SpotRate is a community for honest, independent food and drink ratings. This policy explains what personal information we collect when you use SpotRate, why we collect it, who we share it with, how long we keep it, and the choices and rights you have over your data. It applies to the SpotRate website and app at spotrate.app.
SpotRate is operated by [Legal entity name] ("SpotRate", "we", "us", or "our"), who is the data controller responsible for your personal information. If you have any questions about this policy or how we handle your data, contact us at [Privacy contact email].
1What we collect & why
We only collect what we need to run SpotRate. Here is everything we collect and the reason for each. We do not buy personal data about you, and we do not use your data to build advertising profiles.
Account & profile
Email address
Why To create and secure your account: it's your sign-in identifier for email/password signup and sign-in, password resets, and account verification. It's also used to send the transactional emails you've enabled (see notifications).
Where Held by our authentication provider and copied to your profile record the first time your profile is created.
Password
Why Your credential for email/password sign-in. Passwords are handled by our authentication provider (Supabase Auth) and are never stored in plain text by SpotRate. We never see your raw password.
Display name
Why Your public author name, shown on the ratings you post. You set it at signup and can edit it later from your profile (a short cooldown applies between changes).
Username / handle (permanent)
Why Your permanent public @handle. We check availability live while you choose it. Because other people and links may rely on it, it cannot be changed once set.
Google account identity (optional)
Why If you choose "Sign in with Google", Google shares your email, name, and basic profile with our authentication provider so we can create or recognise your account. You only share this if you use Google sign-in. See Third-party services for more.
Avatar / profile photo (optional)
Why An image you choose to upload (up to 2 MB) to personalise your profile. It is stored in a public storage bucket and shown publicly on your profile and ratings.
Bio (optional)
Why A short public profile bio (up to 200 characters) that you choose to write. Shown publicly on your profile.
Preferences
Why Your email-notifications preference (which controls whether we send you transactional emails), your onboarding/tour completion status, and your light/dark theme choice. Your theme choice is stored on your device, not on our servers (see Cookies & local storage).
The content you post
Ratings & the spots you rate
What When you rate a spot you provide: the spot's name, category, country, city/town, tags, meal/visit type and visit date; your five criteria scores plus the total (and any optional "help me score" sub-scores); optional dishes/drinks ordered; and optional free-text notes.
Why This is the core of SpotRate — it identifies and classifies each spot and produces its combined score. Ratings are permanent and publicly visible. Free-text notes may contain whatever you choose to type, so please don't include sensitive personal information there.
Rating photos (optional)
Why Up to four photos per rating. They are compressed in your browser (around 1.5 MB each) and stored in a public storage bucket; their URLs are attached to the rating and shown publicly (including as the cover photo).
Spot requests
What If you ask us to add a spot, we store the spot name, category, country, city/town, and an optional reason. You may also provide your name and email so we can let you know once the spot is rated.
Why So we can review and add the spot, and notify you when it's live. Your requester email is never shown publicly. If you're signed in and leave the email field blank, we use your account email as a fallback for this notification.
Technical & safety data
Error diagnostics
Why To find and fix bugs, we send error reports to our monitoring provider. When you're signed in, an error report may include your user ID only so we can correlate an error to an account. We deliberately strip out your email, username and IP address, and redact email-shaped text, before these reports are sent. See Third-party services.
Approximate location (country) at the network edge
Why Our hosting provider derives your country from your IP address at its network edge so we can apply regional access rules (see Service availability). This country signal is used in the moment and is not stored by SpotRate's own code.
Anti-bot signals
Why Our signup and spot-request forms include a hidden "honeypot" field and a simple form-timing check. These are used only to silently reject automated bots and are not stored.
Analytics
Why We use privacy-friendly, cookieless analytics to understand aggregate usage (for example, page views and a few high-level events such as a completed signup). This is designed to contain no personal information and sets no cookies. See Third-party services.
2How we use your data
We use the information above to:
- create, secure and operate your account, and authenticate you;
- publish your ratings, photos, profile and handle, and calculate combined spot scores;
- review and action spot requests, and notify you about them;
- send transactional emails you've enabled (for example, welcome, password reset, and "your requested spot has been rated") and operational alerts to our team;
- keep SpotRate working, debug errors, and protect the service against bots and abuse;
- understand aggregate, non-identifying usage to improve the product.
