Privacy Policy

Welcome to DINEx ("DINEx," "we," "us," or "our"). We operate a restaurant discovery and dining platform available via our website and mobile application (collectively, the "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Platform, create an account, make reservations, participate in the Social Fund, use the Social Card referral program, or interact with our AI-powered assistant.

By accessing or using DINEx, you agree to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Platform.

1 Information We Collect

1.1 Information You Provide Directly

• Account Registration: Full name, email address, phone number, profile photo, and password.
• Reservations: Date, time, party size, special requests, dietary restrictions, and restaurant preferences.
• Payment Information: Credit/debit card details, billing address, and transaction history. Payment data is processed and stored by our PCI-compliant third-party payment processors; DINEx does not store raw card numbers.
• Social Card Referrals: Referral codes, contacts you invite, and related messaging.
• Reviews & Content: Ratings, text reviews, and photos you submit about restaurants.
• Communications: Messages you send to our support team or through the Platform.
• Business Accounts (B2B): Business name, restaurant details, owner/manager contact information, menu data, and operational settings.

1.2 Information We Collect Automatically

• Device & Technical Data: IP address, device type, operating system, browser type, app version, and unique device identifiers.
• Usage Data: Pages visited, features used, search queries, clicks, scrolling behavior, and time spent on the Platform.
• Location Data: Approximate location derived from IP address; precise GPS location if you grant permission through your device settings. Location is used to surface nearby restaurants and personalize your experience.
• Log Data: Server logs including access times, errors, and performance metrics.
• Cookies & Similar Technologies: As described in Section 5.

1.3 Information from Third Parties

• Social Sign-In: If you sign in via Google or Apple, we receive your name, email address, and profile picture from that provider.
• Firebase: We use Google Firebase for authentication, real-time database, and analytics. Firebase may collect additional device and usage data subject to Google's privacy policy.
• Referrals: If someone refers you through the Social Card program, we may receive your contact information as provided by the referrer.

2 How We Use Your Information

We use your information to:

• Create and manage your account and authenticate your identity.
• Process and confirm restaurant reservations.
• Operate and administer the Social Fund, including crediting and redeeming dining credits.
• Power the Social Card referral program and track referral rewards.
• Process payments and prevent fraud.
• Personalize restaurant recommendations and search results based on your preferences, location, and history.
• Operate the DINEx AI assistant and respond to your queries (see Section 4).
• Send transactional communications (reservation confirmations, receipts, reminders).
• Send marketing and promotional messages, where you have opted in.
• Analyze Platform usage to improve features and performance.
• Comply with legal obligations and enforce our Terms of Service.
• Respond to customer support requests.

3 Social Fund & Social Card

Social Fund

The Social Fund is DINEx's social impact program. When a restaurant pays a per-reservation fee to DINEx, a portion of that fee (up to 50%) is allocated to the Social Fund. These funds are distributed to qualifying families or individuals who apply to the program. DINEx collects and processes reservation data, restaurant fee records, and applicant eligibility information solely to calculate contributions and administer distributions.

If you apply to receive Social Fund benefits, we may collect additional information to verify eligibility (such as household size or income documentation). This information is treated with the highest level of confidentiality and is used exclusively for program administration.

Social Card

The Social Card is a referral and loyalty tool that connects diners to the DINEx ecosystem. When you use your Social Card to make reservations, your activity contributes to the Social Fund pool described above. We collect your reservation activity, Social Card usage history, and associated restaurant fees to track your contribution to the fund and display your impact within the Platform.

4 AI Assistant (DINEx AI)

DINEx includes an AI-powered conversational assistant designed to help you discover restaurants, answer questions about the Platform, and provide dining recommendations. This feature is powered by a third-party large language model (LLM) provider.

• Queries you submit to the AI assistant are transmitted to the LLM provider to generate a response.
• We provide the LLM with relevant context from your session (such as nearby restaurants and Platform features) to improve response quality. We do not send your full profile or payment data to the LLM.
• Voice input (if enabled) is converted to text on your device or through a speech recognition service before processing.
• Do not share sensitive personal information (e.g., passwords, financial account details) through the AI assistant.
• Conversations may be reviewed by our team in anonymized form to improve accuracy and safety.

