Privacy Policy

Last updated: March 20, 2026

CraveMap ("the App") is operated by Amjad Hussein ("I", "me", "my"), an individual developer. This privacy policy explains what data I collect, why I collect it, how I handle it, and your rights regarding your information.

I take your privacy seriously. I only collect what is necessary to make CraveMap work and to improve the experience.

What I Collect and Why

Account Information

To use CraveMap, you must sign in using Apple Sign-In or email and password. When you create an account, I collect:

  • Authentication credentials: Your email address and display name (if provided by your sign-in method) are used to create and manage your account.
  • User identifier: A unique account identifier is generated to associate your saved places with your account.

Content You Submit

  • Social media URLs: When you share an Instagram or TikTok post to CraveMap, the URL is sent to my server to extract restaurant information.
  • Location at submission: If you grant location permission, your approximate location at the time of sharing may be used to improve the accuracy of restaurant identification. This location is not used for tracking.

Information Generated by the App

  • Place data: When you share a post, the App processes it using AI to extract restaurant details — including name, address, coordinates, cuisine type, dish recommendations, and photos. This data is stored so you can access your saves across sessions.
  • Video and audio analysis: If the post contains a video, I may transcribe the audio and analyze the visual content to better understand the restaurant being featured. These outputs are stored alongside the place record.

Device and Usage Data

  • Push notification token: If you enable notifications, a device token is collected to deliver alerts when a new place is saved to your map. You can disable notifications at any time in the App's settings, which removes the token from my server.
  • Usage analytics: I collect anonymized usage data — such as which features you use, how often you open the App, and general interaction patterns — to understand how the App is being used and to improve the experience. This data is not linked to your personal identity.
  • Device information: Basic device information (device model, OS version, app version) may be collected as part of analytics to diagnose issues and ensure compatibility.

On-Device Features

  • Map and location display: CraveMap uses your device location (with your permission) to center the map on your current position. This location data stays on your device and is not sent to my server.
  • Proximity alerts: If enabled, the App can notify you when you are near a saved restaurant. This processing happens entirely on your device — no location tracking data is sent to my server for this feature.

Information I Do Not Collect

  • I do not collect or store your social media credentials or passwords.
  • I do not access your social media followers, following lists, or direct messages.
  • I do not collect advertising identifiers (IDFA).
  • I do not use advertising trackers or sell your data to advertisers.
  • I do not sell your data to anyone, period.

Third-Party Service Providers

To provide the App's functionality, I use third-party service providers for AI processing, data enrichment, cloud infrastructure, and analytics. I only share the minimum data necessary with each provider. None of these services receive your social media credentials or personal identity information beyond what is needed to process your request.

Data Storage and Security

  • Data is stored in an encrypted database hosted in the United States.
  • Media files (photos, video-derived content) are stored in secure cloud storage.
  • All data in transit is encrypted via TLS/HTTPS.
  • Database connections use encrypted channels.
  • All API credentials are stored in a secrets management service — they are never exposed in code or logs.

Data Retention and Deletion

Your data is retained for as long as you maintain an active account. You can:

  • Delete individual places at any time within the App. The place record and associated data are immediately removed.
  • Delete your account through the App's settings. This permanently removes your account, all saved places, and associated data from my server. Your authentication account is also deleted.

After deletion, database backups may retain traces of your data for up to 30 days before being cycled out. Anonymized analytics data collected prior to deletion cannot be retroactively removed, as it is not linked to your identity.

Your Rights

You have the right to:

  • Access your data — all your saved places are visible in the App.
  • Delete your data — delete individual places or your entire account at any time.
  • Know what data I collect — this policy describes everything.
  • Opt out of optional data collection — you can disable push notifications and proximity alerts in the App's settings.

If you are a California resident, you have additional rights under the CCPA. If you are in the EU/EEA, you have rights under the GDPR. In either case, contact me and I will honor your request.

Children's Privacy

CraveMap is not directed at children under 13. I do not knowingly collect personal information from children. If I learn that I have collected data from a child under 13, I will delete it promptly.

Changes to This Policy

I may update this policy from time to time. When I do, I will update the "Last updated" date at the top. If the changes are significant, I will make reasonable efforts to notify you (for example, through an in-app notice).

Contact

If you have questions about this privacy policy or want to exercise your data rights, email me at support@cravemap.app.