We do not sell your personal information, and we do not use it for third-party advertising or cross-context behavioural advertising.
Legal bases (where the UK/EU GDPR applies). We rely on: performance of a contract (running your account and publishing the content you submit); legitimate interests (keeping the service secure, debugging, preventing bot abuse, and basic aggregate analytics); consent (optional items you choose to provide, such as an avatar, bio, Google sign-in, or opting in to notifications — you can withdraw consent at any time); and compliance with legal obligations where applicable. The specific legal basis depends on the governing-law analysis still to be confirmed ([Governing law jurisdiction]).
3What's public
SpotRate is a public ratings platform. The following are visible to anyone, including people who aren't signed in, and may appear in search engines:
- your display name and permanent @handle;
- your avatar and bio (if you add them);
- every rating you post — including scores, the spot details, dishes/drinks, free-text notes, and photos.
The following are not shown publicly: your email address, your password, and the email/name you give when requesting a spot.
4Third-party services we use
We use a small number of trusted service providers ("processors") to run SpotRate. Each receives only the data it needs for its job. We don't sell data to any of them.
Supabase — authentication, database & file storage
Our primary backend. It stores your account email, password (securely hashed by Supabase Auth), display name, handle, avatar, bio and preferences; all of your rating content (spots, ratings, scores, notes, dishes, photos); spot requests including any requester name and email; and your authentication session tokens. Avatars and rating photos are kept in public storage buckets.
Processing location Hosted on Supabase infrastructure. [Supabase region — confirm] (the data-hosting region must be confirmed in the Supabase dashboard before publishing).
Resend — transactional email
Sends SpotRate's transactional emails on our behalf, server-side. Depending on the email, it receives the recipient's email address and the email's contents — which can include a requester or recipient name, spot name/category/location/country, a rater's email, a voter's name and vote type, or new-signup name/email, as well as internal admin alerts. Emails are sent from a SpotRate no-reply address.
Processing location Resend (United States). See International transfers.
Sentry — error monitoring
Receives client-side and edge-function error reports with stack traces, the release and environment, and — when you're signed in — your user ID only. Before sending, we delete email, username and IP address, strip request cookies and authorization headers, and redact email-shaped strings from messages and breadcrumbs.
Processing location Error events are sent to Sentry's US ingestion endpoint.
Plausible Analytics — privacy-friendly analytics
Provides cookieless, aggregate web analytics (page views and a few high-level custom events). It is designed to collect no personal information and to set no cookies; event properties are kept free of personal data.
Processing location Plausible (plausible.io).
Netlify — website hosting & edge
Hosts the SpotRate website and serves it through its global CDN. As with any web host, it processes standard request metadata (such as your IP address and browser user-agent). It also reads your country at the edge to apply regional access rules (see Service availability).
Processing location Netlify global edge/CDN.
Content delivery networks (jsDelivr & Cloudflare/cdnjs)
Serve third-party JavaScript libraries that SpotRate uses (such as the Supabase client library and a charting library). When your browser fetches these files, the CDN receives standard request metadata (IP address, user-agent, referrer). No SpotRate form data is sent to them.
Processing location Global CDN (jsDelivr / Cloudflare).
Bunny Fonts — web fonts
Serves the fonts used across SpotRate. When your browser loads a font, Bunny Fonts receives standard request metadata (IP address, user-agent, referrer). It is marketed as a GDPR-friendly, no-logging alternative to Google Fonts. SpotRate does not use Google Fonts.
Processing location fonts.bunny.net.
About Google
Google is involved in two limited ways. First, Google sign-in is an optional identity provider — only used if you choose it, in which case Google shares your basic profile with our authentication provider. Second, the "Maps" links on spot pages are ordinary outbound links to Google Maps that open only when you click them; SpotRate does not embed Google Maps or call it automatically in the background.
5International data transfers
SpotRate uses providers that may process data in countries other than the one you live in. In particular, our error-monitoring provider processes data in the United States, and our other providers (database/storage, email, analytics, fonts, CDNs and hosting) each process data in their own regions.
