1. Who We Are

NearEat ("we", "us", "our") is a Serbian-based company that operates the NearEat mobile application (Android & iOS) and the website near-eat.com. We act as the data controller for all personal data processed through these services.

Our servers are hosted in Germany (European Union), meaning your data benefits from EU-level data protection standards.

Data Protection contact: privacy@near-eat.com

2. Applicable Law

This policy complies with:

• Zakon o zaštiti podataka o ličnosti (ZZPL) — Sl. glasnik RS 87/2018 — the Serbian Law on Personal Data Protection, aligned with the EU General Data Protection Regulation (GDPR)
• General Data Protection Regulation (GDPR) — Regulation (EU) 2016/679, applicable to users in the EEA/UK
• California Consumer Privacy Act (CCPA) / CPRA — for California residents
• Apple App Store Guidelines — App Tracking Transparency (ATT) compliance for iOS users
• Google Play Data Safety — data disclosure requirements for Android

The supervisory authority for data protection in Serbia is the Poverenik za informacije od javnog značaja i zaštitu podataka o ličnosti (Commissioner for Information of Public Importance and Personal Data Protection).

3. What Data We Collect

Below is a complete and exhaustive list of every category of personal data we collect, derived directly from our application source code. We do not collect anything beyond what is listed here.

Category	Data	Legal Basis
Account	Username, email address, hashed password (PBKDF2-SHA256 with unique salt). For email/password registration only.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Social Sign-In	If you sign in with Google or Apple: your name, email, and the provider's unique user ID (Google sub / Apple sub). We store which provider you used (auth_provider) and validate the token server-side. We never store your Google/Apple password or access token.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Email Verification	A one-time verification token sent to your email after signup (email/password accounts). Expires after 24 hours. Social sign-in users (Google/Apple) are auto-verified because the provider guarantees email ownership.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Profile	Bio (up to 500 characters), avatar image (resized to max 512px, JPEG), country, city. All optional — you can use NearEat without providing any profile information.	Consent (ZZPL Art. 12 / GDPR Art. 6(1)(a))
Location	GPS coordinates — only when you explicitly grant system-level location permission. Used to find nearby restaurants. We do not track your location in the background. Location may also be recorded alongside restaurant interactions for recommendation accuracy.	Consent (ZZPL Art. 12 / GDPR Art. 6(1)(a))
Reviews & Ratings	Five-dimension ratings (food, service, drinks, wait time, overall — each 0–10), text comment (up to 2,000 characters), optional price paid, and up to 5 uploaded images per review. Images are resized to max 1600px and converted to JPEG.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Photos	Restaurant photos and review photos you upload. Each image is validated (file extension, 5 MB max, PIL content verification to block malicious files), optimised to JPEG, and stored with automatically generated thumbnails (small, medium, large).	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Favourites, Follows & Collections	Saved restaurants, custom favourite collections, followed restaurants.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Photo Interactions	Likes, dislikes, emoji reactions (one per user per photo), and text comments (up to 500 characters) on restaurant and review photos.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Submissions	Restaurant submissions (name, address, cuisine, photos), restaurant corrections (issue type, details), and menu item submissions (name, description, ingredients, price, photo). All reviewed by moderators before publication.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Ownership Claims	If you claim to own a listed restaurant: your message explaining the claim. Reviewed by admin.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Content Reports	Reports you file about inappropriate content (reason, description — up to 500 characters).	Legitimate Interest (ZZPL Art. 12 / GDPR Art. 6(1)(f))
Taste Profile	During onboarding, you swipe through restaurants to indicate what you like/dislike. These preferences power your personalised recommendations.	Consent (ZZPL Art. 12 / GDPR Art. 6(1)(a))
Recommendation Data	Interaction history with restaurants (views, saves, dismissals, ratings, navigation clicks), cuisine preferences, and location context. Dismissed restaurants are excluded from recommendations for 14 days.	Consent (ZZPL Art. 12 / GDPR Art. 6(1)(a))
Visit History	Records of restaurants you visit (created when you review a restaurant, or manually logged). Includes optional note (e.g. what you ordered).	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Coupons	When you claim a coupon: your user ID, claim timestamp, and expiry date. When a coupon is redeemed at a restaurant: redemption timestamp and IP address of the device used for scanning.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))
Usage Analytics	Random device ID (32-character, not your hardware ID or advertising ID), session ID, app events (install, open, search, place_open, review_create, etc.), timestamp, and city. Analytics are processed entirely on our own servers.	Legitimate Interest / Consent (ZZPL Art. 12 / GDPR Art. 6(1)(f)/(a))
Notification Preferences	Your per-category notification settings (email and push toggles for reviews, followers, submissions, engagement, expiring subscriptions, reports).	Consent (ZZPL Art. 12 / GDPR Art. 6(1)(a))
Consent Records	Immutable audit log of every consent granted or withdrawn (purpose, action, version, IP address, user agent, timestamp) — required by GDPR Art. 7 and ZZPL.	Legal Obligation (ZZPL Art. 12 / GDPR Art. 6(1)(c))
Compliance/Audit Logs	Admin activity log entries include IP address. Account deletion logs retain a SHA-256 hash of your email (not the email itself) and the deletion timestamp for compliance.	Legitimate Interest (ZZPL Art. 12 / GDPR Art. 6(1)(f))
Bug Reports	Title, description, steps to reproduce, app version, platform (only when you voluntarily file a bug report).	Legitimate Interest (ZZPL Art. 12 / GDPR Art. 6(1)(f))
Payment Data	Processed by Lemon Squeezy (Merchant of Record). We store only: subscription status, expiry date, order ID, and billing email. We never see, access, or store your credit card number, CVV, bank account, or any raw payment credentials.	Contract (ZZPL Art. 12 / GDPR Art. 6(1)(b))

