Privacy Policy

Foodie — Local Producer Discovery & Pickup Reservation

Last updated: April 27, 2026  ·  Effective date: April 27, 2026
Table of Contents
  1. Who We Are
  2. Data We Collect
  3. How We Use Your Data
  4. Food Safety — Active Recall Blocking
  5. Legal Basis (GDPR)
  6. Data Sharing
  7. Data Retention
  8. Your Rights (incl. Portability Art. 20)
  9. Children's Privacy
  10. Security
  11. International Transfers
  12. Apple Platform Privacy
  13. Changes to This Policy
  14. Contact Us

1. Who We Are

The Foodie application is operated by E&HADS AGENCY ("we", "us", "our"), a French SASU (simplified joint-stock company, sole shareholder), registered under SIRET 932 700 271 00012, with registered office at 2 Impasse Mont Nouge, 17240 Mosnac, France. The Application is developed and operated on behalf of Alexandre Sand, the commissioning client of the project.

Foodie is a matchmaking platform between local producers and buyers, with on-site pickup at the producer's location. The application is available on iPhone, iPad, Apple Watch, Apple TV, Apple Vision Pro, and macOS.

Data controller under GDPR: E&HADS AGENCY.
Publication director: Metoyer Déogracia (President, CTO).
For questions about this privacy policy or your personal data, contact us at: [email protected]

2. Data We Collect

We collect the following categories of data when you use Foodie:

2.1 Account & Contact Information

2.2 Health & Nutrition Data

Health and nutrition data is categorized as special category data under GDPR Article 9 and requires your explicit consent.

2.3 Location (V0 Geolocation Doctrine)

V0 geolocation parameters. The default search radius is 50 km, adjustable by the user between 25 km and 80 km. The 80 km upper bound complies with French instruction DGAL/SDQSPV/2017-651 defining a short-supply chain (circuit court) as a producer-to-consumer distance not exceeding 80 km.

Location is never stored on our servers. Your coordinates are processed in real time only, used to compute the producer list, and immediately discarded. No location history, no movement trace, no server-side persistence. This implementation follows the CNIL geolocation doctrine 2025 (data minimisation, purpose limitation, no retention beyond the immediate processing need).

Legal basis (GDPR). Location processing relies on Article 6.1.b GDPR (performance of the contract — connecting you with nearby producers is the very service you signed up for) combined with the iOS system-level consent prompt required by the operating system before any access to precise location.

2.4 Reservation Data

Foodie processes no banking data. Foodie is a matchmaking platform and does not collect, store, or transmit any payment information. Reservations only record:

2.5 User Content

2.6 Identifiers

2.7 Usage Data

2.8 Technical Diagnostics

2.9 Spatial Data (Apple Vision Pro only)

3. How We Use Your Data

Purpose Data Used
Account & authentication Name, email, user ID
Producer / Buyer matchmaking Name, phone, location, reservation history
Nutrition tracking Health/nutrition data, fitness data (if granted)
Personalized recommendations Location, search history, order history, usage interactions
Convive communications Email, phone — transactional (order status, account updates)
Marketing (opt-in only) Name, email — promotional communications you consent to receive
Analytics & product improvement Usage data, search history, crash data (aggregated/anonymized)
Gaming features (Game Center) Gameplay content, device ID, user ID
Fraud prevention & security Device ID, usage patterns
App stability Crash logs, performance data (not linked to identity)

We never sell your personal data to third parties or use it for cross-app advertising.

3.bis Food Safety — Active Recall Blocking (RappelConso)

In application of Regulation (EC) No 178/2002 Article 19 on food and feed safety, the platform automatically blocks the publication and reservation of any product subject to an active sanitary recall listed on the public RappelConso database (rappel.conso.gouv.fr). When a recall is published, the corresponding product references are placed under quarantine on Foodie until the producer attests to the resolution of the recall, in accordance with their primary responsibility under Article 19. This safety control runs without storing any additional personal data of the buyer.