Where we transfer personal data internationally, we rely on appropriate safeguards (such as the providers' standard contractual clauses and equivalent mechanisms). The exact regions and safeguards for each provider — including the precise hosting region of our database ([Supabase region — confirm]) — must be confirmed before this policy is published. [Confirm each provider's processing region and transfer safeguard.]
6Cookies & local storage
SpotRate does not use tracking or advertising cookies, and our own code sets no cookies. Our analytics are cookieless. To make the app work, we store a few items in your browser's local storage on your device:
- Your sign-in session — your authentication tokens, kept by the Supabase client library so you stay signed in between visits.
- Theme preference (
sr-theme) — remembers your light/dark choice and avoids a flash of the wrong theme on load. - Install prompt flag (
sr_ios_install_shown) — remembers that we've already shown the iOS "Add to Home Screen" tip, so we only show it once.
You can clear local storage at any time through your browser settings (signing you out and resetting these preferences). Our hosting provider or other third parties may set their own operational cookies as part of delivering the site; [confirm any operational cookies set by Netlify/CDN/third parties and whether a cookie notice is required].
7Data retention & deletion
We keep your personal information for as long as your account is active, so that SpotRate works and your ratings remain available to the community.
Deleting your account
You can delete your account yourself at any time from the Danger Zone on your profile. Deleting your account permanently erases your account, ratings, uploaded photos, drafts, wishlist, avatar, and any spot requests you filed. There is no undo.
What may remain
After deletion, some data may persist briefly in routine backups before being overwritten, and limited records may be retained where we're required to for legal, security or fraud-prevention reasons. Aggregate, non-identifying analytics and already-sent error reports are not part of your account record.
8Your rights & choices
You have rights over your personal information. Depending on where you live, these include the right to:
- Access — ask for a copy of the personal data we hold about you. Much of it is already visible in your profile and ratings.
- Correct — update your display name, avatar, bio and notification preference at any time from your profile. (Your @handle is permanent and can't be changed.)
- Delete — erase your account and associated data yourself via the Danger Zone (see Data retention & deletion), or ask us to do it.
- Export / data portability — request a machine-readable copy of your data. A self-service data-export feature is planned; until then, contact us and we'll help.
- Object or restrict — object to, or ask us to restrict, certain processing.
- Withdraw consent — for anything you provided optionally (such as an avatar, bio, Google sign-in, or notifications), withdraw consent at any time. You can turn off transactional emails via your notification preference.
- Complain — lodge a complaint with your data-protection authority (see regional notes below).
To exercise any of these rights, email [Privacy contact email]. We may need to verify your identity first, and we'll respond within the timeframe required by applicable law.
9Children
SpotRate is not directed at children and is intended for adults. We do not knowingly collect personal information from children. [Confirm the minimum age for your jurisdiction(s) and state it here.] If you believe a child has provided us with personal data, contact us and we'll delete it.
10Australian Privacy Principles & GDPR notes
We aim to handle personal information consistently with the Australian Privacy Principles (APPs) and the EU/UK GDPR, as applicable to our users and operations.
Australia (APPs)
Where the APPs apply, you may access and seek correction of your personal information (APP 12 and 13), and we handle it in line with the openness and security principles. Some of your information may be disclosed to overseas recipients (our service providers — see Third-party services and International transfers), including in the United States and other regions.
UK / EU (GDPR)
Where the GDPR applies, you have the rights set out in Your rights & choices, we process data on the legal bases described in How we use your data, and you may complain to your local supervisory authority. Our data controller is [Legal entity name].
11Service availability by region
To reduce abuse, SpotRate is currently not available in some countries. Our hosting provider checks your approximate country at the network edge and may block access. This country signal is used only to allow or deny access in the moment and is not stored by SpotRate's own code. [Confirm whether to list the specific blocked countries here.]
12Changes to this policy
We may update this policy from time to time. When we do, we'll revise the "Last updated" date at the top, and for material changes we'll provide a more prominent notice where appropriate. Please check back periodically.
13Contact us
Questions, requests, or privacy concerns? Get in touch:
Data controller: [Legal entity name]
Privacy contact: [Privacy contact email]
This document was generated from a technical audit of SpotRate's data flows and is provided for review only. It is not legal advice. Replace every [bracketed] placeholder and complete a legal review before publishing.