Privacy Policy

Last updated: July 9, 2026

Food Loot (the "Service") is a restaurant review app, available as a mobile application and through this website, www.foodloot.app. This policy describes the data processed by the Service and the rights you have over it.

The short version: no ads, no ad-tech, no sale of data, no analytics on this website. Food Loot collects the minimum it needs to work — an optional account, the reviews and lists you choose to sync, and short-lived technical logs.

1. Who runs Food Loot

The Service is published by a private individual based in France. For any question about this policy or to exercise your rights, write to contact@foodloot.app.

2. Data we process

2.1 Account (optional)

Food Loot works without an account. If you create one — to sync your reviews and lists across devices — we process:

Your email address is used solely to operate the account: confirmation, sign-in, and password reset. It is never used for marketing and never shared.

2.2 Your content

Reviews, photos, and saved place lists are stored on your device first. When you are signed in, they are also synced to our servers so they can follow you across your devices. Review photos are stored under unguessable random identifiers. Your content stays yours — see the Terms of Use.

2.3 Location

The "around you" features send your approximate position to our servers to answer that one query (finding nearby places), only when you use them and only after you grant the system-level location permission. Your position is not stored in any profile and is not used to build any movement history; at most it transits the short-lived technical logs described below.

2.4 Technical logs

Like any online service, our servers automatically receive technical data (IP address, user agent, request paths, timestamps). These logs are kept for a maximum of 30 days, for security purposes only (abuse detection, attack prevention), and are then deleted automatically.

2.5 Crash reports

The app uses Sentry (Functional Software, Inc.), configured with its European Union data centre, to receive crash reports: device model, operating system version, and the technical state of the app at the moment of the crash. These reports are used exclusively to find and fix bugs, and are retained by Sentry for 90 days. See Sentry's privacy policy.

3. What we don't do

4. Where your data lives

The Service is hosted on a server operated by Scaleway (Online SAS) in the European Union. Transactional email (account confirmation, password reset) is sent through Infomaniak, a Swiss provider. Both are bound by data-processing terms consistent with the GDPR.

5. How long we keep data

6. Your rights

Under the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the right to access, rectify, and erase your data, and the rights to object to and restrict its processing, as well as a right to portability. To exercise any of these rights, contact contact@foodloot.app.

You also have the right to lodge a complaint with the French supervisory authority, the CNIL: www.cnil.fr.

7. Changes to this policy

This policy may evolve to reflect changes in the Service or in regulation. The date of the latest update appears at the top of this page.