Privacy Policy
How AspireCore LLC collects, uses, and protects your data in Servd.
Overview
AspireCore LLC ("we", "us", "our") operates Servd (the "Service"). This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have over it.
We aim to collect the minimum data required to make the Service work, keep it on systems we control where reasonable, and never sell it to third parties for advertising.
Information You Provide
When you create an account or use the Service, you may provide:
- Account info: email, display name, handle, profile photo, bio.
- Home city + cities you frequent (Taste Travels).
- Plate posts: photos, dish names, captions, restaurant tags, flavor reactions, comments.
- Dish ratings + reviews you write.
- Memory queries (natural-language searches like "the lamb taco I had in Mexico City").
- Friend requests + accepted friendships.
- TONIGHT session participation (group restaurant decisions).
- Booking confirmations you log via the post-booking sheet.
Information Collected Automatically
When you use the Service, we automatically collect:
- Device info: device model, OS version, app version, language.
- Approximate location, when you grant the OS permission, used to surface restaurants near you. We do not track your precise location in the background.
- Usage telemetry: feature interactions, error events, performance metrics. Aggregated and stored without personally identifying content; never linked to advertising.
- IP address, used by our cloud infrastructure for security and rate limiting.
How We Use Your Information
We use your information to:
- Provide, operate, and improve core features (your feed, dish ranking, restaurant briefs, friend graph, group decisions, bookings).
- Personalize content based on your taste profile and history.
- Send transactional notifications (friend accepted you, your TONIGHT group made a pick, your booking was confirmed).
- Detect, prevent, and respond to fraud, abuse, security incidents, and violations of our Terms.
- Comply with legal obligations and respond to lawful requests.
Third-Party Services We Use
To provide the Service, we share data with the following processors. Each is bound by a data-processing agreement and only receives the minimum data needed for their function:
- Supabase (database, authentication, storage, edge functions) — hosts your account, plate posts, friendships, and most app data.
- Anthropic (Claude AI) — generates dish recommendations, restaurant briefs, parses your natural-language memories, and analyses food/menu photos you submit to features like Taste DNA, the menu scanner, and the plate scanner. Image data IS transmitted to Anthropic for processing in those features and is discarded by us after the response — only the resulting structured palate axes / dish reads / descriptors are saved. We do not send your raw account identifiers; Anthropic processes the data per its own published terms and policies.
- Apify (web scrapers) — pulls reservation availability + venue data from Resy, OpenTable, Yelp, Instagram, and TikTok. We send venue identifiers and your party-size/datetime; we do not send your account details to scraped third-party sites.
- Google Places — restaurant data + photos + reviews.
- Apple / Google (sign-in providers) — only if you choose to sign in via these.
- Expo / Apple Push (notifications) — for transactional pushes you opt into.
How We Share Your Information
We share your information only as described in this policy. Specifically:
- With other users when you opt in: e.g., your handle + display name + avatar are visible to anyone who can see your plate posts (per your visibility settings); your taste DNA may be used (in aggregate, not exposed) to help your TONIGHT group decisions.
- With service providers (above) under written data-processing agreements.
- In response to valid legal requests (subpoena, court order, government investigation).
- In connection with a business transaction (merger, acquisition, asset sale) — we will notify you and you will have an opportunity to delete your account before any transfer.
- We do NOT sell your personal information for advertising. We do NOT share your taste DNA, plate posts, or memory queries with advertisers.
Your Choices and Controls
You have the following controls:
- Edit profile: change name, handle, bio, home city, cities, photos at any time.
- Plate visibility: choose "public" or "tribe-only" per post.
- Friend control: send, accept, decline, or remove friendships at any time.
- TONIGHT participation: decline an invite at any time; the initiator can cancel a session.
- Notifications: control via the OS permissions or in-app settings.
- Location: revoke OS location permission at any time; you can still use most features but restaurant lists default to a fallback location.
- Account deletion: delete your account and associated data via the in-app data deletion flow (see the "Data Deletion" page).
Your Privacy Rights
Depending on where you live, you may have additional rights under laws like the California Consumer Privacy Act (CCPA), the EU General Data Protection Regulation (GDPR), the UK Data Protection Act, or Canadian PIPEDA, including:
- Right to access — request a copy of the personal information we hold about you.
- Right to correction — request that we fix inaccurate information.
- Right to deletion — request that we delete your data (see Data Deletion).
- Right to portability — request your data in a machine-readable format.
- Right to restrict or object to certain processing.
- Right to withdraw consent for processing that relies on consent.
- Right to lodge a complaint with your local data-protection authority.
Data Retention
We retain your account data for as long as your account is active. When you delete your account, we delete your personal information from our active systems within 30 days, except where retention is required by law (e.g., financial records) or where data has already been de-identified or aggregated for analytics.
Backups containing your data may persist for up to 90 days after deletion; they are not used for any active processing and roll off according to our backup rotation.
Security
We use industry-standard practices to protect your data — encrypted connections (TLS 1.2+), encryption at rest where supported by our cloud providers, scoped access controls, and row-level security on our database. No system is perfectly secure; please use a strong, unique password and notify us immediately at the contact below if you suspect unauthorized access to your account.
Children's Privacy
The Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, contact us and we will delete it.
International Transfers
We are based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States or any country where our service providers operate. By using the Service, you consent to this transfer.
Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be surfaced in the app and the "Last updated" date above will change. We encourage you to review this page periodically.
Contact Us
For privacy questions, requests to exercise rights, or to report a privacy concern, contact us at privacy@aspirecore.com.
AspireCore LLC