Privacy Policy

Effective date: May 21, 2026

Overview

Tavola (“we”, “our”, or “us”) is operated by Peter Pinti. This Privacy Policy explains what personal information we collect when you use the Tavola iOS app and website (tavolaapp.com), how we use it, and your rights regarding that information. We collect only what is necessary to provide the service.

Information we collect

  • Account information — When you sign in with Apple, we receive a unique user identifier. If you choose to share them, we also receive your name and email address. Apple may provide these only on first sign-in.
  • Display name — You may optionally set a display name that is shown to other Tavola users whose lists you join.
  • Saved restaurants — Names, addresses, coordinates, cuisine type, phone, website, your personal notes, tags, star ratings, visited status, and visited dates for places you save.
  • Lists and sharing — List names and the relationships between your account and any lists you own or follow.
  • Device token — If you grant notification permission, we store an Apple Push Notification Service (APNs) token to deliver notifications when someone joins or adds to your shared lists. Tokens are deleted automatically if they become invalid.
  • Location — Used only while the app is open to sort nearby restaurants and display your position on the map. We do not store your location history.

We do not use any third-party analytics or crash-reporting SDKs. We do not collect advertising identifiers, browsing history, or any data not listed above.

How we use your information

  • To authenticate you and sync your data across your devices.
  • To display your saved restaurants and lists within the app.
  • To enable list-sharing features with other Tavola users.
  • To send push notifications about activity on your shared lists (if you opt in).

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described below.

Third-party services

  • Supabase — backend database and authentication (supabase.com). Your data is stored on Supabase servers in the United States.
  • Apple Sign In— authentication. Apple's privacy policy applies to data handled by Apple.
  • Apple MapKit— map display and location services. Apple's privacy policy applies.
  • Google Places API— restaurant search. Search queries (text you type) are sent to Google. Google's privacy policy applies.
  • Apple Push Notification Service (APNs)— used to deliver notifications to your device. Apple's privacy policy applies.

Data retention

We retain your data for as long as your account is active. If you delete your account, all personal data — including your profile, saved restaurants, lists, and device token — is permanently deleted within 30 days. Some information may be retained in backups for up to 90 days, after which it is deleted.

Your rights

Regardless of where you live, you can:

  • Delete your account — from within the app (tap your profile icon → Delete Account). This permanently removes all your data.
  • Request a copy of your data — email us at privacy@tavolaapp.com and we will provide a machine-readable export.
  • Withdraw consent — you can disable push notifications at any time in iOS Settings.

GDPR — European Economic Area users

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, the following applies:

  • Legal basis — We process your data on the basis of contract performance (to provide the service you signed up for) and, where applicable, our legitimate interest in operating and improving the app.
  • Data transfers — Your data is stored on Supabase servers in the United States. Supabase relies on Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the EEA.
  • Your GDPR rights — You have the right to access, rectify, erase, restrict processing of, and port your personal data. You also have the right to object to processing and to lodge a complaint with your local supervisory authority. To exercise these rights, email privacy@tavolaapp.com.

CCPA — California residents

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to know — You may request information about the categories and specific pieces of personal data we have collected about you.
  • Right to delete — You may request deletion of your personal data, subject to certain exceptions.
  • Right to opt out of sale — We do not sell personal information. We do not share personal information for cross-context behavioral advertising.
  • Right to non-discrimination — We will not discriminate against you for exercising your privacy rights.

To exercise your California privacy rights, email privacy@tavolaapp.com with “California Privacy Request” in the subject line. We will respond within 45 days.

Children's privacy

Tavola is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

Security

All data is transmitted over HTTPS. Our database uses row-level security (RLS) to ensure each user can access only their own data. We follow industry-standard security practices and review our security posture regularly.

Changes to this policy

We may update this policy from time to time. Material changes will be reflected by an updated effective date above. Where required by law, we will notify you of changes within the app.

Contact

Questions, data requests, or privacy concerns — email privacy@tavolaapp.com.

Peter Pinti
Tavola App
privacy@tavolaapp.com