Privacy Policy

Last updated: 2026-04-16

Plain text version ↗

This Privacy Policy describes how FairEatsApp LLC ("FairEatsApp," "we," "us," or "our") collects, uses, and protects personal information when you visit faireatsapp.com and join the FairEatsApp waitlist. We have written this in plain English on purpose — the clearer this document is, the more trustworthy we are. If any section is unclear, email hello@faireatsapp.com and we will explain or revise.

This policy covers the waitlist phase of FairEatsApp — the period during which we are collecting signups but not yet delivering food, processing payments, or running a live service. When FairEatsApp launches for real, a new Privacy Policy will be published that covers the live service, and you will be notified in advance.

1. Who we are

FairEatsApp LLC is an Arizona limited liability company building a zero-commission food delivery platform. During the current waitlist phase, we are not yet delivering food or processing payments. We are only collecting signups from people who want to be notified when FairEatsApp launches in their area.

Contact for privacy questions, data access requests, or deletion requests:
Email: hello@faireatsapp.com
Subject line: "Privacy Request"

2. What information we collect

Information you give us directly on the waitlist form

  • Full name
  • Email address
  • Phone number (including country code)
  • ZIP or postal code
  • Country
  • Role selection (customer, driver, or restaurant)
  • Optional referral code if someone shared FairEatsApp with you

Information we compute from what you give us

  • Normalized phone number (stripped of formatting; used to prevent duplicate signups)
  • City, state, and country resolved from your ZIP or postal code using the public zippopotam.us API

Information collected automatically when you submit the form

  • IP address (from your browser's request headers)
  • User agent string (your browser and device type)
  • Timestamp of signup
  • URL parameters (utm_source, utm_medium, utm_campaign, utm_content, utm_term) if present
  • Referral attribution — if you arrived via a referral link, we record which existing waitlist member referred you

Aggregate page-view and performance data (Vercel Analytics and Speed Insights)

We use Vercel Analytics and Vercel Speed Insights — the first-party analytics products built into our hosting provider — to count page views and measure how quickly pages load for real visitors. Both are cookieless: they do not set any cookie in your browser and they do not use a persistent identifier that follows you between visits. Visitors are counted using a short-lived hash that rotates daily and cannot be used to re-identify you on later days or on other websites.

The data collected is limited to:

  • Page URL you visited on faireatsapp.com and the referring URL (if any)
  • Approximate country and region derived from IP at request time (the IP itself is not stored)
  • Device type (desktop / mobile / tablet), operating system, and browser
  • Core Web Vitals performance metrics for the page (LCP, INP, CLS, FCP, TTFB)

Vercel Analytics data is not shared with third parties, is not used for advertising, and is not combinedwith your waitlist record. It is used only to understand which pages people visit and whether the site loads fast enough, so we can improve both. You can read Vercel's public description of the product at vercel.com/docs/analytics/privacy-policy.

Information we do NOT collect

  • We do not collect payment information. There is nothing to pay for during the waitlist phase.
  • We do not collect government IDs, Social Security numbers, or dates of birth.
  • We do not collect precise GPS location. The only location information we process is what your ZIP or postal code resolves to (city/state/country).
  • We do not collect audio, video, photographs, or biometric data.
  • We do not use Google Analytics, Mixpanel, Segment, Amplitude, Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel, PostHog, Heap, Hotjar, or any similar third-party behavioral-analytics or advertising SDK. The only analytics we use is Vercel’s own first-party, cookieless page-view and performance measurement described above.
  • We do not use any advertising SDKs or conversion pixels.
  • We do not track you across other websites or apps.

3. How we use your information

  1. To contact you once FairEatsApp is available in your city, so you can start using the service.
  2. To understand which cities have the most demand, so we can prioritize our launch order.
  3. To prevent fraud and bot signups (via Cloudflare Turnstile, rate limiting, and duplicate detection).
  4. To reply to you if you email us with a question or request.
  5. To comply with legal obligations if we ever receive a valid legal request.

We do NOT use your information for:

  • Targeted advertising of any kind
  • Selling or licensing to data brokers
  • Training machine-learning models
  • Cross-context behavioral profiling
  • Any purpose not listed in this policy

4. Legal basis for processing (EU, UK, and Switzerland visitors)

Under the GDPR, UK GDPR, and the Swiss Federal Act on Data Protection, our lawful basis for processing your information is your consent, given when you submit the waitlist form. You can withdraw consent at any time by emailing hello@faireatsapp.com. Withdrawing consent does not affect the lawfulness of processing that occurred before the withdrawal.

5. Service providers (sub-processors)

We use the following third-party service providers to operate the website and waitlist. Each is bound by its own published privacy terms and we have selected them for their stated privacy posture.

  1. Supabase (supabase.com) — stores your waitlist record. US-hosted Postgres database with row-level security.
  2. Vercel (vercel.com) — hosts the website, runs the serverless functions that process your form submission, and provides first-party Analytics and Speed Insights (page views, referrer, device, and Core Web Vitals). Receives IP address and user agent as part of normal server logs; analytics events are cookieless and use a daily-rotating hash in place of a persistent identifier.
  3. Cloudflare Turnstile (cloudflare.com) — verifies you are a real person, not a bot. Receives your IP address, user agent, and browser fingerprint. Does not see the form field contents.
  4. Upstash (upstash.com) — rate-limits signup attempts per IP address to prevent abuse. Receives only a hashed IP-bucket key, not your form contents.
  5. Resend (resend.com) — used to send transactional email such as waitlist confirmation and launch notifications when we choose to send them. When such email is sent, Resend receives your email address and name only.
  6. Zippopotam.us — resolves your ZIP or postal code to a city name. Receives only the ZIP code, no personal data.
  7. Apple iCloud+ Custom Email Domain — routes inbound email sent to hello@faireatsapp.com or founder@faireatsapp.com through Apple's mail infrastructure to reach the founder's inbox.

We do not sell, rent, lease, or trade your personal information to any third party. We do not share it for cross-context behavioral advertising. We do not use it for targeted ads on other sites.

6. How long we keep your information

We retain your waitlist information for as long as you remain on the waitlist. When FairEatsApp launches in your area:

  • If you proceed to create a live account, your waitlist record becomes part of your active account.
  • If you do not respond to our launch notification within 12 months, we will delete your record.
  • You can request deletion at any time, for any reason, by emailing hello@faireatsapp.com.

Server logs (IP, user agent, timestamps) are retained for up to 90 days for security and abuse investigation, then automatically rotated out.

7. Your rights

Regardless of where you live, you have the right to:

  1. Access — ask us for a copy of the personal information we have about you.
  2. Correction — ask us to fix inaccurate information.
  3. Deletion — ask us to delete your information.
  4. Portability — ask us to send your information to you in a structured, machine-readable format.
  5. Objection — ask us to stop processing your information.
  6. Withdraw consent — withdraw the consent you gave when signing up.
  7. Complain — file a complaint with your local data protection authority if you believe we have mishandled your information.

California residentshave additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know what personal information we have collected, the right to delete, the right to correct, and the right to opt out of "sale" or "sharing" of personal information. We do not sell or share personal information as those terms are defined under CCPA/CPRA. We also honor the Global Privacy Control (GPC) signal.

To exercise any of these rights, email hello@faireatsapp.com with the subject "Privacy Request." We will respond within 30 days.

8. Children's privacy

FairEatsApp is not intended for use by children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has submitted information to the waitlist, email hello@faireatsapp.com and we will delete the record immediately. We comply with the Children's Online Privacy Protection Act (COPPA).

9. International data transfers

FairEatsApp is operated from Arizona, United States. The service providers listed in Section 5 may process your information in the United States or in other countries where they have infrastructure. By joining the waitlist, you acknowledge that your information may be processed outside your country of residence. For visitors in the EU, UK, or Switzerland, we rely on appropriate safeguards published by each service provider (such as Standard Contractual Clauses).

10. Security

We protect your information with:

  1. HTTPS/TLS encryption on every connection to the website.
  2. Row-level security on the database, preventing unauthorized cross-user access.
  3. No storage of credentials or secrets in client-side JavaScript.
  4. Server secrets managed through Vercel's encrypted environment variables.
  5. Rate limiting on all form endpoints.
  6. Bot verification via Cloudflare Turnstile.
  7. Separation of anonymous public keys from service-role secrets.
  8. Timing-safe comparison for every secret verification (PIN, session token, cron token).

No system is 100% secure. If we experience a data breach that affects your information, we will notify you by email and any applicable regulator as required by law.

11. Cookies

We use cookies sparingly and only for functional purposes. See our separate Cookie Policy for the full list. In short: we do not use analytics cookies (our Vercel Analytics integration is cookieless) and we do not use advertising cookies.

12. Changes to this policy

We will update this policy when our practices change. The "Last updated" date at the top of this page is the authoritative version indicator. Material changes will be announced by email to everyone on the waitlist at least 14 days before they take effect.

13. Complaint contact

If you are not satisfied with our response to a privacy request, you have the right to contact the data protection authority in your jurisdiction. For EU residents, a list of authorities is available at edpb.europa.eu/about-edpb/about-edpb/members_en. For California residents, complaints may be directed to the California Privacy Protection Agency at cppa.ca.gov.

FairEatsApp LLC — Arizona, United States
Contact: hello@faireatsapp.com

← Back to FairEatsApp