Last updated: [Last updated: DATE TO SET ON PUBLISH]
Draft for review. This policy is a working draft generated from a technical audit of SpotRate's data flows. It is not legal advice and must be reviewed and approved (including a legal check) before publication. Every [bracketed] placeholder below must be filled in first.

SpotRate is a community for honest, independent food and drink ratings. This policy explains what personal information we collect when you use SpotRate, why we collect it, who we share it with, how long we keep it, and the choices and rights you have over your data. It applies to the SpotRate website and app at spotrate.app.

SpotRate is operated by [Legal entity name] ("SpotRate", "we", "us", or "our"), who is the data controller responsible for your personal information. If you have any questions about this policy or how we handle your data, contact us at [Privacy contact email].


1What we collect & why

We only collect what we need to run SpotRate. Here is everything we collect and the reason for each. We do not buy personal data about you, and we do not use your data to build advertising profiles.

Account & profile

Email address

Why To create and secure your account: it's your sign-in identifier for email/password signup and sign-in, password resets, and account verification. It's also used to send the transactional emails you've enabled (see notifications).

Where Held by our authentication provider and copied to your profile record the first time your profile is created.

Password

Why Your credential for email/password sign-in. Passwords are handled by our authentication provider (Supabase Auth) and are never stored in plain text by SpotRate. We never see your raw password.

Display name

Why Your public author name, shown on the ratings you post. You set it at signup and can edit it later from your profile (a short cooldown applies between changes).

Username / handle (permanent)

Why Your permanent public @handle. We check availability live while you choose it. Because other people and links may rely on it, it cannot be changed once set.

Google account identity (optional)

Why If you choose "Sign in with Google", Google shares your email, name, and basic profile with our authentication provider so we can create or recognise your account. You only share this if you use Google sign-in. See Third-party services for more.

Avatar / profile photo (optional)

Why An image you choose to upload (up to 2 MB) to personalise your profile. It is stored in a public storage bucket and shown publicly on your profile and ratings.

Bio (optional)

Why A short public profile bio (up to 200 characters) that you choose to write. Shown publicly on your profile.

Preferences

Why Your email-notifications preference (which controls whether we send you transactional emails), your onboarding/tour completion status, and your light/dark theme choice. Your theme choice is stored on your device, not on our servers (see Cookies & local storage).

The content you post

Ratings & the spots you rate

What When you rate a spot you provide: the spot's name, category, country, city/town, tags, meal/visit type and visit date; your five criteria scores plus the total (and any optional "help me score" sub-scores); optional dishes/drinks ordered; and optional free-text notes.

Why This is the core of SpotRate — it identifies and classifies each spot and produces its combined score. Ratings are permanent and publicly visible. Free-text notes may contain whatever you choose to type, so please don't include sensitive personal information there.

Rating photos (optional)

Why Up to four photos per rating. They are compressed in your browser (around 1.5 MB each) and stored in a public storage bucket; their URLs are attached to the rating and shown publicly (including as the cover photo).

Spot requests

What If you ask us to add a spot, we store the spot name, category, country, city/town, and an optional reason. You may also provide your name and email so we can let you know once the spot is rated.

Why So we can review and add the spot, and notify you when it's live. Your requester email is never shown publicly. If you're signed in and leave the email field blank, we use your account email as a fallback for this notification.

Technical & safety data

Error diagnostics

Why To find and fix bugs, we send error reports to our monitoring provider. When you're signed in, an error report may include your user ID only so we can correlate an error to an account. We deliberately strip out your email, username and IP address, and redact email-shaped text, before these reports are sent. See Third-party services.

Approximate location (country) at the network edge

Why Our hosting provider derives your country from your IP address at its network edge so we can apply regional access rules (see Service availability). This country signal is used in the moment and is not stored by SpotRate's own code.

Anti-bot signals

Why Our signup and spot-request forms include a hidden "honeypot" field and a simple form-timing check. These are used only to silently reject automated bots and are not stored.

