Privacy Policy
Last updated: 5 June 2026
Introduction
FlavorQueste ("FlavorQueste", "we", "us", or "our") is a restaurant discovery and management platform. Consumers use FlavorQueste to discover restaurants, leave reviews, save and like places, earn rewards, and make reservations; restaurants use it to manage their menu, reservations, events, guests, and marketing. This Privacy Policy explains what personal data we collect, how and why we use it, who we share it with, how long we keep it, and the rights you have over it.
This Policy is written to comply with the EU General Data Protection Regulation (GDPR) and equivalent data protection laws. Where you access FlavorQueste from another country, additional local rights may also apply to you.
Who We Are (Data Controller)
The data controller responsible for your personal data is FlavorQueste, trading as FlavorQueste. You can reach us regarding any privacy matter at [email protected].
Where a restaurant uses FlavorQueste to manage its own guests, reservations, and marketing, that restaurant acts as an independent data controller for the guest data it collects, and FlavorQueste acts as its data processor. This Policy covers FlavorQueste's own processing; a restaurant's use of your data is governed by that restaurant's own privacy practices.
Information We Collect
We collect the following categories of personal data, depending on how you use the Service:
- Account & profile data: name, username, email address, phone number, password (stored hashed), profile photo or avatar, bio, theme preference, and the identity provider you sign in with (e.g. Google) where you use social login.
- Preferences & personalization data: preferred cities, regions, cuisines and disliked cuisines, dietary restrictions and allergens, budget range, preferred occasions, party size, meal times, ambiences, service styles, accessibility needs, and other taste signals you provide during onboarding or in settings.
- Reservation & guest data: the first name, last name, email, phone number, party size, date, occasion, dietary restrictions, allergens, and any notes you provide when booking a reservation. Reservation details are shared with the restaurant you are booking with.
- Reviews, ratings & user content: the title, text, star ratings (overall, ambience, food, service, value), spend information, photos or videos, visit date, and party type you submit when reviewing a restaurant, including any revision history.
- Engagement data: restaurants you save, like, follow, or downvote (and any reason you give), reviews you mark helpful, collections you create and who you collaborate with, and tours or feature walkthroughs you complete.
- Rewards, points & referrals: points earned and redeemed, the actions that earned them, badges, streaks, leaderboard standing, reward redemptions (including voucher codes and fulfilment status), and referral activity linking you to people you refer or who referred you.
- Search & recommendation data: the search terms you enter, filters you apply, items you click, and records of which restaurants, events, or collections we recommended to you, in what position, and whether you interacted with them. We use this to power and improve tailored suggestions.
- AI assistant data: where you use our AI chat or assistant features, the messages you send and the responses generated, so we can provide and improve the feature.
- Location data: the approximate or precise location of your device (with your permission) and/or location inferred from your IP address, used to show nearby restaurants and relevant results. Restaurant and event locations are stored as geospatial coordinates to power proximity search.
- Device, notification & technical data: device type, operating system, app version, IP address, identifiers, push notification tokens (so we can deliver push notifications you have enabled), and diagnostic/crash data.
- Payment data: where you make or receive a payment, your payment is processed by our payment provider (Paystack). We receive limited transaction information (such as confirmation, amount, and a tokenized reference); we do not store your full card number.
- Communications data: messages you send us via the contact form or support, and email engagement data (whether marketing or transactional emails were delivered, opened, or clicked, and related technical metadata such as device, country, and IP). Restaurants you have opted in to may also send you marketing emails.
- Cookies & tracking data: see the Cookies & Similar Technologies section below.
How We Use Your Data & Legal Bases
Under the GDPR, we must have a lawful basis for each use of your personal data. We rely on the following:
- To provide the Service (performance of a contract): creating and managing your account, processing reservations, publishing your reviews, running collections, rewards, and referrals, and providing customer support.
- To personalize your experience (legitimate interests / consent): using your saves, likes, reservations, reviews, search activity, and preferences to tailor restaurant recommendations. You can turn personalization off at any time in Settings → Privacy.
- To improve and secure the Service (legitimate interests): analytics, measuring feature performance, debugging, fraud and abuse prevention, and keeping the platform safe and reliable.
- To communicate with you (contract / legitimate interests / consent): sending transactional messages (e.g. reservation confirmations, verification, account notices) on the basis of our contract with you, and sending marketing communications where you have consented or where permitted by law. You can opt out of marketing at any time.
- To comply with the law (legal obligation): meeting tax, accounting, regulatory, and law-enforcement requirements.
- With your consent: for analytics cookies, device location, push notifications, and any processing where we ask for your permission. You can withdraw consent at any time without affecting prior processing.
Personalization & Automated Processing
We use automated processing to rank and tailor the restaurants, events, and collections we show you. This ranking is based on signals such as the places you like and save, your reservations and reviews, your stated preferences, and your location. These suggestions do not produce legal or similarly significant effects about you. You can disable personalized recommendations at any time from Settings → Privacy, in which case we will show you non-personalized results.
Cookies & Similar Technologies
We use cookies and similar technologies to keep you signed in, remember your settings, and — with your consent — understand how the Service is used. When you first visit, our cookie banner lets you accept or reject optional cookies. You can change your choice at any time. We group cookies into:
- Strictly necessary (always on): authentication, session management, security, and core functionality. These are required for the Service to work and cannot be switched off.
