Privacy Policy

1. Who we are

T4Taste is operated by Jinyan Liu, an individual residing in France. References to "we," "us," or "T4Taste" mean Jinyan Liu acting as the data controller for the iOS application T4Taste and the website t4taste.app.

You can reach us about anything in this policy at contact@t4taste.app.

2. Data we collect and why

We collect only what we need to make the app work. The categories below mirror the App Store privacy nutrition label declarations in our `PrivacyInfo.xcprivacy` manifest.

• Precise location ("Location" — not linked to identity) — used while the app is open to find restaurants near you and to show your position on the map. Legal basis: your consent given through the iOS location prompt. Not retained on our servers.
• Account identifier ("User ID" — linked) — Firebase UID created when you sign in with Apple or Google. Used to associate your subscription tier and synced favourites with your account. Legal basis: performance of the contract.
• Device identifier ("Device ID" — not linked) — random per-install identifier used to enforce free-tier usage limits. Legal basis: legitimate interest in preventing abuse.
• Purchase history ("Purchase History" — linked) — records of your subscription tier and renewal status, sourced from Apple StoreKit. Legal basis: performance of the contract.
• Usage data ("Product Interaction" — linked) — aggregated per-account counters (API calls, model used, daily / weekly quota consumption). Used to enforce limits, monitor for abuse, and improve product quality. Apple-declared purposes: App Functionality + Analytics. Legal basis: performance of the contract + legitimate interest.
• Search history ("Search History" — not linked) — your chat messages and restaurant queries, stored locally on your device. Synced across your devices via iCloud if iCloud is enabled. Not stored in any cloud database controlled by us. Legal basis: performance of the contract.
• Favourites ("Other User Content" — linked) — list of restaurants you saved, stored in Apple's CloudKit private database under your Apple ID. Only Apple has technical access to this data; we cannot read it. Legal basis: performance of the contract.

3. Microphone and speech recognition

Voice input is optional. When you tap and hold the voice button, the app captures audio from the microphone and passes it to Apple's Speech Recognition framework, which converts it to text. Depending on your iOS settings (Settings → General → Keyboard → Dictation), Apple performs this transcription either on-device or by sending the audio to Apple's servers — that processing is governed by Apple's privacy policy.

T4Taste does not record, store, or transmit raw audio to our servers or to any third party. Once the transcription is complete, the resulting text is treated like any text you typed: it joins the chat conversation and is sent to the LLM provider you have configured (see §4). Legal basis: your consent given through the iOS microphone prompt.

4. Third-party services and processors

We use the following providers to deliver T4Taste's features. Each is bound by its own privacy commitments; we encourage you to read theirs.

• Apple Inc. — App Store payments (StoreKit), Sign in with Apple, iCloud / CloudKit for syncing favourites, Speech Recognition framework, and the optional on-device Foundation Models framework (which runs locally on iOS 26+ with Apple Intelligence and does not transmit content to us or to Apple). https://www.apple.com/legal/privacy/
• Google LLC — Google Maps Platform (Places API for restaurant search and place data), Firebase Authentication, Sign-in with Google, and Google Cloud (which hosts our usage-enforcement backend; see below). Search queries (cuisine, location) and coordinates are sent to Google's Places API. https://policies.google.com/privacy
• LLM providers — your chat content is sent to the model you have selected in Settings → AI Provider. The default is OpenAI; the full list and jurisdictional notes are in §5 below.
• T4Taste usage-enforcement backend — operated by us (Jinyan Liu), deployed on Google Cloud Platform in the europe-west region (EU). Receives your account identifier, device-attestation token, subscription tier, and aggregated request counters in order to apply quota limits and detect abuse. Does not store your chat content. Legal basis: performance of the contract + legitimate interest.
• Vercel Inc. — hosting for the t4taste.app website and cookieless privacy-friendly analytics (no personal data, no IP tracking, no consent banner required). https://vercel.com/legal/privacy-policy

5. LLM providers and your choice

T4Taste lets you choose which language-model provider processes your chat conversations. Your chat content (text, voice transcripts, and prior turns of the conversation) is transmitted to the provider you select. Switching to a non-default provider in Settings constitutes your explicit consent under GDPR art. 49(1)(a) for transferring that data to the provider's jurisdiction. The supported providers are:

