Privacy Policy

Last updated: April 18, 2026

MapMeal is a personal map for restaurants you discover in social-media videos. This page explains what data we collect, why we collect it, and who we share it with. If anything here is unclear, email us — contact details at the bottom.

What MapMeal does

When you paste a TikTok, Instagram, or YouTube link, we extract the restaurant being featured and save it as a pin on your map. You can add notes, mark places as visited, and organize your collection. The data is yours; we store it so you can access it across devices.

What we collect

Email address — used to sign you in. We receive it from Google (if you sign in with Google) or from you directly (if you use the magic-link option). We don't use your email for marketing or share it with third parties.

Your name and avatar — if you sign in with Google, we receive and display your Google display name and profile picture. These are only shown in your own session (profile screen, avatar icon). If you sign in with email magic-link, we don't collect a name until you choose to add one.

Google account identifier (sub claim) — an opaque identifier Google gives us when you sign in. We use it to map your Google account to a user record. It's never displayed or shared.

Anonymous device cookie — if you save places before signing in, we set a mapmeal_device_id cookie so you can come back to those saves later. It's a SHA-256 hash of a random UUID, set only after you actively use the site. It carries no identifying information and is cleared when you clear cookies.

Saved places — the restaurants you save, your notes, favorite flags, visited dates. Visible only to you.

Payment info — if you subscribe to Pro, billing is handled entirely by Stripe. We receive a customer reference and subscription status; we never see your card details.

What we don't collect

  • Location data — the Map tab asks for your location permission to center the map on where you are. Your coordinates are used locally by the map library and never sent to our servers.
  • Analytics or ad identifiers — no Google Analytics, no Facebook Pixel, no tracking pixels, no IDFA / GAID collection.
  • Content from videos — we call the respective platform's public metadata (Open Graph tags, oEmbed) to pull the caption and restaurant name. We don't download or store the video itself.

Third-party services

  • Supabase — authentication and database. Privacy policy
  • Google Places — restaurant details, hours, photos, reviews. Privacy policy
  • Stripe — payment processing for the Pro plan. Privacy policy
  • Vercel — application hosting. Privacy policy
  • OpenAI — used only inside the extraction pipeline to identify the restaurant name from a video's caption. We send the caption text and the URL of the video; we don't send your identity. Privacy policy

Cookies

We set one cookie: mapmeal_device_id. It's strictly necessary for the app's anonymous-save functionality and is classified as a strictly-necessary cookie (no consent banner required under EU ePrivacy rules). We don't use advertising or analytics cookies.

Your rights

You can:

  • Export your data — email us and we'll send a JSON export of your saved places.
  • Delete your account — email us and we'll cascade-delete all your rows from Supabase and cancel any active Pro subscription via Stripe. Deletion is irreversible.
  • Correct or update your data — use the in-app editing controls (notes, favorites, visited dates) or email us if something's off we haven't exposed.

Data retention

Your saved places and profile live in our database until you delete your account. The anonymous device-ID cookie has a one-year expiry. Supabase runtime logs follow Supabase's retention policy (a few days by default).

International users

We serve users globally. If you're in the EU or UK, we rely on our third-party providers' standard data-processing agreements for the transfer of data outside the EEA. We do not currently have an EU representative under GDPR Article 27; we'll add one if our EU user count grows to the threshold where it's required.

Changes to this policy

We'll update the "Last updated" date at the top whenever we make changes. For material changes (new third-party services, new data categories), we'll also show a notice in-app the next time you sign in.

Contact

For anything in this policy, email taylor@baremetalcloud.com. Replies typically land within 1–2 business days.