Privacy Policy
Contents
Section 1
Who we are
Vegigo (“we”, “us”, or “our”) is a vegetarian and vegan restaurant discovery platform operated by the Vegigo team. Our mobile application (iOS and Android) and website (vegigo.app) enable users to discover, review, and community-verify dietary information for restaurants across Singapore, Indonesia, and Malaysia.
This Privacy Policy explains how we collect, use, store, and share information when you use the Vegigo mobile application or website. By using Vegigo, you agree to the practices described here.
Contact: appvegigo@gmail.com
Section 2
Data we collect
2.1 Account and profile data
When you create an account we collect:
- Email address (used for authentication)
- Display name and profile photo (optional, set by you)
- Dietary preferences you select during onboarding (e.g., vegan, Jain, gluten-free)
- Account creation date and login timestamps
2.2 User-generated content
When you actively use Vegigo, we store:
- Posts you create, including photos and captions
- Comments you write on posts
- Restaurant reviews and ratings
- Dietary tag verifications and disputes you submit
- Restaurants you add to the platform
- Accounts you follow and accounts that follow you
2.3 Gamification and activity data
To power our community trust system, we record points you earn, your trust score, your contribution history, and your level and badges.
2.4 Device and usage data
We automatically collect limited technical information to operate and improve the service:
- Device type, operating system version
- App version
- Crash reports and error logs
- General usage patterns (screens visited, features used) — collected in aggregate, not linked to your identity
2.5 Location data
The app requests your device location only to show nearby restaurants. Location is processed on-device for the search query and is not stored on our servers or shared with third parties. You can deny location permission and use Vegigo by searching manually.
2.6 Data you do not provide
We do not collect payment information, government IDs, or sensitive personal data such as health records.
Section 3
How we use your data
| Purpose | Data used | Legal basis |
|---|---|---|
| Provide and operate the app (authentication, feed, search) | Account data, content, activity | Contract (Terms of Service) |
| Display your profile and contributions to other users | Display name, photo, posts, verifications | Contract |
| Calculate trust scores and award points | Verification history, activity data | Contract / Legitimate interest |
| Send transactional notifications (e.g., new follower, comment reply) | Email, push token | Contract / Consent |
| Improve the service (analytics, debugging) | Crash logs, aggregated usage | Legitimate interest |
| Detect and prevent abuse, spam, and fraud | Account data, content, usage patterns | Legitimate interest / Legal obligation |
| Comply with applicable laws | As required by law | Legal obligation |
We do not use your data for targeted advertising, and we do not sell your data to any third party.
Section 4
Third-party services
Vegigo is built on these infrastructure providers. Each acts as a data processor under our instructions:
Google Firebase (Google LLC)
- Firebase Authentication — manages account creation and sign-in. Google stores your email and authentication tokens.
- Cloud Firestore — our primary database. Stores your profile, posts, verifications, and other app content.
- Firebase Storage — stores photos you upload (posts, profile picture).
Google processes this data in accordance with its Firebase Privacy and Security documentation. Data is stored in Google Cloud data centres, which may be located outside your country.
Vercel Inc.
Our API server runs on Vercel's cloud platform. Vercel may process request metadata (IP addresses, request headers) for up to 30 days as part of standard log retention. See Vercel's Privacy Policy.
Section 5
Data sharing and disclosure
Publicly visible content
The following information is visible to all Vegigo users by default: your display name, profile photo, posts, comments, restaurant verifications, trust score, and contribution count. Other users can search for and view your public profile.
We do not sell your data
We never sell, rent, or trade your personal data to any third party for commercial purposes.
Legal requirements
We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Vegigo, our users, or the public.
Business transfers
If Vegigo is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
Section 6
Data retention
We retain your personal data for as long as your account is active or as needed to provide the service. Specific retention periods:
- Account data — retained until you delete your account.
- Posts, reviews, verifications — retained until you delete the content or your account. Deleted posts are removed within 30 days from all systems.
- Server logs — retained for up to 30 days, then deleted.
- Crash and error logs — retained for up to 90 days.
After account deletion, anonymised aggregate statistics (e.g., total verification counts that contributed to a restaurant's score) may be retained indefinitely as they can no longer be linked to you.
Section 7
Your rights
Depending on where you live, you may have the following rights regarding your personal data. To exercise any of these rights, contact us at appvegigo@gmail.com. We will respond within 30 days.
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you. |
| Correction | Ask us to correct inaccurate or incomplete data. |
| Deletion | Request deletion of your account and personal data. We will action this within 30 days. |
| Portability | Receive your data in a structured, machine-readable format. |
| Objection | Object to processing based on legitimate interests. |
| Withdraw consent | Where processing is based on consent (e.g., push notifications), you may withdraw at any time via device settings. |
These rights apply under the EU General Data Protection Regulation (GDPR), Singapore Personal Data Protection Act (PDPA), and equivalent laws in Indonesia and Malaysia.
Section 8
Children's privacy
Vegigo is not directed to children under the age of 13, and we do not knowingly collect personal data from children under 13. If we become aware that we have inadvertently collected data from a child under 13, we will delete that information as soon as possible.
If you are a parent or guardian and believe your child has provided us with personal data, please contact us at appvegigo@gmail.com.
Section 9
Security
We take reasonable technical and organisational measures to protect your data, including:
- All data in transit is encrypted using TLS 1.2 or higher.
- Firebase Security Rules restrict read and write access so users can only access data they are authorised to see.
- Our API requires a valid Firebase ID token (JWT) for every authenticated request.
- Sensitive fields (trust scores, points, roles) are write-protected server-side and cannot be modified directly by the mobile client.
- Firebase Admin credentials are stored as environment secrets, not in source code.
No method of transmission or storage is 100% secure. If you discover a security vulnerability, please report it responsibly to appvegigo@gmail.com before disclosing it publicly.
Section 10
International data transfers
Your data is stored on Google Cloud infrastructure and Vercel servers, which operate data centres globally (including the United States and Singapore). By using Vegigo, you consent to your data being transferred to and processed in these locations.
Google Firebase adheres to the EU–US Data Privacy Framework and maintains standard contractual clauses for international transfers. We rely on these same mechanisms for data transfers involving your information.
Section 11
Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where required by law, notify you via email or in-app notice.
Your continued use of Vegigo after changes are posted constitutes acceptance of the updated policy. If you disagree with the changes, please stop using the app and contact us to delete your account.
Section 12
Contact us
For any questions, data requests, or privacy concerns, please contact us:
We aim to respond to all requests within 30 days. If you are located in the EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.