Privacy Policy

Last updated: March 8, 2026

1. Introduction

FoodMedals (“we,” “us,” or “our”) operates the website at foodmedals.com (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our Service.

By using the Service, you consent to the data practices described in this policy. If you do not agree with these practices, please do not use the Service.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: When you create an account, we collect your display name, email address, and password (which is stored in hashed form and never in plain text). You may optionally provide your city and state.
  • Medal Picks & Rankings: When you award Gold, Silver, or Bronze medals to restaurants, we store those selections along with your Crown Jewel designation.
  • Restaurant Suggestions: When you suggest a restaurant, we collect the restaurant name, address, city, state, ZIP code, and any optional description you provide.
  • Category Suggestions: When you suggest a new food category, we collect the category name, emoji, and any optional description you provide.
  • Votes: When you vote on community nominations (restaurants or categories), we record your vote.
  • Comments & Highlights: When you add a comment on your Gold Medal pick (a “highlight”), we store the comment text and any photo you upload. Highlights are publicly visible on the restaurant’s page alongside your display name.
  • Photo Uploads: When you upload a photo with a Gold Medal comment, the image is stored in our cloud storage (Supabase). You may remove a photo at any time by editing or deleting your comment.
  • Upvotes: When you upvote another user’s comment or highlight, we record your upvote.
  • Reports: When you report a restaurant’s address as incorrect or report a restaurant as permanently closed, we store your report along with your user ID to prevent duplicate reports.
  • Achievement Data: We track how many categories you have ranked to determine your achievement tier (e.g., Taste Tester, Local Legend, Oracle). Your tier is displayed on your public profile.

2.2 Information from Third-Party Sign-In

We offer sign-in through Google and X (Twitter). When you use one of these providers, we receive your name, email address, and profile picture from that provider. We do not receive or store your password for any third-party service. Each provider’s use of your information is governed by their own privacy policies:

2.3 Information Collected Automatically

  • Browser Geolocation: When you use the “Near Me” feature, your browser may ask for permission to share your location. This location data is used client-side only to filter results by distance and is not transmitted to or stored on our servers. Your approximate location may be cached in your browser’s session storage to improve page load performance; this data is automatically cleared when you close the browser tab.
  • Log Data: Our hosting provider (Vercel) may automatically collect standard server log information such as your IP address, browser type, pages visited, and timestamps. This data is used for operational and security purposes.
  • Cookies: We use a single session cookie to keep you signed in. This is a functional cookie required for authentication and is not used for tracking or advertising purposes. We do not use any third-party analytics, advertising, or tracking cookies.

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Display your public profile, medal picks, rankings, and achievement tier
  • Generate community leaderboards and restaurant scores
  • Display comments, highlights, and photos on restaurant pages
  • Process restaurant and category suggestions, community votes, and upvotes
  • Process address and closure reports to maintain data accuracy
  • Geocode restaurant addresses to enable map and “Near Me” features
  • Maintain the security and integrity of the Service
  • Respond to your requests or inquiries

4. Public Information

Certain information you provide is publicly visible on the Service, including your display name, city, state, profile picture, medal picks, Crown Jewel selections, achievement tier, and any comments or photos you add to your Gold Medal picks. Your email address is never displayed publicly.

5. Third-Party Services

We use the following third-party services to operate the Service:

  • Vercel: Hosts our website and may process server logs. Vercel Privacy Policy
  • Supabase: Hosts our database and file storage (for photo uploads) where account and application data is stored. Supabase Privacy Policy
  • Google OAuth: Provides sign-in functionality. Google Privacy Policy
  • X (Twitter) OAuth: Provides sign-in functionality. X Privacy Policy
  • OpenCage Geocoding: Used to geocode restaurant addresses (convert addresses to map coordinates). When a restaurant is added, its address is sent to OpenCage's Geocoding API. OpenCage Privacy Policy
  • OpenStreetMap: Used to display map tiles on restaurant and profile pages. OpenStreetMap Privacy Policy
  • YouTube API Services: Used to upload and manage ranking videos on YouTube on behalf of the user. Google Privacy Policy
  • Pinterest API: Used to publish ranking video pins to Pinterest on behalf of FoodMedals. No user data is shared with Pinterest. Pinterest Privacy Policy

We do not sell, rent, or share your personal information with any third parties for marketing or advertising purposes.

6. YouTube API Services & Google API Disclosure

FoodMedals uses YouTube API Services to upload and manage ranking videos as requested by the user. Our use of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

FoodMedals only uses YouTube API Services to upload and manage videos as requested by the user. We do not use this data to serve advertisements or share it with third parties for marketing purposes.

Data Retention: FoodMedals does not store YouTube account data on its servers beyond what is necessary to complete the requested video upload. OAuth tokens are stored locally on the user’s device and are not transmitted to FoodMedals servers.

Revoking Access: Users can revoke FoodMedals’ access to their YouTube data at any time via the Google Security Settings page.

By using our YouTube upload features, users are agreeing to be bound by the YouTube Terms of Service.

7. Data Security

We take reasonable measures to protect your personal information, including encrypting passwords with industry-standard hashing (bcrypt), using HTTPS for all data transmission, and restricting access to personal data to authorized personnel only.

However, no method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee its absolute security.

8. Data Retention

We retain your account information for as long as your account remains active. This includes your medal picks, comments, photos, votes, upvotes, and reports. If you wish to delete your account and associated data, please contact us using the information provided below. We will delete your personal data within 30 days of a verified request, except where retention is required by law.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete personal information
  • Delete your personal information
  • Object to processing of your personal information
  • Export your data in a portable format

To exercise any of these rights, please contact us using the information in Section 13 below.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.

11. Children’s Privacy

The Service is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by updating the “Last updated” date at the top of this page. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

FoodMedals
Email: foodmedals@gmail.com