Search history is stored locally on your device only and is never sent to our servers.

4. How We Use Your Data

• Provide the service — restaurant discovery, reviews, photos, favourites, follows, menus, visited places, and coupon partnerships
• Personalised recommendations — our self-hosted recommendation engine blends your taste preferences (35%), cuisine similarity (25%), distance (20%), local popularity (15%), and promotional weighting. All processing happens on our own servers — no third-party AI services.
• Sponsored listings — display paid restaurant promotions relevant to your location, clearly labelled as "Sponsored" per Art. 8 Zakon o oglašavanju (Sl. glasnik RS 6/2016)
• Advertisements — display banner ads and native ads in the discovery feed via Google AdMob for non-premium users
• Analytics — self-hosted analytics on our Django backend to understand app usage patterns (we do not use Google Analytics, Firebase Analytics, or any third-party analytics SDK)
• Notifications — send local push notifications (opt-in only; powered by Flutter Local Notifications — not Firebase Cloud Messaging). Global announcements are fetched via polling, not pushed.
• Authentication — verify your identity via email/password, Google Sign-In, or Apple Sign-In
• Email communications — email verification, password reset, notification preferences (only to addresses you provided; sent from our own mail server mail.near-eat.com)
• Coupon delivery — deliver coupon codes, generate QR codes, and verify redemption at partner restaurants
• Moderation — review user-submitted content (restaurants, menu items, photos, corrections) and handle content reports
• Security & abuse prevention — rate limiting, IP logging, user bans, audit trails
• Legal compliance — maintain consent logs, data export records, and account deletion logs as required by GDPR/ZZPL

5. Google Play Data Safety Disclosure

This section maps the data we handle to Google Play's official Data Safety categories so you can see exactly what we collect, what we share, whether it is encrypted in transit, and whether you can request its deletion. NearEat is not enrolled in the Google Play Designed for Families programme and is not directed at children.

Data collected and shared:

Play Data Type	Collected	Shared	Optional	Purpose
Personal info — Name, email address, user ID	Yes	No	Required for account; optional if you only browse anonymously	Account management, authentication, support
Personal info — Other info (bio, country, city, avatar)	Optional	No	Yes	Personalisation, public profile
Financial info — Purchase history	Yes (Premium subscribers only)	Shared with Lemon Squeezy as Merchant of Record	Yes	Process Premium subscription and sponsored listing payments
Financial info — Credit card / bank info	No \u2014 we never see or store payment credentials	N/A	N/A	Handled exclusively by Lemon Squeezy (PCI-DSS)
Location \u2014 Approximate location	Optional	No	Yes	Show city-level results, sponsored placement scope
Location \u2014 Precise location	Optional	No	Yes (only when you tap "Near me")	Find nearby restaurants and compute distance. Never collected in the background.
Photos and videos	Optional	No (publicly visible inside the app once approved)	Yes	Restaurant submissions and reviews
Messages \u2014 Other in-app messages (reviews, comments, bug reports, support emails)	Optional	No	Yes	Power user-generated content, moderation, and support
App activity \u2014 App interactions, in-app search history, installed apps, other user-generated content, other actions	Yes (interactions and actions only \u2014 not installed apps; search history stays on your device)	No	Search history is local-only	Personalised recommendations, analytics, abuse prevention
App info and performance \u2014 Crash logs, diagnostics, other performance data	Yes	No	No	Detect crashes and improve stability (server-side error logs only; no third-party crash SDK)
Device or other IDs	Yes \u2014 random app-generated analytics ID, plus Google AdMob's advertising ID where consent is given	Advertising ID is shared with Google AdMob (non-premium only)	Yes \u2014 you can opt out of personalised ads in Settings or via the OS-level controls (Android Privacy Sandbox, iOS ATT)	Analytics, ad delivery and frequency capping
Health, fitness, contacts, calendar, SMS, call logs, web browsing history, audio, files, biometrics, payment info, racial or ethnic, political, religious, sexual orientation	No	No	N/A	Not collected, not shared, not used \u2014 ever.

