Privacy Policy

Last updated: 2026-04-21

YELLOW.bot is built with a minimal-data philosophy. We do not run third-party analytics, advertising, or tracking. This policy explains exactly what data we collect, why, how long we keep it, and what rights you have.

1. Who controls your data

The data controller under the GDPR is the operator of YELLOW.bot, listed in the Imprint. For any privacy question, write to [email protected].

2. What we collect

2.1 When you just search or browse

• Search queries. The text you enter. Stored to improve matching. Not tied to a user account unless you are logged in.
• Approximate location (kilometer accuracy, via iOS kCLLocationAccuracyKilometer). Only if you grant permission. Used for nearby-search and distance sorting.
• IP address + user agent. Logged transiently for rate-limiting, security, and abuse detection. Retained for at most 30 days, then deleted.

2.2 When you actively take an action

• Menu and offer photos. Transmitted for real-time OCR. We store only the extracted structured content (dishes, prices, restaurant identifiers). The original image is not persisted.
• Business submissions. If you submit your own business, the submitted fields are stored so the listing becomes discoverable.
• Feedback. If you submit a correction or rating, we store the text to improve data quality.
• Name and email address. Only if you voluntarily register for an API key.
• User ID (agent_id). Assigned at API-key registration. Used to authenticate your API calls and enforce tier limits.

2.3 What we do NOT collect

• No third-party analytics (no Firebase, Mixpanel, Amplitude, Segment, PostHog, Plausible)
• No crash-reporting SDKs (no Sentry, Crashlytics, Bugsnag)
• No advertising SDKs, no IDFA, no device fingerprinting, no cross-app tracking
• No access to your contacts, photo library, health data, or financial data
• No cookies beyond strictly-necessary session cookies

3. Legal basis (GDPR Art. 6)

• Performance of a contract (Art. 6(1)(b)) — account data, API usage records, processing menu scans or submissions you initiated.
• Legitimate interest (Art. 6(1)(f)) — rate-limit logs, abuse prevention, aggregated quality analytics on search logs. We have conducted a balancing test and the interference with your interests is minimal.
• Consent (Art. 6(1)(a)) — location access (you can revoke in iOS Settings at any time).

4. How long we keep data

• Request logs (IP + user agent): 30 days, then deleted
• Search query logs (aggregated): 90 days
• Menu scans (extracted content only, no image): indefinite — improves the index for everyone
• Registered API accounts: until you delete the account
• Business submissions: indefinite, unless the business requests removal

5. Service providers we use

We process data only with vendors necessary to run the service. None of them are allowed to use your data for their own purposes.

• Hosting and compute — DigitalOcean (servers in the EU and Singapore)
• Cloud edge / DNS — Cloudflare (request filtering and TLS termination)
• Image OCR / vision — a commercial AI model provider. Images are transmitted for real-time processing and are not retained by the provider after the response.
• Email delivery — a transactional email provider, used only for account-related messages to registered API users.

6. International transfers

Some of our providers may process data outside the EU. Where this applies, transfers rely on the European Commission's Standard Contractual Clauses (SCCs) or equivalent safeguards.

7. Your rights under GDPR

You may, at any time:

• Request access to the data we hold about you (Art. 15)
• Have inaccurate data corrected (Art. 16)
• Have your data deleted (Art. 17) — often called the "right to be forgotten"
• Restrict processing (Art. 18)
• Receive a portable copy of your data (Art. 20)
• Object to processing based on legitimate interest (Art. 21)
• Lodge a complaint with a supervisory authority in your country of residence

To exercise any of these rights, email [email protected]. We respond within 30 days.

8. Security

All traffic is TLS-encrypted. Databases are encrypted at rest. Access is restricted to the core engineering team using individual credentials with audit logging.

9. Children

YELLOW.bot is not directed at children under 13 (or under 16 in the EU). We do not knowingly collect data from children. If you believe we have inadvertently collected data from a child, email us and we will delete it.

10. Changes to this policy

We will post material updates on this page and notify registered API users via email. The "Last updated" date above always reflects the current version. Archived versions are available on request.

11. Contact

Questions, requests, or complaints: [email protected].