Privacy Policy

1. Who We Are

Ladle is a mobile application built and operated from Belfast, Northern Ireland. We are the data controller for the personal data collected through the Ladle app.

If you have any questions about how we handle your data, you can contact us at hello@ladle-app.com.

2. What Data We Collect

All users

• Email address — used for account creation and communication.
• Password — encrypted and securely stored. We never have access to your plain-text password.
• Push notification token — to deliver notifications to your device.
• Approximate location — used in real time to show nearby cafes. This is not stored on our servers.
• Usage data — how you interact with the app (pages viewed, features used) to help us improve the service.

Cafe owners (additionally)

• Cafe name, description and contact details.
• Photos of your cafe and dishes.
• Menu items, descriptions, prices, allergen information and dietary tags.
• Opening hours and location.
• Performance data (menu views, follower counts, saved dishes).

Pro subscribers (additionally)

• Subscription status and plan details (managed by RevenueCat and Apple).
• Anonymised AI prompts — used to power Pro insights. These are stripped of identifying information before processing.

What we do NOT collect

• Payment card details — all payments are handled by Apple through the App Store.
• Precise GPS coordinates — we use approximate location only, and do not store it.
• We never sell your data to advertisers or any other third party.

3. How We Use Your Data

We use your data for the following purposes:

• To provide the app — creating your account, displaying menus, enabling follows and notifications, and powering location-based discovery.
• To improve the app — understanding how features are used, identifying bugs and improving the user experience.
• To communicate with you — sending important updates, responding to support requests and (with your consent) sending promotional messages.

Legal basis for processing (UK GDPR)

• Contract — processing necessary to provide the Ladle service you signed up for.
• Legitimate interests — improving the app, preventing abuse and ensuring security.
• Consent — push notifications and optional marketing communications. You can withdraw consent at any time.
• Legal obligation — where we are required to retain or share data by law.

4. How We Share Your Data

We share your data only with the service providers necessary to operate Ladle:

• Supabase (EU Ireland region) — database hosting and authentication. supabase.com/privacy
• Expo — app build and update delivery. expo.dev/privacy
• RevenueCat — subscription and billing management. revenuecat.com/privacy
• Anthropic — AI features for Pro subscribers. Only anonymised data is shared. anthropic.com/privacy
• Apple — app distribution and payment processing. apple.com/privacy

We never sell your data. We do not share personal information with advertisers, data brokers or any other third parties for their own marketing purposes.

5. Public Information

If you are a cafe owner, the following information is publicly visible to all Ladle users:

• Cafe name and description.
• Cafe location and contact details.
• Menus, including dish names, descriptions, prices and dietary information.
• Opening hours.
• Photos uploaded to your cafe profile.

This information is displayed to help customers discover your cafe. If you remove your content or delete your account, this information will no longer be publicly visible.

6. Data Retention

• Active accounts — your data is retained for as long as your account exists and is active.
• Deleted accounts — when you delete your account, your personal data will be removed from our systems within 30 days.
• Legal retention — certain data may be retained for up to 7 years where required by law (e.g., financial records, fraud prevention).

7. Your Rights Under UK GDPR

Under the UK General Data Protection Regulation, you have the following rights:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data.
• Right to restrict processing — request that we limit how we use your data.
• Right to data portability — request your data in a structured, commonly used format.
• Right to object — object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you can withdraw it at any time.

To exercise any of these rights, contact us at hello@ladle-app.com. We will respond within 30 days.

If you are not satisfied with our response, you have the right to complain to the Information Commissioner's Office (ICO) at ico.org.uk.

8. Data Security

We take the security of your data seriously and implement the following measures:

• HTTPS encryption — all data transmitted between the app and our servers is encrypted in transit.
• Password hashing — passwords are hashed using industry-standard algorithms. We never store plain-text passwords.
• Row Level Security — our database enforces row-level security policies, ensuring users can only access data they are authorised to see.
• EU hosting — our primary database is hosted in the EU (Ireland) via Supabase.
• Restricted access — access to production data is limited to authorised personnel only.

9. Push Notifications

Ladle may send you push notifications in the following situations:

• A cafe you follow posts a new daily menu.
• A dish you saved returns to a cafe's menu.
• Important account notifications (e.g., security alerts, terms updates).

Push notifications are optional. You can disable them at any time in your device settings.

10. Location Data

Ladle uses your device's location to show you cafes nearby. Here's how we handle location data:

• Location is used in real time only — to sort and display nearby cafes.
• We do not store your location on our servers.
• We do not track your movements or build location profiles.
• You can revoke location access at any time in your device settings. Without location, the app will still work but will not be able to sort cafes by proximity.

11. Children's Privacy

Ladle is not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13.

If you believe that a child under 13 has created an account on Ladle, please contact us at hello@ladle-app.com and we will take steps to remove the account and associated data promptly.

12. International Data Transfers

Our primary database is hosted in the EU (Ireland) via Supabase, providing strong data protection under GDPR standards.

Some of our service providers are based in the United States, including Anthropic (which powers AI features for Pro subscribers). Where data is transferred to the US, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you through the app or by email.

Your continued use of Ladle after notification of changes constitutes your acceptance of the updated policy. If you do not agree with the changes, you should stop using the app and delete your account.

14. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: hello@ladle-app.com
• Website: ladle-app.com

You also have the right to contact the Information Commissioner's Office (ICO):

• Website: ico.org.uk
• Telephone: 0303 123 1113