FoodCreditFoodCredit

Privacy Policy

Last updated: May 8, 2026

This Privacy Policy explains how FoodCredit(“we”, “us”, “our”) collects, uses, discloses, and safeguards your personal information. We are based in Ontario, Canada, and our handling of personal information is governed by the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy law.

1. Information we collect

We may collect, but are not limited to, the following categories of personal information:

  • Account information — your name, email address, phone number (with country code), and a hashed password if you register with email.
  • Optional profile information — fields you may choose to provide from your account settings, such as date of birth and gender. We use this information to personalize offers and promotions, tailor rewards, and produce aggregated consumer analytics for participating restaurants. Providing this information is optional and you may update or remove it at any time.
  • Marketing preferences — your opt-in choices for promotional email and promotional SMS.
  • Loyalty activity — points balances, reward redemptions, gift-card balances and transactions, and your memberships at participating restaurants.
  • Restaurant-staff associations — if you are a staff member at a restaurant, your role and the actions you take in the platform.
  • Authentication data — session cookies needed to keep you signed in, and one-time codes sent to verify your phone number.

We do not currently use third-party analytics or advertising cookies.

2. How we use your information

  • To create and maintain your account;
  • To deliver loyalty, gift-card, and rewards functionality you request;
  • To send transactional messages (verification codes, receipts, account notices);
  • To send promotional email or SMS, only where you have opted in;
  • To prevent fraud, debug issues, and improve the Service;
  • To comply with legal obligations.

3. Service providers (subprocessors)

We share personal information with the following service providers so they can perform services on our behalf. This list reflects the current set of subprocessors; we may add or change providers and will update this Policy when we do.

  • SendGrid (Twilio Inc.) — transactional and promotional email delivery.
  • Twilio — phone-number verification and promotional SMS delivery.
  • Google Gemini — used by restaurant operators to draft promotional message copy. Customer personal information flows to Gemini only when an operator chooses to use this feature with their own API key.

These providers may process information outside Canada (for example, in the United States). We require providers to maintain appropriate safeguards.

4. Marketing messages and consent

Promotional email and promotional SMS are sent only to users who opt in. You can opt out at any time by:

  • Clicking the unsubscribe link in any promotional email;
  • Updating your preferences in your account settings.

5. Your rights

Under PIPEDA you have the right to:

  • Access the personal information we hold about you. Email foodcredit.io@gmail.com to request a copy of your data.
  • Correct inaccurate information. Customers can edit their profile in account settings; for other corrections, contact us.
  • Delete your account. Customer accounts can be deleted self-serve from the “Settings” page in your dashboard; for non-customer accounts, email us. When you delete your account, identifying personal information (such as name, email address, phone number, password, and optional profile fields) is scrubbed and the underlying record is irreversibly anonymized. The anonymized record, together with de-identified loyalty and transaction history, becomes the property of FoodCredit and is retained in our systems for fraud prevention, accounting, dispute resolution, and aggregate analytics. Once anonymized, the record can no longer be associated with you.
  • Withdraw consent for marketing communications at any time, as described above.

6. Retention

We retain personal information for as long as your account is active. When you delete your account, identifying fields are promptly scrubbed and the underlying record is irreversibly anonymized. The anonymized record, including de-identified loyalty and transaction history, is retained by FoodCredit indefinitely for fraud prevention, accounting, dispute resolution, and aggregate analytics, and can no longer be linked back to you.

7. Security

We use industry-standard safeguards, including encrypted transport (HTTPS), hashed passwords, and access controls. No system is perfectly secure; if you suspect unauthorized access to your account, contact us immediately.

8. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us at foodcredit.io@gmail.com and the data will be hard-deleted upon request rather than anonymized — that is, fully removed from our active systems and not retained.

9. Changes to this Policy

We may update this Policy. Material changes will be reflected by a new “Last updated” date and, where appropriate, additional notice.

10. Contact

For privacy questions or to exercise any of the rights above, email foodcredit.io@gmail.com.