T4Taste

Privacy Policy

Last updated: 2026-06-10

1. Who we are

T4Taste is operated by Jinyan Liu, an individual residing in France. References to "we," "us," or "T4Taste" mean Jinyan Liu acting as the data controller for the iOS application T4Taste and the website t4taste.app.

You can reach us about anything in this policy at contact@t4taste.app.

2. Data we collect and why

We collect only what we need to make the app work. The categories below mirror the App Store privacy nutrition label declarations in our `PrivacyInfo.xcprivacy` manifest.

  • Precise location ("Location" — not linked to identity) — used while the app is open to find restaurants near you and to show your position on the map. Legal basis: your consent given through the iOS location prompt. Not retained on our servers.
  • Account identifier ("User ID" — linked) — Firebase UID created when you sign in with Apple or Google. Used to associate your subscription tier and synced favourites with your account. Legal basis: performance of the contract.
  • Device identifier ("Device ID" — not linked) — random per-install identifier used to enforce free-tier usage limits. Legal basis: legitimate interest in preventing abuse.
  • Purchase history ("Purchase History" — linked) — records of your subscription tier and renewal status, sourced from Apple StoreKit. Legal basis: performance of the contract.
  • Usage data ("Product Interaction" — linked) — aggregated per-account counters (API calls, model used, weekly and Trial lifetime quota consumption). Used to enforce limits, monitor for abuse, and improve product quality. Apple-declared purposes: App Functionality + Analytics. Legal basis: performance of the contract + legitimate interest.
  • Search history ("Search History" — not linked) — your chat messages and restaurant queries, stored locally on your device. Synced across your devices via iCloud if iCloud is enabled. Search and chat requests are relayed through our backend to fetch results (see §4) but are not stored in any cloud database controlled by us. Legal basis: performance of the contract.
  • Favourites ("Other User Content" — linked) — list of restaurants you saved, stored in Apple's CloudKit private database under your Apple ID. Only Apple has technical access to this data; we cannot read it. Legal basis: performance of the contract.

3. Microphone and speech recognition

Voice input is optional. When you tap and hold the voice button, the app captures audio from the microphone and passes it to Apple's Speech Recognition framework, which converts it to text. Depending on your iOS settings (Settings → General → Keyboard → Dictation), Apple performs this transcription either on-device or by sending the audio to Apple's servers — that processing is governed by Apple's privacy policy.

T4Taste does not record, store, or transmit raw audio to our servers or to any third party. Once the transcription is complete, the resulting text is treated like any text you typed: it joins the chat conversation and is sent to the LLM provider you have configured (see §4). Legal basis: your consent given through the iOS microphone prompt.

4. Third-party services and processors

We use the following providers to deliver T4Taste's features. Each is bound by its own privacy commitments; we encourage you to read theirs.

  • Apple Inc. — App Store payments (StoreKit), Sign in with Apple, iCloud / CloudKit for syncing favourites, Speech Recognition framework, and the optional on-device Foundation Models framework (which runs locally on iOS 26+ with Apple Intelligence and does not transmit content to us or to Apple). https://www.apple.com/legal/privacy/
  • Google LLC — Google Maps Platform (Places API for restaurant search and place data), Firebase Authentication, Sign-in with Google, and Google Cloud (which hosts our usage-enforcement backend; see below). Search queries (cuisine, location) and coordinates are sent to Google's Places API. https://policies.google.com/privacy
  • OpenAI L.L.C. — your chat content (text, voice transcripts, and prior turns of the conversation) is sent to OpenAI to generate the model's response. OpenAI is the sole network LLM provider used by T4Taste in App Store releases. https://openai.com/policies/privacy-policy
  • Apple Foundation Models — on iOS 26+ devices with Apple Intelligence, lightweight tasks (e.g. intent classification, short rewrites) may run on-device using Apple's Foundation Models framework. No content is transmitted off the device for this processing.
  • Pre-release builds only (Debug / TestFlight) — these builds expose an internal AI Provider picker that lets the development team and invited testers benchmark alternative LLM providers. App Store users cannot reach this picker. The full list, jurisdictions, and the corresponding legal basis are described in §5 below.
  • T4Taste usage-enforcement backend — operated by us (Jinyan Liu), deployed on Google Cloud Platform in the europe-west region (EU). The app's AI and place-data requests are relayed through this backend, which authenticates them and applies quota limits. It processes your account identifier, device-attestation token, subscription tier, basic app metadata (such as app version), and aggregated request counters, and forwards your chat content to OpenAI and your place searches to Google without storing them. Place-data responses may be cached briefly to reduce repeated third-party calls. Legal basis: performance of the contract + legitimate interest.
  • Vercel Inc. — hosting for the t4taste.app website and cookieless privacy-friendly analytics (no personal data, no IP tracking, no consent banner required). https://vercel.com/legal/privacy-policy

5. LLM provider

In App Store releases of T4Taste, your chat content (text, voice transcripts, and prior turns of the conversation) is sent to a single network LLM provider: OpenAI L.L.C. (United States). https://openai.com/policies/privacy-policy

Additionally, on iOS 26+ devices with Apple Intelligence, certain lightweight tasks may run on-device using Apple's Foundation Models framework. That processing happens locally and no content leaves your device.