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

Data Category Legal Basis
Name, email, phone, reservation history Contract (Art. 6.1.b) — necessary to provide the service
Precise location, marketing communications Consent (Art. 6.1.a) — you can withdraw at any time
Crash logs, performance data, fraud detection Legitimate Interest (Art. 6.1.f) — ensuring security and stability
Health and nutrition data Explicit Consent (Art. 9.2.a) — special category; you must actively opt in

5. Data Sharing

We do not sell your data. We share data only with the following categories of service providers under Data Processing Agreements:

No payment processing: Foodie does not collect, store, or transmit any banking data. No payment provider (Stripe, Apple Pay, Google Pay, etc.) is used. Payment is handled directly between buyer and producer, outside the application.

We may disclose data if required by law or to protect the rights and safety of our users.

6. Data Retention

Data Type Retention Period
Account data (name, email, phone) Duration of account + 30 days after deletion request
Order history 7 years (legal/accounting obligation)
Health & nutrition data Until you delete it or close your account
Location data Not stored — used in real time only
Crash & diagnostic logs 90 days
Support communications 3 years from last interaction

7. Your Rights

Depending on your location, you have the following rights regarding your personal data:

To exercise your rights, contact us at [email protected] or use the in-app account deletion feature (Settings → Account → Delete Account).

7.1 Portability (GDPR Article 20) — Procedure

Your right to data portability under GDPR Article 20 is honoured through the dedicated Edge Function foodie-export-account, which generates a structured, machine-readable archive (JSON + CSV bundled in a single ZIP) containing the entirety of your account data: profile, reservation history, messages, reviews, favourites, and nutrition log. The archive is generated on demand from Settings → Account → Export my data and delivered to the email address on file within seventy-two (72) hours of the request, at no cost. The archive omits any data that does not concern you (i.e., third-party producers' private notes), in accordance with Article 20 §4. For producer accounts, the export additionally includes catalogue listings and reservation records they have published.

If you are in the EEA, you also have the right to lodge a complaint with your local data protection authority.

8. Children's Privacy

Foodie is not directed at children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us immediately at [email protected] and we will delete it.

9. Security

We implement industry-standard security measures including:

Despite these measures, no system is 100% secure. If you believe your account has been compromised, contact us immediately.

10. International Data Transfers

Your data is stored within the European Economic Area (AWS region eu-west-3, Paris). Our processor Supabase Inc., a US-incorporated company (Delaware), may access operational logs for technical support purposes. For such accesses, transfers are governed by the Standard Contractual Clauses adopted by Commission Implementing Decision (EU) 2021/914 of June 4, 2021 (relevant modules: 2 "controller-to-processor" and 3 "processor-to-processor"), supplemented by the additional measures recommended by the European Data Protection Board in its Recommendations 01/2020 of June 18, 2021. No transfer is made to a third country lacking an adequacy decision under Article 45 GDPR without this contractual framework.

11. Apple Platform Privacy

iCloud & CloudKit

Nutrition data and preferences synced via Apple CloudKit are stored in your personal iCloud account and governed by Apple's Privacy Policy. We cannot access your iCloud data without your explicit permission.

HealthKit

If you connect Apple Health, data flows from HealthKit are governed by your iOS Health app permissions. We only read data you explicitly authorize. HealthKit data is never used for advertising.

Game Center

Leaderboards and achievements use Apple Game Center. Your Game Center alias and scores are governed by Apple's Privacy Policy.

Apple Vision Pro (visionOS)

Environment scanning, hand tracking, and eye tracking on Apple Vision Pro are processed exclusively by Apple's ARKit and visionOS frameworks on your device. This data is never transmitted to our servers.

App Tracking Transparency

Foodie does not track you across other apps or websites. We do not use your Advertising Identifier (IDFA) for advertising purposes.

12. Changes to This Policy

We may update this privacy policy periodically. When we make significant changes, we will notify you via email or an in-app notification. The "Last updated" date at the top of this page reflects the most recent revision.

Your continued use of Foodie after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

For privacy-related questions, data requests, or complaints:

We aim to respond to all privacy requests within 30 days.