Back to BunBun

Privacy Policy

Last updated June 2026 · Bun-Bun v0.1.0

• Email & name — from Google Sign-In. Used to identify your account. Nothing else.
• Dishes you stamp or wishlist — stored so you can access your food journal from any device, and so friends in your buddies can see your recommendations.
• Photos you upload — stored securely and visible only to you and friends you've connected with.
• Outlet location — the address and coordinates of restaurants where you've stamped or wishlisted a dish. Stored as part of each dish record.
• Your location — used in two ways: while the app is open, to show nearby dishes in your feed; and in the background, to alert you when you are within walking distance of a dish on your wishlist or one stamped by someone in your circle. Your coordinates are processed entirely on your device and are never sent to our servers.
• Social media links you parse — the Instagram or YouTube URL you submit. The caption or transcript is processed to extract dish names, then deleted immediately once you approve or cancel the parse job.
• Push notification token — stored when you grant notification permission, used only to send you in-app alerts.
• Friend connections — who you've added to your buddies, and friend requests sent or received.
• Payment records — transaction ID, product purchased, amount, and currency. We do not store card numbers or full payment details.
• Accessibility preference & votes — your mobility assistance setting and outlet accessibility votes. Only aggregate scores are shown publicly; your individual vote is never attributed.

• To provide the app — your food journal, feed, buddies, and parser.
• To show your dishes to friends you've connected with.
• To send you notifications you've consented to — re-stamps, friend requests, and proximity alerts when you are near a wishlisted dish or a buddy's stamp.
• To process payments and maintain your parse credit balance.
• We do not use your data for advertising, profiling, or behavioural targeting.

These services act as data processors on our behalf. They may only use your data to provide their service to us.

• Google Firebase — authentication, database (Firestore), file storage, and push notifications.
• Google Maps & Places — map view, outlet search, and geocoding.
• Anthropic Claude — AI used to extract dish names from social media captions. Caption content is not retained by Anthropic for training.
• Apify — fetches publicly available Instagram Reel captions. Only the URL is sent; no personal data about you is transmitted.
• YouTube Data API — fetches publicly available video descriptions. Only the video ID is sent.
• AWS S3 — secure cloud storage for dish photos you upload.
• Resend — email delivery service used to send friend invitations on your behalf.
• RevenueCat — in-app purchase processing with Apple and Google.

• Account data — kept until you delete your account.
• Social media captions & transcripts — deleted immediately when you approve or cancel your parse job. If a job fails or is left unreviewed, the raw content is automatically deleted within 24 hours. Only the source URL is retained.
• Payment records — retained for 7 years as required by financial regulations.
• Push token — deleted when you opt out, or when your device reports the token as invalid.

Depending on where you live, you have some or all of these rights:

• Access — request a copy of the personal data we hold about you.
• Correct — request correction of inaccurate data.
• Portability — request your data in a machine-readable format.
• Delete — delete your account directly from Profile → Settings → Delete account. All stamps, wishlists, buddy connections, and activity data are permanently removed immediately. You can also delete individual dishes from within the app at any time.
• Opt out of notifications — disable push notifications from Profile → Settings or revoke device permission at any time.
• Limit location use — revoke location permission via device settings at any time. Revoking background location disables proximity alerts but does not affect any other app features.
• Lodge a complaint — if you believe we have handled your data unlawfully, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or the relevant DPA in your country).

To exercise any of these rights, email hello@bunbun.food. We respond within 30 days.

Bun-Bun does not sell, rent, or share your personal information with third parties for their own commercial purposes. This includes compliance with the CCPA and similar laws. To submit a "Do Not Sell or Share" request, email hello@bunbun.food.

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the following Grievance Officer has been appointed:

• Name: Sarita C
• Designation: Founder, Bun-Bun
• Contact: hello@bunbun.food

Complaints will be acknowledged within 24 hours and resolved within 15 days of receipt.

Bun-Bun's designated Copyright Agent is registered with the US Copyright Office (Registration #DMCA-1073675). To submit a copyright takedown notice, email hello@bunbun.food. Full contact details are on file with the US Copyright Office — search the public directory at copyright.gov/dmca-directory.

All data is transmitted over HTTPS. Your photos are stored in access-controlled cloud storage. API access requires authentication on every request. We never log your passwords or payment card details.

Bun-Bun is operated from India. Your data is stored and processed on servers located in the United States, via Google Firebase, Google Cloud, and AWS. These providers maintain Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, which provide an adequate level of protection for personal data transferred internationally.

This policy is governed by the laws of India. California residents have additional rights under the CCPA/CPRA, described in the "Your rights" section above.

This service is not currently directed at residents of the European Union, European Economic Area, or United Kingdom. If you are accessing Bun-Bun from those regions, please do not use the app until we formally extend service there.

Last updated June 2026 · Bun-Bun v0.1.0 · Questions: hello@bunbun.food