Privacy Policy

We collect the following types of information:

• Account data: Name, email address, and profile picture from your Google or Discord account via OAuth.
• Order data: DoorDash cart links, delivery addresses, special instructions, and pricing information.
• Usage data: Pages visited, features used, and general interaction patterns.
• Technical data: IP address, browser type, and device information for security and rate limiting.

Your data is used to:

• Process and fulfill your discounted food delivery orders.
• Maintain your account and order history.
• Communicate with you about order status and support requests.
• Improve the Service and prevent fraud or abuse.

Sensitive data including delivery addresses and DoorDash cart links are encrypted at rest using AES-256-GCM encryption. Encryption keys are stored separately from the encrypted data and are never exposed to client-side code.

When you sign in with Google or Discord, we receive only your basic profile information (name, email, avatar). We do not request access to your contacts, messages, or other private data. We do not post or act on your behalf on any third-party platform.

We use essential cookies for authentication session management. We do not use tracking cookies or third-party advertising cookies. Our session cookie is HTTP-only, secure, and uses strict same-site policy.

We do not sell, rent, or trade your personal data. Information may be shared only in these circumstances:

• With DoorDash to process your food delivery order.
• With payment processors (PayPal, Stripe) to handle transactions — we never see or store your card details.
• To protect our rights, safety, or property.

Account data is retained for as long as your account is active. Order data is retained for 12 months after the order date for support and record-keeping purposes. You may request deletion of your data at any time.

You have the right to:

• Access: Request a copy of all personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your personal data.
• Portability: Request your data in a machine-readable format.
• Objection: Object to processing of your data for specific purposes.
• Restriction: Request restricted processing under certain conditions.

To exercise any of these rights, contact us through our contact page.

We implement industry-standard security measures including encryption in transit (TLS) and at rest (AES-256-GCM), secure authentication via OAuth 2.0, rate limiting, input sanitization, and security headers on all responses.

We may update this Privacy Policy periodically. Material changes will be communicated via email or an on-site notification. Continued use of the Service after changes constitutes acceptance of the updated policy.

For privacy-related inquiries, contact us at our contact page.