Security practices:

• Data is encrypted in transit using HTTPS/TLS 1.2+ with HSTS preload.
• Authentication tokens on device are stored in encrypted at-rest storage (iOS Keychain / Android EncryptedSharedPreferences).
• Server-side data is stored on encrypted volumes in our EU (Germany) datacentre.
• You can request data deletion in-app (Settings \u2192 Account \u2192 Delete Account), via our web data deletion request page, or by emailing privacy@near-eat.com. Deletion is irreversible and processed within 30 days.
• This app follows Google Play's Families Policy by not targeting children under 13 (or 16 in EEA member states where applicable). AdMob is not configured for child-directed treatment.

6. Android Permissions and iOS Capabilities

The NearEat mobile app declares the following runtime permissions. Each permission is requested only when needed and only for the purpose described.

Permission	Why we use it	Required?
INTERNET	Communicate with our backend API to load restaurants, reviews, and your account data.	Required
ACCESS_NETWORK_STATE	Detect when you go offline so the app can show cached content gracefully.	Required
ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION (Android) / NSLocationWhenInUseUsageDescription (iOS)	Find restaurants near you and compute distance. Used only while the app is in the foreground after you tap a feature that needs it.	Optional \u2014 the app works without it
READ_MEDIA_IMAGES / READ_EXTERNAL_STORAGE (legacy Android) / NSPhotoLibraryUsageDescription (iOS)	Let you choose photos from your gallery to attach to reviews and restaurant submissions.	Optional \u2014 only requested when you tap "Add photo"
CAMERA / NSCameraUsageDescription	Take a new photo or scan a coupon QR code at a partner restaurant.	Optional
POST_NOTIFICATIONS (Android 13+) / UNUserNotificationCenter authorisation (iOS)	Send local notifications you opted into (e.g. Eat Later reminders, app announcements). All notifications are local \u2014 we do not use FCM or APNs push servers.	Optional
SCHEDULE_EXACT_ALARM / USE_EXACT_ALARM (Android)	Schedule reminders at the exact time you choose for places you saved to "Eat Later".	Optional
RECEIVE_BOOT_COMPLETED	Re-arm previously scheduled local notifications after a device reboot.	Optional
com.google.android.gms.permission.AD_ID (Android) / NSUserTrackingUsageDescription (iOS \u2014 ATT)	Allow Google AdMob to deliver ads in the free tier and to honour your ad personalisation choices through the IAB TCF / UMP consent flow.	Optional \u2014 you can deny it; you'll then see non-personalised ads

We do not request access to contacts, SMS, call logs, calendar, accounts, microphone, sensors, NFC, Bluetooth, or background location.

7. Third-Party Services

Each is listed with what data it receives and why. See Section 5 above for the Google Play Data Safety summary.

Service	Purpose	Data Shared
Google Sign-In	Optional social login (Android & iOS)	Google verifies your identity and provides us with your name, email, and Google user ID. We only receive the ID token — we never access your Google password, contacts, or other Google data. (Google Privacy Policy)
Apple Sign-In	Optional social login (iOS & macOS)	Apple verifies your identity and provides us with your name, email (or Apple's relay email if you choose "Hide My Email"), and Apple user ID. We validate the identity token server-side using Apple's public keys. (Apple Privacy Policy)
Google Places API	Restaurant data enrichment (server-side only)	Search text and optional location bias. Processed through our Django proxy. Your email, username, device IDs, or any PII is never sent to Google Places. (Google Privacy Policy)
Google AdMob	Advertising for non-premium users	AdMob may collect IDFA (iOS) / GAID (Android), IP address, device information, and general location. EEA/UK users: consent is required for personalised ads via the UMP/CMP consent flow. iOS 14.5+: ATT framework is respected. You can opt out of ad personalisation in app settings. (Google Privacy Policy)
Lemon Squeezy	Payment processing for Premium subscriptions and sponsored listings	Acts as Merchant of Record (PCI-DSS compliant). We share: payment amount, billing email, and product ID. Lemon Squeezy handles all card/bank processing — we never see your payment credentials. (Lemon Squeezy Privacy Policy)
OpenStreetMap	Map tiles for the map view	Your map viewport coordinates (x/y/z tile numbers) and IP address are sent to OSM tile servers when you use the map. No NearEat account data is shared. (OSM Privacy Policy)