There is no in-app provider picker in App Store builds. The Settings screen does not expose a way to change LLM providers.

Pre-release builds (Debug / TestFlight). To evaluate alternative models before any future production rollout, our internal Debug and TestFlight builds include an "AI Provider" picker that is restricted to the development team and to invited testers. If you are a TestFlight tester and you explicitly select a non-default provider in that picker, your chat content for that session is transmitted to the provider's jurisdiction. This selection constitutes your explicit consent under GDPR art. 49(1)(a) for the corresponding data transfer; you can switch back to OpenAI at any time. The providers reachable from the pre-release picker are:

  • Google (Gemini) — United States. https://policies.google.com/privacy
  • DeepSeek — China.
  • Doubao (ByteDance Ark) — China.
  • Kimi (Moonshot AI) — China.
  • Qwen (Alibaba DashScope, international endpoint) — China.
  • GLM (Zhipu AI) — China.
  • MiniMax — China.
  • None of the alternative providers above is reachable from the public App Store build. The People's Republic of China has not been the subject of an EU adequacy decision; data transferred there does not benefit from the same statutory protections as in the EU, which is why this option is gated to opt-in pre-release testing only.

6. Device attestation

To prevent abuse of paid-tier features by tampered or emulated clients, the app generates a device-attestation token using Apple's App Attest framework and sends it to our usage-enforcement backend with each privileged request. The token is bound to your device and the app instance; it is not a tracking identifier and cannot be used to identify you across apps. Legal basis: legitimate interest in preventing fraud and abuse.

7. International data transfers

Some of our processors operate in jurisdictions outside the European Economic Area:

  • United States — Apple, Google, OpenAI, Vercel. Transfers rely on Standard Contractual Clauses adopted by the European Commission and, where applicable, the EU-U.S. Data Privacy Framework.
  • China — only applicable to TestFlight participants who explicitly select a China-based provider in the pre-release AI Provider picker (see §5). Because no EU adequacy decision exists for China, those transfers rely on the participant's explicit consent expressed through the in-app picker. App Store users are never subject to this transfer because the picker is not present in production builds.
  • Our usage-enforcement backend is hosted in the EU (Google Cloud europe-west region) — no transfer outside the EEA occurs for that processing.

8. How long we keep your data

Different categories of data have different retention windows.

  • Chat history and search queries — kept on your device until you delete them. Synced to iCloud only if iCloud is enabled.
  • Favourites — kept in your iCloud private database until you delete them in-app.
  • Account data (Firebase UID, subscription state, usage counters in our backend) — kept while your account is active. When you delete your account in the app, all server-side records are removed within 30 days.
  • Weekly usage counters — reset on their rolling 7-day window; not retained beyond the current window. Trial lifetime allowances are kept while your account exists.
  • Backend operational logs (errors, abuse detection) — anonymised where possible and retained no longer than 90 days.
  • LLM provider retention is governed by each provider's own policy; we do not store the content of your prompts on our servers.

9. Your rights under GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

  • Access — request a copy of the personal data we hold about you.
  • Rectification — ask us to correct data that is inaccurate.
  • Erasure — ask us to delete your account and associated data. The fastest way is the in-app Delete Account flow; you may also email us.
  • Restriction — ask us to pause processing while a dispute is resolved.
  • Portability — receive your data in a structured, machine-readable format.
  • Objection — object to processing based on legitimate interest.
  • Withdraw consent — for any data processing based on consent (precise location, microphone, and — in pre-release builds only — voluntary selection of a non-default LLM provider), you may withdraw consent at any time without affecting prior lawful processing.

10. Right to lodge a complaint

If you believe we have mishandled your data, you may file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, at www.cnil.fr. You may also contact your own national supervisory authority.

11. Automated decision-making and profiling

T4Taste uses AI to rank and explain restaurant suggestions. These are advisory recommendations; they do not produce legal effects or similarly significant effects on you, and you are not subject to any automated decision-making within the meaning of GDPR art. 22.

12. Data Protection Officer

Given the small scale of our processing and the absence of special-category data processed at scale, we are not required to appoint a Data Protection Officer under GDPR art. 37. For any privacy question you may contact us directly at contact@t4taste.app.

13. Children

T4Taste is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us so we can delete the data.

14. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the last update. Material changes will be communicated through the app or by email if we have one for you.

15. Contact

For any privacy question, write to contact@t4taste.app. We aim to respond within 30 days of receiving a request, as required by GDPR.