Analytics

Why We use privacy-friendly, cookieless analytics to understand aggregate usage (for example, page views and a few high-level events such as a completed signup). This is designed to contain no personal information and sets no cookies. See Third-party services.

2How we use your data

We use the information above to:

We do not sell your personal information, and we do not use it for third-party advertising or cross-context behavioural advertising.

Legal bases (where the UK/EU GDPR applies). We rely on: performance of a contract (running your account and publishing the content you submit); legitimate interests (keeping the service secure, debugging, preventing bot abuse, and basic aggregate analytics); consent (optional items you choose to provide, such as an avatar, bio, Google sign-in, or opting in to notifications — you can withdraw consent at any time); and compliance with legal obligations where applicable. The specific legal basis depends on the governing-law analysis still to be confirmed ([Governing law jurisdiction]).

3What's public

SpotRate is a public ratings platform. The following are visible to anyone, including people who aren't signed in, and may appear in search engines:

The following are not shown publicly: your email address, your password, and the email/name you give when requesting a spot.

Please treat anything you put into a rating, note, bio, display name or photo as public and permanent. Don't include information you wouldn't want shared — once a rating is public it contributes to a spot's combined score.

4Third-party services we use

We use a small number of trusted service providers ("processors") to run SpotRate. Each receives only the data it needs for its job. We don't sell data to any of them.

Supabase — authentication, database & file storage

Our primary backend. It stores your account email, password (securely hashed by Supabase Auth), display name, handle, avatar, bio and preferences; all of your rating content (spots, ratings, scores, notes, dishes, photos); spot requests including any requester name and email; and your authentication session tokens. Avatars and rating photos are kept in public storage buckets.

Processing location Hosted on Supabase infrastructure. [Supabase region — confirm] (the data-hosting region must be confirmed in the Supabase dashboard before publishing).

Resend — transactional email

Sends SpotRate's transactional emails on our behalf, server-side. Depending on the email, it receives the recipient's email address and the email's contents — which can include a requester or recipient name, spot name/category/location/country, a rater's email, a voter's name and vote type, or new-signup name/email, as well as internal admin alerts. Emails are sent from a SpotRate no-reply address.

Processing location Resend (United States). See International transfers.

Sentry — error monitoring

Receives client-side and edge-function error reports with stack traces, the release and environment, and — when you're signed in — your user ID only. Before sending, we delete email, username and IP address, strip request cookies and authorization headers, and redact email-shaped strings from messages and breadcrumbs.

Processing location Error events are sent to Sentry's US ingestion endpoint.

Plausible Analytics — privacy-friendly analytics

Provides cookieless, aggregate web analytics (page views and a few high-level custom events). It is designed to collect no personal information and to set no cookies; event properties are kept free of personal data.

Processing location Plausible (plausible.io).

Netlify — website hosting & edge

Hosts the SpotRate website and serves it through its global CDN. As with any web host, it processes standard request metadata (such as your IP address and browser user-agent). It also reads your country at the edge to apply regional access rules (see Service availability).

Processing location Netlify global edge/CDN.

Content delivery networks (jsDelivr & Cloudflare/cdnjs)

Serve third-party JavaScript libraries that SpotRate uses (such as the Supabase client library and a charting library). When your browser fetches these files, the CDN receives standard request metadata (IP address, user-agent, referrer). No SpotRate form data is sent to them.

Processing location Global CDN (jsDelivr / Cloudflare).

Bunny Fonts — web fonts

Serves the fonts used across SpotRate. When your browser loads a font, Bunny Fonts receives standard request metadata (IP address, user-agent, referrer). It is marketed as a GDPR-friendly, no-logging alternative to Google Fonts. SpotRate does not use Google Fonts.

Processing location fonts.bunny.net.

About Google

Google is involved in two limited ways. First, Google sign-in is an optional identity provider — only used if you choose it, in which case Google shares your basic profile with our authentication provider. Second, the "Maps" links on spot pages are ordinary outbound links to Google Maps that open only when you click them; SpotRate does not embed Google Maps or call it automatically in the background.