8. What We Do NOT Do

For complete transparency:

• We do not sell, rent, or trade your personal data to any third party — ever.
• We do not use Google Analytics, Firebase Analytics, or any third-party analytics SDK — our analytics are entirely self-hosted.
• We do not use Firebase Cloud Messaging — all push notifications are handled locally on your device.
• We do not track your location in the background — location is only accessed when you actively use the app and have granted permission.
• We do not use facial recognition, biometric data, or fingerprinting.
• We do not read your contacts, SMS, call logs, camera roll, or any data outside the app.
• We do not use automated decision-making or profiling that produces legal effects on you.
• We do not share data with data brokers or advertising networks beyond Google AdMob (and only the data Google's SDK collects directly).

Crypto donations (BTC, ETH, BNB, SOL): no personal data is collected when you make a cryptocurrency donation.

9. Data Retention

Data Category	Retention Period
Account & profile data	Until you delete your account
Reviews, photos, favourites, follows, collections	Until you delete your account
Visit history & taste profile	Until you delete your account
Coupon claims & redemptions	Until you delete your account (redemption IP retained for fraud prevention)
Approved restaurant/menu submissions	Indefinite (community database; your user association is removed on account deletion)
Analytics events	24 months (user association removed on account deletion; anonymous device ID remains)
Recommendation interaction history	12 months
Content reports	12 months after resolution
Bug reports (resolved)	12 months after resolution
Notification records	6 months
Consent logs	36 months (immutable records as required by GDPR Art. 7)
Error logs	90 days
Access logs (nginx)	30 days
Account deletion audit logs	36 months (SHA-256 hashed email + deletion date only)
Search history (device-only)	Until you clear it or uninstall the app — never sent to our servers
Payment records	7 years (financial/tax compliance; personal info removed on account deletion — only order ID, amount, and billing email retained)

10. Your Rights

Under the ZZPL (Serbian data protection law), GDPR (EU/EEA/UK), CCPA/CPRA (California), and similar laws, you have the following rights:

• Access (ZZPL Art. 26 / GDPR Art. 15) — View and export all your data in JSON or CSV format: Settings → Privacy & Security → Export My Data
• Erasure / Right to be Forgotten (ZZPL Art. 30 / GDPR Art. 17) — Delete your account and all data via: Settings → Account → Delete Account, our API endpoint, or by emailing us. See our Data Deletion Instructions for full details.
• Data Portability (ZZPL Art. 31 / GDPR Art. 20) — Download a machine-readable export of your data
• Rectification (ZZPL Art. 29 / GDPR Art. 16) — Edit your profile, reviews, and comments at any time in the app
• Withdraw Consent (ZZPL Art. 15 / GDPR Art. 7(3)) — Toggle analytics, personalisation, ad personalisation, marketing, and notifications in Settings → Privacy & Security. Withdrawal takes effect immediately and does not affect the lawfulness of prior processing.
• Restrict Processing (GDPR Art. 18) — Contact us to restrict how we process your data while a dispute is resolved
• Object to Processing (GDPR Art. 21) — Object to processing based on legitimate interest at any time
• Non-Discrimination (CCPA) — We will not discriminate against you for exercising your privacy rights
• Lodge a Complaint — You may contact the Poverenik (Serbian Commissioner) at poverenik.rs, your local EU Data Protection Authority, the UK ICO, or the California Attorney General

All data subject requests will be processed free of charge within 30 days. If the request is complex, we may extend by up to 60 additional days with notice.

11. Data Transfers

Your data is stored on servers located in Germany (European Union). Because Germany is an EU member state, no additional transfer mechanism is required for EEA/UK users under the GDPR.

The company operating NearEat is based in Serbia. Serbia has adopted the ZZPL, which is substantially aligned with the GDPR. For users in Serbia, data transfers to the EU are permitted under ZZPL Art. 65 (countries with an adequate level of protection).