5 Cookies & Tracking Technologies

We use cookies, local storage, and similar technologies to:

• Essential cookies: Maintain your session, authentication state, and security tokens. These are required for the Platform to function.
• Functional cookies: Remember your preferences (language, location, filters).
• Analytics cookies: Understand how users interact with the Platform (via Firebase Analytics and similar tools).
• Marketing cookies: Deliver relevant promotions, where permitted by your consent.

You may manage or disable non-essential cookies through your browser settings. Note that disabling certain cookies may impact Platform functionality.

6 How We Share Your Information

We do not sell your personal information for monetary compensation. Note that certain data shared with third-party analytics providers (such as Google via Firebase Analytics) may be considered "sharing" under the CCPA/CPRA. We may share your data in the following circumstances:

• With Restaurants: When you make a reservation, we share your name, party size, contact information, and special requests with the relevant restaurant.
• Service Providers: We engage trusted third-party vendors (payment processors, cloud hosting, analytics, email delivery, AI providers) who process data on our behalf under contractual data protection obligations.
• Firebase / Google: Our backend infrastructure uses Firebase, which is subject to Google's data processing terms.
• Business Partners: Aggregate, anonymized analytics may be shared with restaurant partners to help them improve their offerings. Individual user data is not shared without your consent.
• Legal Requirements: We may disclose data when required by law, court order, or to protect the rights and safety of DINEx, our users, or the public.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will notify you of any such change.

7 Data Retention

We retain your personal information for as long as your account is active or as needed to provide our services. Specific retention periods:

• Account data: Retained until you delete your account, plus up to 90 days for backup purposes.
• Reservation & transaction history: Retained for up to 7 years to comply with financial and legal obligations.
• Social Fund / Social Card data: Retained while your account is active and for 2 years after closure for dispute resolution.
• AI assistant conversations: Retained for up to 12 months for quality and safety review, then deleted or anonymized.
• Referral contact data (non-registered): Deleted within 60 days if the invited contact does not register.

8 Data Security

We implement industry-standard security measures to protect your information, including:

• Encryption in transit (TLS/HTTPS) and at rest for sensitive data.
• Firebase Authentication with secure token management.
• Access controls limiting who within DINEx can access personal data.
• Regular security reviews and dependency updates.

Despite these measures, no system is completely secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

9 Children's Privacy

DINEx is not directed to children under the age of 13 (or 16 where required by applicable law). We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal data, we will delete it promptly. If you believe a child has submitted data to us, please contact us at the address in Section 14.

10 Your Rights & Choices

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to legal retention obligations.
• Portability: Receive your data in a structured, machine-readable format.
• Opt-Out of Marketing: Unsubscribe from promotional emails at any time via the link in each email or through your account settings.
• Location Data: Withdraw GPS permission at any time through your device settings.
• Account Deletion: Delete your account through the app settings or by contacting us.

To exercise any of these rights, contact us at privacy@getdinex.com. We will respond within 30 days.

11 California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: The categories and specific pieces of personal information we collect, use, disclose, and share — including with third-party analytics providers such as Google via Firebase.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions.
• Right to Correct: Request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information for money. However, we use third-party analytics tools (such as Google Analytics via Firebase) that may constitute "sharing" of personal information under the CCPA/CPRA for cross-context behavioral advertising purposes. You have the right to opt out of this sharing by enabling the Global Privacy Control (GPC) signal in your browser or by contacting us at privacy@getdinex.com.
• Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information for purposes beyond those permitted by the CPRA.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, contact us at privacy@getdinex.com or call us at the number listed in Section 14. We may need to verify your identity before processing your request.

12 Third-Party Links

The Platform may contain links to third-party websites, restaurant pages, or partner services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any external sites you visit.

13 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will notify you via email or a prominent notice on the Platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this page indicates when the most recent revision was made.

Your continued use of DINEx after any changes take effect constitutes your acceptance of the updated Privacy Policy.

14 Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@getdinex.com
• Mailing Address: DINEx, 1111b South Governors Ave, STE 26883, Dover, DE 19904, US

We are committed to resolving privacy concerns promptly and transparently.