• OpenAI L.L.C. — United States. Default. https://openai.com/policies/privacy-policy
• Google (Gemini) — United States. https://policies.google.com/privacy
• Apple Foundation Models — on-device only, content never leaves your iPhone (gated on iOS 26+ with Apple Intelligence).
• DeepSeek — China.
• Doubao (ByteDance Ark) — China.
• Kimi (Moonshot AI) — China.
• Qwen (Alibaba DashScope, international endpoint) — China.
• GLM (Zhipu AI) — China.
• MiniMax — China.
• When you select a China-based provider, please be aware that the People's Republic of China has not been the subject of an EU adequacy decision; data transferred there does not benefit from the same statutory protections as in the EU. Your in-app selection serves as the explicit consent required under GDPR. You may switch back to OpenAI or to Apple Foundation Models at any time.

6. Device attestation

To prevent abuse of paid-tier features by tampered or emulated clients, the app generates a device-attestation token using Apple's App Attest framework and sends it to our usage-enforcement backend with each privileged request. The token is bound to your device and the app instance; it is not a tracking identifier and cannot be used to identify you across apps. Legal basis: legitimate interest in preventing fraud and abuse.

7. International data transfers

Some of our processors operate in jurisdictions outside the European Economic Area:

• United States — Apple, Google, OpenAI, Vercel. Transfers rely on Standard Contractual Clauses adopted by the European Commission and, where applicable, the EU-U.S. Data Privacy Framework.
• China — the optional LLM providers listed in §5. Because no EU adequacy decision exists for China, transfers to these providers depend on your explicit consent expressed by selecting them in the in-app provider picker.
• Our usage-enforcement backend is hosted in the EU (Google Cloud europe-west region) — no transfer outside the EEA occurs for that processing.

8. How long we keep your data

Different categories of data have different retention windows.

• Chat history and search queries — kept on your device until you delete them. Synced to iCloud only if iCloud is enabled.
• Favourites — kept in your iCloud private database until you delete them in-app.
• Account data (Firebase UID, subscription state, usage counters in our backend) — kept while your account is active. When you delete your account in the app, all server-side records are removed within 30 days.
• Daily and weekly usage counters — reset on their respective rolling windows; not retained beyond the current window.
• Backend operational logs (errors, abuse detection) — anonymised where possible and retained no longer than 90 days.
• LLM provider retention is governed by each provider's own policy; we do not store the content of your prompts on our servers.

9. Your rights under GDPR

If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the following rights under the General Data Protection Regulation:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct data that is inaccurate.
• Erasure — ask us to delete your account and associated data. The fastest way is the in-app Delete Account flow; you may also email us.
• Restriction — ask us to pause processing while a dispute is resolved.
• Portability — receive your data in a structured, machine-readable format.
• Objection — object to processing based on legitimate interest.
• Withdraw consent — for any data processing based on consent (precise location, microphone, voluntary selection of a non-default LLM provider), you may withdraw consent at any time without affecting prior lawful processing.

10. Right to lodge a complaint

If you believe we have mishandled your data, you may file a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, at www.cnil.fr. You may also contact your own national supervisory authority.

11. Automated decision-making and profiling

T4Taste uses AI to rank and explain restaurant suggestions. These are advisory recommendations; they do not produce legal effects or similarly significant effects on you, and you are not subject to any automated decision-making within the meaning of GDPR art. 22.

12. Data Protection Officer

Given the small scale of our processing and the absence of special-category data processed at scale, we are not required to appoint a Data Protection Officer under GDPR art. 37. For any privacy question you may contact us directly at contact@t4taste.app.

13. Children

T4Taste is not directed at children under 16. We do not knowingly collect personal data from children. If you believe we have, please contact us so we can delete the data.

14. Changes to this policy

We may update this policy from time to time. The date at the top of this page reflects the last update. Material changes will be communicated through the app or by email if we have one for you.

15. Contact

For any privacy question, write to contact@t4taste.app. We aim to respond within 30 days of receiving a request, as required by GDPR.