We aim to have appropriate data-processing terms in place with each provider. [Confirm a data-processing agreement (DPA) is in place with each processor and that the list above is complete and current.]

5International data transfers

SpotRate uses providers that may process data in countries other than the one you live in. In particular, our error-monitoring provider processes data in the United States, and our other providers (database/storage, email, analytics, fonts, CDNs and hosting) each process data in their own regions.

Where we transfer personal data internationally, we rely on appropriate safeguards (such as the providers' standard contractual clauses and equivalent mechanisms). The exact regions and safeguards for each provider — including the precise hosting region of our database ([Supabase region — confirm]) — must be confirmed before this policy is published. [Confirm each provider's processing region and transfer safeguard.]

6Cookies & local storage

SpotRate does not use tracking or advertising cookies, and our own code sets no cookies. Our analytics are cookieless. To make the app work, we store a few items in your browser's local storage on your device:

You can clear local storage at any time through your browser settings (signing you out and resetting these preferences). Our hosting provider or other third parties may set their own operational cookies as part of delivering the site; [confirm any operational cookies set by Netlify/CDN/third parties and whether a cookie notice is required].

7Data retention & deletion

We keep your personal information for as long as your account is active, so that SpotRate works and your ratings remain available to the community.

Deleting your account

You can delete your account yourself at any time from the Danger Zone on your profile. Deleting your account permanently erases your account, ratings, uploaded photos, drafts, wishlist, avatar, and any spot requests you filed. There is no undo.

What may remain

After deletion, some data may persist briefly in routine backups before being overwritten, and limited records may be retained where we're required to for legal, security or fraud-prevention reasons. Aggregate, non-identifying analytics and already-sent error reports are not part of your account record.

Retention periods to confirm. Specific retention schedules are not yet defined — for example, how long we keep spot requests and requester emails, error-monitoring events, and analytics. [Define and state concrete retention periods before publishing.]

8Your rights & choices

You have rights over your personal information. Depending on where you live, these include the right to:

To exercise any of these rights, email [Privacy contact email]. We may need to verify your identity first, and we'll respond within the timeframe required by applicable law.

9Children

SpotRate is not directed at children and is intended for adults. We do not knowingly collect personal information from children. [Confirm the minimum age for your jurisdiction(s) and state it here.] If you believe a child has provided us with personal data, contact us and we'll delete it.

10Australian Privacy Principles & GDPR notes

We aim to handle personal information consistently with the Australian Privacy Principles (APPs) and the EU/UK GDPR, as applicable to our users and operations.

Australia (APPs)

Where the APPs apply, you may access and seek correction of your personal information (APP 12 and 13), and we handle it in line with the openness and security principles. Some of your information may be disclosed to overseas recipients (our service providers — see Third-party services and International transfers), including in the United States and other regions.

UK / EU (GDPR)

Where the GDPR applies, you have the rights set out in Your rights & choices, we process data on the legal bases described in How we use your data, and you may complain to your local supervisory authority. Our data controller is [Legal entity name].

The precise regulatory regime that governs SpotRate (for example UK GDPR, EU GDPR, the Australian Privacy Act/APPs, or another) depends on our legal entity's location and our users, and is still to be confirmed: [Governing law jurisdiction]. This section will be finalised on legal review. We make no claim to hold any certification or formal compliance status we have not actually obtained.

11Service availability by region

To reduce abuse, SpotRate is currently not available in some countries. Our hosting provider checks your approximate country at the network edge and may block access. This country signal is used only to allow or deny access in the moment and is not stored by SpotRate's own code. [Confirm whether to list the specific blocked countries here.]

12Changes to this policy

We may update this policy from time to time. When we do, we'll revise the "Last updated" date at the top, and for material changes we'll provide a more prominent notice where appropriate. Please check back periodically.

13Contact us

Questions, requests, or privacy concerns? Get in touch:

Data controller: [Legal entity name]

Privacy contact: [Privacy contact email]

This document was generated from a technical audit of SpotRate's data flows and is provided for review only. It is not legal advice. Replace every [bracketed] placeholder and complete a legal review before publishing.