Privacy Policy
Draft v0.1 (owner-commissioned, 2026-07-16). Placeholder-grade until launch: have a real lawyer read this before launch, especially if users arrive from the EU or California. Effective date: set at launch.
You're a person, not inventory. This policy says what we collect, why, and what we'll never do with it, in plain words.
What we collect
Account basics. If you sign in with Google or Apple, we receive your name, email address, and a profile identifier from them (Apple lets you hide your real email; that's fine with us). If you sign up with email and password, we store the email and a securely hashed version of the password: we never see or store the password itself.
The stuff you make. Saved spots, trips, lists, notes: stored so the product works and syncs between the website and the app.
Routes you plan. When you enter a starting point and destination, we use them to find stops along your way. Route inputs are processed to plan your trip; we don't build a location history of you, and the app doesn't track your location in the background.
Usage analytics. We use analytics (currently PostHog) to understand what's working: pages viewed, features used, rough device and region info. This is about improving the product, not profiling you.
What we don't do
We don't sell your personal information. We don't give advertisers your identity. If we ever show ads, advertisers get audience-level context, never your name, email, or saved places.
Who touches the data
The service runs on infrastructure providers who process data on our behalf: hosting and delivery (Vercel), our database (Neon), analytics (PostHog), maps and place data (Google), and sign-in (Google, Apple). Each gets only what its job needs. Beyond that, we share personal data only if the law genuinely requires it, or to protect the service and its users from abuse, and we'll tell you when we legally can.
Cookies
We use the cookies needed to keep you signed in and the analytics described above. No third-party ad trackers today; if that ever changes, this policy changes first and visibly.
Keeping and deleting
We keep your data while your account exists. Delete your account (in settings, or by emailing hello@dinerdetours.com) and we delete your personal data within 30 days, except minimal records the law requires us to keep. You can also email us to get a copy of your data or fix something wrong.
Kids
Diner Detours isn't for children under 13, and we don't knowingly collect their data. If you think a child has an account, tell us and we'll remove it.
Changes
When this policy changes in any way that matters, we'll post a notice on the site or email account holders before it takes effect. The current version always lives at dinerdetours.com/privacy.
Questions, worries, corrections: hello@dinerdetours.com. A person reads that inbox.