Privacy Policy

Last updated: March 14, 2026

BiteRunr ("we", "us", or "our") operates the BiteRunr mobile application (the "App"). This Privacy Policy explains how we collect, use, and protect your personal information when you use our App.

1. Information We Collect

Account Information

When you create an account, we collect your email address, first name, last name, and an optional profile picture. You may also sign in using Google or GitHub, in which case we receive basic profile information from those providers.

Order & Payment Data

We collect information about the group food orders you create or join, including item selections, quantities, prices, and order comments. Payment processing is handled by Stripe. We store your Stripe customer ID and payment transaction records but do not store your full credit card number — that is handled entirely by Stripe in accordance with PCI-DSS standards.

Payout Information

If you act as a runner and receive payouts, we use Stripe Connect to facilitate transfers. Stripe collects and manages your bank account or debit card details directly. We store your Stripe Connect account ID and payout status.

Social Features

We store your friend connections and friend requests within the App. Other users can search for you by name or email to send friend requests.

Device & Push Notifications

If you enable push notifications, we store your device push token to send you notifications about order updates, friend requests, and payment activity. You can disable notifications at any time in your device settings.

Camera & Photos

The App may request access to your camera to scan QR codes for joining group orders, and access to your photo library to set a profile picture. You may also take photos of receipts for price verification. Receipt images and related order text may be sent to AI processing providers to parse receipt lines or organize order summaries, and we do not keep receipt images as permanent storage.

2. How We Use Your Information

  • To create and manage your account
  • To facilitate group food orders and split payments
  • To process payments and runner payouts via Stripe
  • To send you push notifications about order and payment activity
  • To enable social features such as friend connections
  • To send transactional emails (sign-in codes, email verification, password resets)
  • To parse receipt images and structure order text

3. Third-Party Services

We use the following third-party services to operate the App:

  • Stripe — Payment processing and runner payouts. Stripe processes your payment card and bank account information under its own privacy policy.
  • Convex — Backend infrastructure and database hosting for app data.
  • Resend — Transactional email delivery (sign-in codes, verification emails).
  • OpenRouter and model providers — AI-assisted receipt parsing and order summarization. Receipt images and related order text are sent only for processing.
  • Expo — Push notification delivery.

4. Data We Do Not Collect

  • We do not collect GPS location data or track your physical location.
  • We do not use analytics or advertising tracking SDKs (no Google Analytics, no ad identifiers).
  • We do not sell your personal data to third parties.

5. Data Retention

We retain your account and order data for as long as your account is active. Receipt images are deleted immediately after processing. Email verification codes expire after 10 minutes. Order invite codes expire after 24 hours. If you delete your account, we will remove your personal data from our systems.

6. Data Security

We take reasonable measures to protect your information, including encrypted communications (HTTPS), secure webhook signature verification, and secure token-based authentication. Payment data is handled by Stripe, which is PCI-DSS compliant.

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and personal data
  • Withdraw consent for push notifications at any time

8. Children's Privacy

The App is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us so we can delete it.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes through the App or by email. Your continued use of the App after changes constitutes acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at support@biterunr.com.