Privacy Policy

Last Updated: October 21, 2025

Introduction

ExpensiveMeals ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services, including our AI-powered concierge booking service.

Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site or use our services.

Information We Collect

Personal Information

We may collect personal information that you voluntarily provide to us when you:

  • Register for an account
  • Use our AI concierge booking service
  • Subscribe to our newsletter
  • Contact us
  • Use our platform as a restaurant owner

Types of personal information collected:

  • Contact Information: Name, email address, phone number
  • Account Information: Username, password (encrypted), profile preferences
  • Booking Information: Restaurant preferences, party size, desired dining dates/times, budget preferences, dietary restrictions, special requests
  • Payment Information: Billing address, payment method details (processed securely through our payment processor)
  • Organization Information: Restaurant name, business details, staff information (for restaurant partners)
  • Communication Data: Messages, feedback, support requests

Automatically Collected Information

When you visit our website, we automatically collect certain information about your device and usage:

  • Device Information: IP address, browser type, operating system, device identifiers
  • Usage Data: Pages viewed, time spent on pages, click patterns, referral sources
  • Location Data: General geographic location (city/country level) based on IP address
  • Cookies and Tracking: See our Cookie Policy section below

How We Use Your Information

We use the information we collect to:

Provide and Improve Services

  • Process and confirm restaurant bookings through our AI concierge
  • Communicate booking confirmations, updates, and reminders
  • Facilitate communication between guests and restaurants
  • Manage user accounts and authentication
  • Provide customer support
  • Personalize your experience and recommendations

Business Operations

  • Process payments and manage subscriptions
  • Analyze usage patterns to improve our platform
  • Monitor and prevent fraud and abuse
  • Comply with legal obligations
  • Enforce our Terms of Service

Marketing and Communications

  • Send newsletters and promotional materials (with your consent)
  • Notify you about new features, services, or offers
  • Conduct surveys and gather feedback

You can opt out of marketing communications at any time by clicking the unsubscribe link in our emails or updating your account preferences.

Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), United Kingdom, and Switzerland, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to fulfill our services (e.g., booking confirmations)
  • Legitimate Interests: Improving our services, fraud prevention, security
  • Consent: Marketing communications, optional features
  • Legal Obligation: Compliance with applicable laws and regulations

How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

With Your Consent

  • Restaurants: When you make a booking, we share necessary details (name, party size, contact info, special requests) with the restaurant
  • Third-Party Services: With your explicit consent for specific features

Service Providers

We engage trusted third-party companies to perform functions on our behalf:

  • Payment Processors: Stripe, for secure payment processing
  • Email Services: For transactional and marketing emails
  • SMS Providers: Twilio, for booking notifications
  • Analytics: Google Analytics (anonymized), for usage insights
  • Cloud Infrastructure: AWS/Vercel, for hosting and data storage
  • AI Services: OpenAI, for concierge conversation processing

All service providers are bound by confidentiality agreements and may only use your information as instructed by us.

Legal Requirements

We may disclose your information if required by law or in response to:

  • Court orders or legal processes
  • Government or regulatory requests
  • Protection of our rights, property, or safety
  • Investigation of fraud, security issues, or violations of our Terms

Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal, tax, and accounting obligations
  • Resolve disputes and enforce our agreements

Retention Periods:

  • Account Data: Retained while your account is active, plus 3 years after account closure
  • Booking History: Retained for 7 years for business and tax purposes
  • Marketing Data: Retained until you unsubscribe or request deletion
  • Analytics Data: Anonymized and aggregated data may be retained indefinitely

You can request deletion of your data at any time (see Your Rights section below).

Data Security

We implement appropriate technical and organizational measures to protect your personal information:

  • Encryption: TLS/SSL encryption for data in transit; AES-256 encryption for data at rest
  • Access Controls: Role-based access; authentication required; regular access reviews
  • Monitoring: Continuous security monitoring and logging
  • Compliance: SOC 2 Type II compliant infrastructure
  • Employee Training: Regular security and privacy training for staff

Despite our safeguards, no method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Your Privacy Rights

Depending on your location, you may have the following rights:

All Users

  • Access: Request a copy of your personal data
  • Correction: Update inaccurate or incomplete information
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Opt-Out: Unsubscribe from marketing communications
  • Data Portability: Receive your data in a structured, machine-readable format

GDPR Rights (EEA, UK, Switzerland)

  • Right to Object: Object to processing based on legitimate interests
  • Right to Restrict: Request restriction of processing
  • Right to Withdraw Consent: Withdraw consent at any time (doesn't affect prior processing)
  • Right to Lodge a Complaint: File a complaint with your data protection authority

CCPA/CPRA Rights (California)

  • Know: Know what personal information we collect and how it's used
  • Delete: Request deletion of personal information
  • Opt-Out of Sale: We do not sell personal information
  • Non-Discrimination: You will not be discriminated against for exercising your rights

How to Exercise Your Rights

To exercise any of these rights, please:

  • Email: privacy@expensivemeals.com
  • Account Settings: Manage preferences in your account dashboard
  • Data Request Form: [Link to data request form]

We will respond to verified requests within 30 days (GDPR) or 45 days (CCPA).

Cookies and Tracking

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. We use cookies to:

  • Maintain your login session
  • Remember your preferences
  • Analyze site usage
  • Provide personalized content

Types of Cookies We Use

Essential Cookies (Required)

  • Authentication and security
  • Session management
  • Load balancing

Analytics Cookies (Optional)

  • Google Analytics (anonymized)
  • Usage statistics
  • Performance monitoring

Marketing Cookies (Optional)

  • Personalized content
  • Ad campaign tracking
  • Social media integration

Cookie Consent

When you first visit our site, we will ask for your consent to use optional cookies. You can:

  • Accept All: Allow all cookies
  • Reject Optional: Use essential cookies only
  • Customize: Choose specific cookie categories
  • Change Preferences: Update your choices anytime via the cookie banner or account settings

Do Not Track

We honor Do Not Track (DNT) signals. If your browser sends a DNT signal, we will not use optional tracking cookies.

Third-Party Links

Our website may contain links to third-party websites (e.g., restaurant websites, reservation systems). We are not responsible for the privacy practices of these sites. Please review their privacy policies before providing any information.

Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@expensivemeals.com.

International Data Transfers

Your information may be transferred to and processed in countries other than your own, including the United States. These countries may have different data protection laws.

We ensure adequate protection through:

  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Privacy Shield: (for U.S. transfers, where applicable)
  • Adequacy Decisions: Transfers only to countries deemed adequate by the EU Commission

California Privacy Rights (Shine the Light)

California residents may request information about our disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

  • Posting a notice on our website
  • Sending an email to your registered email address
  • Updating the "Last Updated" date at the top of this policy

Continued use of our services after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

ExpensiveMeals Privacy Team

  • Email: privacy@expensivemeals.com
  • Mail: [Physical Address]
  • Data Protection Officer: dpo@expensivemeals.com

For GDPR inquiries:

  • EU Representative: [EU contact details]

For CCPA inquiries:

  • California Agent: [California contact details]

We take your privacy seriously and will respond to all inquiries promptly.

This privacy policy is effective as of October 21, 2025 and was last updated on October 21, 2025.

Privacy Policy | ExpensiveMeals Marketplace