Overview
Swipe Dining LLC, a Connecticut limited liability company, operates the Swipe mobile application ("we," "our," or "the app"). Swipe is a nutrition tracking app for college dining halls. We are committed to protecting your privacy and being transparent about how your data is used.
Information We Collect
Information you provide:
- Dietary preferences and allergen settings
- Favorite food items and food journal entries
Information collected automatically:
- Anonymous usage analytics (screens viewed, features used) via PostHog
- Device information (model, OS version) for bug fixes via Sentry
- Approximate location (only when you grant permission, used to show distances to nearby restaurants)
How We Use Information
We use your information to:
- Display personalized allergen warnings and health scores
- Save your preferences and journal entries
- Show distances to nearby restaurants (with your permission)
- Improve app performance and fix bugs
Data Storage
- Your dietary preferences and journal entries are stored locally on your device
- We do not sell your personal information, and we do not share it with third parties for advertising or marketing purposes
- We do transmit limited data to our service providers (listed below under Third-Party Services and Data Transmitted to Servers) solely to operate and improve the app
- Menu and nutrition data comes from publicly available university dining sources
Third-Party Services
The app uses the following services, each with their own privacy policies:
PostHog
Anonymous usage analytics. Helps us understand which features are used most so we can improve the app. No personally identifiable data is sent.
Sentry
Crash reporting and error monitoring. Collects device model and OS version to help us diagnose and fix bugs.
Supabase
Menu data storage and backend API. Stores scraped dining hall menu and nutrition data, crowdsourced reports, and feedback submissions. Data is hosted in the United States (AWS us-east-1).
We also reference data from the following external sources, which are not transmitted your personal information:
- USDA FoodData Central: U.S. government nutrition database used for barcode/product lookups
- Open Food Facts: Community-maintained open-source product database used as a supplemental nutrition source
- Expo / EAS (Expo Application Services): Build, deployment, and over-the-air update infrastructure for the mobile app
- Apple App Store & Google Play: App distribution platforms, each with their own privacy policies
Security Measures
We use industry-standard safeguards to protect data transmitted to or stored on our servers:
- Encryption in transit: All network traffic between the app and our servers uses TLS 1.2 or higher (HTTPS)
- Encryption at rest: Data stored in Supabase (PostgreSQL) is encrypted at rest using AES-256
- Access controls: Administrative access to production systems requires authenticated credentials and is limited to the developer and authorized staff. Privileged admin endpoints are protected by JWT verification and a separate admin key.
- Least-privilege principle: Public API endpoints do not require authentication for read-only menu data; write operations and administrative functions require authentication
- Secrets management: API keys and credentials are stored as environment variables and never committed to source control
- Dependency monitoring: We monitor third-party libraries for known vulnerabilities and apply updates in a timely manner
No system is perfectly secure. We cannot guarantee the security of information transmitted over the internet, but we commit to using reasonable safeguards and to notifying affected users in the event of a breach (see Breach Notification below).
International Data Transfers
Our servers and service providers are located in the United States. Specifically:
- Supabase: Data is stored in AWS us-east-1 (Northern Virginia, USA)
- PostHog: Analytics events are processed in the United States (us.i.posthog.com)
- Sentry: Crash reports are processed in the United States
If you access the app from outside the United States, including from the European Economic Area, United Kingdom, or other jurisdictions with data-protection laws, your information will be transferred to, stored, and processed in the United States. Where required by law, we rely on appropriate safeguards for international transfers, such as the EU Standard Contractual Clauses (SCCs) incorporated into our service-provider contracts.
Data Transmitted to Our Servers
To operate the app, the following categories of data are transmitted to our servers (hosted by Supabase) or to the third-party services listed above:
- Crowdsourced reports: Missing menu items, food/restaurant requests, and menu corrections you choose to submit
- Feedback and bug reports: Content you submit through in-app feedback forms, including optional contact information if you provide it
- Device identifiers: Anonymous device model and OS version, used for crash diagnostics (Sentry) and analytics (PostHog)
- Anonymous usage events: Screen views, feature interactions, and app performance metrics (PostHog)
- Approximate location: Only when you grant permission, used to sort nearby restaurants by distance
We do not transmit your food journal entries, dietary preferences, or allergen settings to our servers; those remain on your device.
Data Retention
- Feedback, crowdsourced reports, and bug reports: Retained for up to 24 months from submission, after which they are deleted or anonymized
- Anonymous usage analytics: Retained for up to 24 months in identifiable form; may be kept indefinitely in aggregated or anonymized form for trend analysis
- Crash and error logs: Retained for up to 90 days
- On-device data (preferences, journal): Retained until you delete the app or clear app data
- Aggregated/anonymized data: May be retained indefinitely as it cannot be linked to any individual
You may request earlier deletion of data tied to you at any time using the contact information below.
Your Rights (CCPA, GDPR, and Similar Laws)
Depending on your jurisdiction (including California, the European Union, the United Kingdom, and Connecticut), you may have the following rights regarding your personal information:
- Right to access: Request a copy of the personal information we hold about you
- Right to deletion: Request that we delete personal information tied to you
- Right to correction: Request correction of inaccurate information
- Right to data portability: Request your data in a machine-readable format
- Right to opt out of analytics: Disable analytics and crash reporting in the app's Settings screen
- Right to non-discrimination: We will not deny service, charge different prices, or provide a lower quality of service because you exercised any of these rights
We do not sell personal information, so there is no separate "right to opt out of sale."
To exercise any of these rights, email contact@swipedining.com with the subject line "Data Rights Request." We will respond within 30 days (or 45 days under CCPA, with notice).
Breach Notification
In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of discovery, via in-app notification, email (if you have provided one), or a notice posted on swipedining.com. Notices will describe the nature of the breach, the categories of information involved, and steps we are taking in response.
Children's Privacy
Swipe is designed primarily for college-age users. The app does not knowingly collect information from children under 13, in compliance with the Children's Online Privacy Protection Act (COPPA). Users between 13 and 17 must have verifiable consent from a parent or legal guardian to use the app. If you believe a child under 13 has provided us with personal information, please contact us and we will delete it promptly.
Changes to This Policy
We may update this policy from time to time. Changes will be posted on this page with an updated date at the top. Continued use of the app after changes are posted constitutes your acceptance of the revised policy.