Third-party sub-processors (Google, Lemon Squeezy) may process limited data in the United States and maintain their own transfer mechanisms including Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework. These transfers only involve the specific data described in Section 5 above.

12. Children's Privacy

NearEat is not directed at children under 13 years of age (or under 16 in EU member states where applicable, per GDPR Art. 8). We do not knowingly collect personal data from children below the applicable age threshold.

If you are a parent or guardian and believe a child has provided us with personal data, please contact us at privacy@near-eat.com and we will delete the data promptly.

Google AdMob is not configured as child-directed in our implementation.

13. Security Measures

We implement appropriate technical and organisational measures to protect your data, including:

• Encryption in transit — HTTPS/TLS for all connections, with HSTS (1 year, includeSubdomains, preload)
• Password security — Passwords hashed with PBKDF2-SHA256 with unique per-user salt (Django's default). We never store passwords in plain text.
• Token authentication — JWT with short-lived access tokens (1 hour), refresh tokens (7 days) with rotation and blacklisting
• Secure storage — On your device: JWT tokens stored in AES-256 encrypted storage (iOS Keychain / Android EncryptedSharedPreferences via FlutterSecureStorage)
• HTTP security headers — Content Security Policy (CSP), X-Frame-Options: DENY, X-Content-Type-Options: nosniff, Referrer-Policy, strict CORS and CSRF protection
• Rate limiting — 5 requests/minute on authentication endpoints, 10/minute social auth, 60/minute analytics. Protects against brute force and abuse.
• Upload validation — Every uploaded image is validated: file extension whitelist (.jpg, .jpeg, .png, .gif, .webp), 5 MB max size, and PIL/Pillow content verification (blocks files pretending to be images)
• Admin security — Optional TOTP-based two-factor authentication for admin accounts (with lockout after failed attempts)
• Rotating logs — Error and access logs are automatically rotated and deleted per retention schedule

14. Cookies & Local Storage

Website (near-eat.com): uses only essential first-party cookies required for site functionality. We do not use tracking cookies or third-party advertising cookies on the website.

Mobile app: does not use cookies. The app stores the following data locally on your device:

• Analytics device ID and app preferences — in SharedPreferences (unencrypted but app-sandboxed)
• JWT authentication tokens — in FlutterSecureStorage (AES-256 encrypted, backed by iOS Keychain / Android EncryptedSharedPreferences)
• Image cache — up to 120 MB of cached restaurant/review photos for faster loading, automatically managed
• Search history — stored locally, never sent to our servers

15. Data Breach Notification

In the event of a personal data breach:

1. We will assess the scope and impact within 24 hours of discovery
2. We will notify the relevant supervisory authority (Poverenik / EU DPA) within 72 hours as required by GDPR Art. 33 and ZZPL
3. We will inform affected users without undue delay if the breach is likely to result in a high risk to your rights and freedoms (GDPR Art. 34)
4. We will document the breach, its effects, and the remedial actions taken

16. Do Not Track / Global Privacy Control

We respect the Global Privacy Control (GPC) signal. If your browser or device sends a GPC signal, we will treat it as a valid opt-out of data sharing for targeted advertising purposes, as required under CCPA/CPRA.

17. California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA and CPRA:

• Right to Know — You can request the categories and specific pieces of personal information we have collected about you
• Right to Delete — You can request deletion of your personal information
• Right to Opt-Out of Sale/Sharing — We do not sell your personal information. We do not share personal information for cross-context behavioral advertising beyond what Google AdMob collects directly.
• Right to Non-Discrimination — We will not deny you service, charge different prices, or provide a different quality of service for exercising your rights

To exercise these rights, email privacy@near-eat.com or use the in-app data export and deletion features.

18. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the version number and "Last updated" date at the top. If changes are material, we will notify you through the app or via email with at least 15 days advance notice. Continued use of NearEat after the notice period constitutes acceptance of the updated policy.

Previous versions of this policy are available upon request by emailing privacy@near-eat.com.

19. Contact

We take your privacy seriously. If you have any questions, concerns, or requests about this policy or your personal data, please contact us:

Privacy & data requests: privacy@near-eat.com
General support: support@near-eat.com
Legal enquiries: legal@near-eat.com

This privacy policy was last reviewed against the NearEat application source code on April 28, 2026, and reflects the actual data collection and processing practices implemented in the codebase. It is the same document referenced from the Google Play Data Safety form and the App Store privacy nutrition labels.