Privacy Policy

Last updated: 23 April 2026

LocalBite ("we", "us", "the app") is operated by LocalBite, based in Málaga, Spain. This policy explains what information the LocalBite iPhone app handles, where it goes, and the rights you have over it.

Our approach, in one sentence: we collect the minimum we need to run the app, we never sell data, and we don't build advertising profiles of you.

1. Information we do NOT collect

We do not ask for a name, email address, phone number, or any account registration.
We do not track your identity across apps or websites.
We do not sell or rent data to third parties for advertising.
We do not use analytics SDKs that profile you (no Facebook SDK, no AppsFlyer, no Mixpanel).

2. Information we do handle

a) Menu photos you scan. When you tap "Scan menu", the photo is sent to our secure proxy server (Cloudflare Worker) which forwards it to Google Gemini for text extraction and translation. The photo is not stored on our servers — it passes through, gets processed, and the result (extracted dishes) is returned to your phone.

b) Device identifier. The app generates a random UUID on first launch and stores it on your device (using iOS AsyncStorage). This identifier is sent with each menu scan in an HTTP header (X-Device-Id) so that our proxy can enforce a fair-use rate limit (20 scans per hour, per device). The UUID is not linked to your Apple ID, phone number, or any personal info. If you reinstall the app, a new UUID is generated.

c) Approximate location (if you allow it). If you grant location permission, the app uses your coordinates to show nearby restaurants. Location stays on your device; we do not send it to our servers or to any third party.

d) Saved favorites, collections, scan history. Dishes you favorite, collections you build, and your past scans are stored locally on your device (AsyncStorage). They are not uploaded anywhere. If you delete the app, this data is deleted with it.

3. Third-party services

Google Gemini (Google LLC) — processes menu photos to extract dish names, translations, and ingredients. Google's API terms and privacy policy apply to this processing. We send only the image and the extraction prompt; no personal data. See Google's privacy policy.
Cloudflare (Cloudflare, Inc.) — hosts the proxy that adds our API key server-side (so the key never ships in the app binary) and enforces rate limits. Cloudflare may log request metadata (IP, user agent) for security purposes per their standard practice. See Cloudflare's privacy policy.
Apple App Store — download, install and update the app. Apple's privacy terms apply to this distribution channel.

We do not use Facebook SDK, Google Analytics, AppsFlyer, Mixpanel, Segment, or any similar advertising/analytics SDK inside the app.

4. Data retention

Menu photos are not retained on our servers. The proxy processes them in memory and returns the result — nothing is written to disk. Google may apply its own retention rules to API requests as per its API terms.

Rate-limit counters (device UUID + request count) are stored in Cloudflare KV for up to 1 hour, then automatically deleted.

Data on your device (favorites, history, UUID) stays until you delete the app.

5. Your rights (GDPR + California)

Because we don't keep a server-side profile of you, there is very little data to exercise rights against — but you still have these rights under European GDPR and California's CCPA:

Right of access — ask what we have. Answer is almost always "nothing tied to a personal identifier."
Right to erasure — delete the app and all on-device data is gone. We don't need to delete anything server-side because there's nothing tied to you.
Right to object to processing — don't scan menus, don't grant location, and there is no processing.
Right to data portability — your favorites and scans are stored locally; you can export them by backing up your iPhone via iCloud or iTunes.
Right not to be sold (CCPA) — we don't sell data, so this is automatic.

To exercise any of these rights, email privacy@localbite.eu.

6. Children

LocalBite is not directed at children under 13. We do not knowingly collect any data from children under 13. If you believe a child has used the app and you want any associated data reviewed or removed, contact us.

7. Changes to this policy

If we update this policy, we will post the new version at localbite.eu/privacy.html and update the "Last updated" date above. Material changes will be highlighted in the app on first launch after the update.

8. Contact

Privacy questions or requests: privacy@localbite.eu. General support: hello@localbite.eu.

This policy is drafted to satisfy Apple App Store Review Guideline 5.1 (Privacy), GDPR Articles 12-22 (EU), and CCPA §1798.100-.130 (California). It is not a substitute for legal advice on your specific case, but for the app as described above it accurately describes how data is handled.