Privacy Policy
Last updated: May 17, 2026
This Privacy Policy explains what information we collect when you use the TiffnBox mobile application ("App"), how we use it, and your rights regarding
that information. By using the App you agree to this policy.
---
1. Information We Collect
Account & Profile Information
- Email address – used to create and secure your account.
- Username – your public display name in the App.
- Profile photo – optionally uploaded by you; stored in Firebase Storage.
Location Information
When you grant permission, the App collects your device's GPS coordinates to:
- Display nearby tiffns and food spots on a map.
- Detect your current city for relevant recommendations.
- Record the location of places you visit (stored as part of your activity history).
Location is collected only while the App is in the foreground. You can revoke this permission at any time in your
device settings; some features will be unavailable without it. City names are resolved using OpenStreetMap's Nominatim
reverse-geocoding service.
Activity & Social Data
- Places you visit and the timestamps of those visits.
- Friends you connect with and shared visit history.
- Your Tiffns (personal food collections) and preference categories.
- Bite Points score (derived from your activity, used for an in-app leaderboard).
Device & Technical Information
- Push notification token (to deliver in-app notifications via Expo Notifications / Notifee).
- Crash reports and diagnostic data collected automatically by Firebase Crashlytics.
---
2. How We Use Your Information
┌────────────────────────────────────────────────────────────────────────┬────────────────────────────────────────┐
│ Purpose │ Data used │
├────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────┤
│ Providing core app features (maps, recommendations, activity tracking) │ Location, activity, profile │
├────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────┤
│ Displaying your profile and leaderboard position to friends │ Username, photo, Bite Points │
├────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────┤
│ Sending friend requests and activity notifications │ Push token, social data │
├────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────┤
│ Detecting your city for localised content │ GPS coordinates (not stored raw) │
├────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────┤
│ Diagnosing crashes and fixing bugs │ Crash reports (anonymised device info) │
├────────────────────────────────────────────────────────────────────────┼────────────────────────────────────────┤
│ Account authentication and security │ Email, password hash │
└────────────────────────────────────────────────────────────────────────┴────────────────────────────────────────┘
We do not sell your data, use it for advertising, or share it with data brokers.
---
3. Third-Party Services
The App uses the following third-party services that may process your data:
- Google Firebase (Auth, Firestore, Storage, Crashlytics) – Authentication, database, file storage, and crash
reporting. Privacy policy: firebase.google.com/support/privacy
- Google Maps Platform – Interactive map display. Privacy policy: policies.google.com/privacy
- OpenStreetMap / Nominatim – Reverse geocoding (GPS → city name). Privacy policy:
osmfoundation.org/wiki/Privacy_Policy
- Expo (Expo Notifications) – Push notification delivery. Privacy policy: expo.dev/privacy
---
4. Data Storage & Security
Your data is stored in Google Firebase infrastructure. Firebase applies industry-standard encryption in transit (TLS)
and at rest. Access to your data is restricted by Firestore security rules so that only you and users you have
friended can read your activity.
We retain your account data for as long as your account is active. Crash reports are retained for 90 days by Firebase
Crashlytics.
---
5. Your Rights
You may at any time:
- Access or correct your profile information from within the App settings.
- Delete your account by contacting us (see Section 8). We will delete your Firestore data and Firebase Storage files
within 30 days.
- Revoke location permission in your device's app settings.
- Opt out of notifications by disabling them in your device's notification settings.
If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the
GDPR including data portability and the right to lodge a complaint with your local supervisory authority.
---
6. Children's Privacy
TiffnBox is not directed to children under the age of 13. We do not knowingly collect personal information from
children under 13. If you believe a child has provided us with personal information, please contact us and we will
delete it promptly.
---
7. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will revise the "Last updated" date at the top of
this page. Continued use of the App after changes constitutes acceptance of the revised policy.
---
8. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us through the
App's support channel or via the contact form on our website.
TiffnBox Child Safety Policy
TiffnBox is committed to providing a safe environment for all users. We have a zero-tolerance policy against child
sexual abuse and exploitation (CSAE).
TiffnBox does not allow any content that sexually exploits or endangers minors. Any content of this nature will be
immediately removed and reported to the appropriate authorities, including the National Center for Missing and
Exploited Children (NCMEC).
Users who violate this policy will be permanently banned from the platform.
If you encounter any such content, please report it immediately to: oneminutetech09@gmail.com