- Analytics (optional, off until you consent): help us measure usage and improve the Service, via providers such as Amplitude and PostHog. We only enable these after you accept analytics cookies.
How We Share Your Data
We do not sell your personal data. We share it only as described below:
- With restaurants: when you make a reservation, leave a review, or otherwise interact with a restaurant, the relevant details (such as your reservation contact information or public review) are shared with that restaurant.
- With service providers (data processors): trusted third parties who process data on our behalf under contract and only on our instructions, including:
- Paystack — payment processing.
- Mailgun and Sender.net — transactional and marketing email delivery, newsletter subscriptions, and unsubscribe handling.
- Termii — SMS delivery where SMS notifications are available and enabled.
- Airtable and Slack — receiving, routing, and responding to contact, support, and demo requests.
- Amazon Web Services (S3) — cloud hosting and file storage (e.g. uploaded photos and avatars).
- Amplitude & PostHog — product analytics (only with your consent).
- Sentry — error monitoring and performance diagnostics.
- Typesense — search indexing.
- LaunchDarkly — feature flags and gradual rollouts.
- Trigger.dev — background jobs (e.g. sending emails, syncing data).
- OpenAI — powering AI assistant features where you use them.
- Authentication and identity providers (e.g. Google) — where you choose to sign in with them.
- For legal reasons: where required to comply with the law, respond to lawful requests, enforce our terms, or protect the rights, property, or safety of FlavorQueste, our users, or the public.
- Business transfers: in connection with a merger, acquisition, or sale of assets, in which case we will notify you and ensure your data remains protected.
International Data Transfers
Some of our service providers are located outside the European Economic Area (EEA), including in the United States. Where we transfer personal data outside the EEA, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses or an adequacy decision, so that your data continues to receive an equivalent level of protection. You can request a copy of the relevant safeguards by contacting us.
Data Retention
We keep your personal data only for as long as necessary for the purposes set out in this Policy:
- Account & profile data: for as long as your account is active. When you delete your account, we deactivate and anonymize it rather than keeping it in identifiable form — see "What Happens When You Delete Your Account" below for exactly what is removed and what is retained.
- Reservations, reviews & transactions: retained for the period required to provide the Service and to meet legal and accounting obligations.
- Search, recommendation & analytics data: retained for a limited period for personalization and product improvement, and may be aggregated or anonymized for longer-term analysis.
- Marketing & email engagement data: retained until you unsubscribe or object, plus a short period to honour suppression and unsubscribe requests.
What Happens When You Delete Your Account
You can delete your account at any time from Settings → Privacy. When you do, we do not erase everything outright. Specifically:
- Your account is deactivated and anonymized. We remove your login credentials and sign you out of all sessions immediately, scramble your email, username, and referral code, and flag the account as deleted so it can no longer be accessed or signed in to.
- Your activity and behavioral data is deleted. This includes your saves, likes, follows, downvotes, points, badges, streaks, reward balances, search and recommendation history, and push notification tokens.
- Your reviews are kept but anonymized. Reviews and ratings you have published remain visible to other users and to restaurants, because they form part of the community's shared record — but they are no longer shown under your name or photo (they appear as a deleted user).
- Your collections are made private. Collections you created are set to private and are no longer publicly visible.
- Reservation and guest records are retained by restaurants. Reservations you made and any guest profile a restaurant holds about you are kept by that restaurant for its own records and legal or accounting purposes, de-linked from your account.
- Limited data is retained where the law requires it, for example for tax, accounting, fraud-prevention, or dispute-resolution purposes.
If you would also like content that we retain in anonymized form — such as your reviews — to be fully removed, you can request this by emailing [email protected], and we will honour your request unless we are required or permitted by law to keep it.
Your Rights
Subject to applicable law, you have the right to:
- Access the personal data we hold about you, and request a copy.
- Rectify inaccurate or incomplete data.
- Erase your data ("right to be forgotten").
- Restrict or object to certain processing, including processing based on our legitimate interests and direct marketing.
- Data portability — receive your data in a structured, machine-readable format.
- Withdraw consent at any time where we rely on consent.
- Lodge a complaint with your local data protection supervisory authority.
You can exercise many of these rights directly in the app: go to Settings → Privacy to download a copy of your data, manage personalization, or delete your account. You can also email us at [email protected]. See our Data Deletion Instructions for more on removing your data. We will respond within the timeframes required by law.
Security of Data
We use technical and organizational measures to protect your personal data, including encryption in transit, hashed passwords, access controls, and signed URLs for stored files. No method of transmission or storage is completely secure, so we cannot guarantee absolute security, but we work continuously to protect your information and will notify you and the relevant authorities of any breach as required by law.
Children's Privacy
Our Service is not directed to children under the age of 13, and we do not knowingly collect personal data from them. Where the age of digital consent in your country is higher than 13 (up to 16 under the GDPR), users below that age may only use the Service with the consent of a parent or guardian. If you believe a child has provided us with personal data without appropriate consent, please contact us and we will delete it.
Links to Other Sites
Our Service may contain links to sites we do not operate, including restaurant websites. If you click a third-party link, you will be directed to that third party's site. We are not responsible for the privacy practices of those sites and encourage you to read their privacy policies.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will post the updated Policy on this page and revise the "Last updated" date above. Where changes are material, we will provide additional notice (for example, by email or an in-app notice).