a structured, machine-readable format.
• Opt-Out: Unsubscribe from marketing emails at any time using the link in our emails.
• Location Data: Revoke location permissions at any time through your device or browser settings.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.

7. International Data Transfers

Our Services operate globally with infrastructure in the European Union (Germany). If you access our Services from outside the EU, your information may be transferred to and processed in countries with different data protection laws. We ensure appropriate safeguards are in place for such transfers.

8. Children's Privacy

Our Services are not directed to children under 13 years of age. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without parental consent, we will delete it promptly. If you believe a child has provided us personal information, please contact us at [email protected].

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Services or via email. The "Effective Date" at the top of this page indicates when the policy was last revised. Your continued use of QartBite after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out: