Privacy Policy

Last updated: April 24, 2026

1. Information We Collect

Through the website (newsletter signup):

• Email address and city of residence

Through the mobile app (Meal Steals on iOS/Android):

• A pseudonymous push notification token (so we can deliver deal alerts). We do not collect names, emails, or device identifiers like IDFA.
• App usage events such as deals viewed, taps, redemption attempts, errors, and session length. These are aggregated in Firebase Analytics and are not tied to your real identity.
• Install source / referral attribution: when you open the app from a link that contains utm_source, utm_medium, utm_campaign, utm_content, or utm_term parameters (for example from a press article or shared deal link), we record those values to understand which channels drive installs. We only forward those UTM parameters to our analytics. The full referring URL may be stored temporarily on your device for debugging and is not transmitted.
• Locally stored preferences (theme, hidden restaurants, session counts). These stay on your device unless surfaced via the analytics events above.

For Apple and Google store disclosures of app-collected data, the categories are: Identifiers (push token), Usage Data (analytics events), and App Diagnostics (errors). Contact Info (email) is collected only via the website newsletter signup form, not within the app.

2. How We Use Your Information

We use this information to send you deal notifications, improve the app, measure marketing effectiveness, and diagnose errors. We do not sell your personal information, and we do not share it for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA).

3. Third-Party Services

Website:

• Firebase (Google) for data storage. Privacy Policy
• Google Analytics for website analytics. Privacy Policy
• Postmark for newsletter email delivery. Privacy Policy

Mobile app:

• Firebase (Google) for data storage, notifications, and analytics (Firebase Analytics). Privacy Policy
• Expo Push Service for notification delivery. Privacy Policy

4. Data Retention

Push tokens are retained until you disable notifications, uninstall the app, or we detect the token as inactive. Uninstalls are not signaled to us directly; inactive tokens are purged periodically. Firebase Analytics events are retained per Google's default retention window (currently 14 months). Aggregated, non-identifying analytics may be retained indefinitely.

5. Your Choices

You can disable notifications in iOS/Android settings to stop push delivery and remove your token. California residents have the right to know, delete, correct, and opt out of sale/sharing of their personal information, and to be free from discrimination for exercising these rights. To exercise any of these rights, email hello@mealsteals.co and include your push token (Settings then About in the app) so we can locate your device record.

6. Data Security

We implement reasonable security measures to protect your personal information. However, no method of transmission over the Internet or electronic storage is 100% secure.

7. Age

Meal Steals is intended for users 18 and older. If we learn that a user is under 18, we will delete their data. If you believe a minor has provided us data, email us and we will delete it.

8. Changes to This Privacy Policy

We will update the "Last updated" date at the top of this policy for any change. For material changes, we will also post an in-app notice before the change takes effect.

9. Contact Us

If you have any questions about this Privacy Policy, please contact us at hello@mealsteals.co