1. Introduction
Magic Meat is committed to protecting your privacy. This policy explains what information we collect, why we collect it, how we use it, and how you can control it.
2. Information We Collect
Personal Information:
Name, phone number, email address, delivery address, and order history collected when you register or place orders.
Location Data:
Approximate or precise location (GPS) when you grant location permission. Used for address auto-complete, nearby vendors, and delivery tracking.
Microphone / Voice:
Only used if you enable voice search. Voice input is processed for the query and is not stored permanently unless you explicitly save recordings.
Uploaded Files:
Images, PDFs, or other files you upload (e.g., product lists, invoices) are stored in Firebase Storage.
Device & Usage Data:
Device model, OS version, app version, crash logs, and performance metrics (anonymous or pseudonymous) used to improve the app.
Payment Data:
Payment tokens and transaction identifiers processed by third-party payment processors (Razorpay / PhonePe). We do NOT store full card numbers, CVV, or UPI PINs.
3. How We Use Your Information
To create and manage your account and user profile.
To process orders, payments and enable delivery tracking.
To provide search, voice search and location-based features.
To communicate order updates, promotions (if opted-in), and important service messages.
To analyze crashes, fix bugs, and improve app performance.
To prevent fraud, maintain security and comply with legal requirements.
4. Sharing of Information
We only share your data with trusted third parties necessary to operate the service:
Google Maps Platform — for maps, geocoding and related services.
Firebase (Google) — for authentication, database, storage and crash analytics.
Payment providers (Razorpay / PhonePe / etc.) — for secure payment processing; we only share payment tokens or transaction IDs, not full card data.
Communication providers (Twilio, WhatsApp API) — for OTPs and transactional messages.
We do NOT sell or rent your personal information to advertisers or any third parties.
5. App Permissions (what we request and why)
INTERNET: Required to communicate with our servers and third-party services.
ACCESS_FINE_LOCATION / ACCESS_COARSE_LOCATION: Required to show nearby vendors, enable address lookup and delivery tracking. Location permission is optional and only requested when the user attempts to use location features.
RECORD_AUDIO: Requested only when you activate voice search in the app. We ask for permission at runtime and provide an explanation before requesting.
POST_NOTIFICATIONS: Used to send order updates and important notifications. Users can opt-out in app settings.
READ_MEDIA_IMAGES / READ_MEDIA_VIDEO (Android 13+) or scoped storage: Used only to let you pick and upload images/videos. We do NOT request deprecated READ/WRITE_EXTERNAL_STORAGE.
Note: We avoid using MANAGE_EXTERNAL_STORAGE and adhere to Android scoped storage requirements.
6. Data Security & Encryption
All data in transit is encrypted using HTTPS/SSL.
Sensitive data at rest is stored securely in Firebase with access controls.
We do not store full payment credentials. Payment processing is handled by PCI-compliant providers.
Access to production data is limited to authorized personnel only.
7. Data Retention & Deletion
We retain user data while your account is active or as required by law.
To request deletion of your account and associated personal data, email: magicmeat45@gmail.com
with subject 'Privacy Request'. We will acknowledge and process deletion within 7–15 business days unless retention is required by law.
8. User Controls & Rights
You can view and edit your profile and account data from the app settings.
You can disable location or microphone access from device settings at any time.
If you are in the EU, you may have rights under GDPR including access, correction, restriction, portability and deletion of your personal data.
For California residents: rights under CCPA/CPRA may apply. Contact magicmeat45@gmail.com
for details.
9. Children's Privacy
This app is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn we have inadvertently collected information from a child under 13, we will delete it.
10. Compliance & Legal
We follow applicable data protection laws including GDPR (EU), CCPA (California) and the Information Technology Act (India).
For payment-related compliance (RBI/PCI), we rely on our payment processors who maintain necessary certifications.
11. Play Console — Data Safety Guidance
When filling Play Console Data Safety section, indicate that the app collects: Location, Contact Info, Financial Info (transaction IDs), Device/Crash Data, and Media (uploads).
Mark data as shared with service providers (Firebase, Google Maps, Payment processors). Mark that data is encrypted in transit.
12. Changes to this Policy
We may update this policy occasionally to reflect changes in services or legal requirements. Significant changes will be notified in-app or by email.
13. Contact Us
Magic Meat
Email: magicmeat45@gmail.com
Subject for deletion requests: 'Privacy Request'