Privacy PolicyIntroductionEffective Date: November 7, 2025Welcome to PlateBeat, a mobile and web app developed by PlateBeat Ltd. ("we," "us," or "our"), located at 44 Bauhinia Rd South, Hong Kong. We help users discover and rate restaurants by aggregating a "metascore" from public user-generated content on Instagram, such as photos, captions, and comments. This Privacy Policy explains how we collect, use, share, and protect your information when you use our app. We are committed to protecting your privacy and fully complying with Meta's Platform Terms (including Sections 3 and 5), Instagram API requirements, and global data protection laws like the GDPR, CCPA, and Virginia CDPA.This policy applies to all users of the app. By using PlateBeat, you agree to this policy. For details on Meta's practices, please review their Privacy Policy, Cookies Policy, and Platform Terms.Version History: This is version 1.0, effective November 7, 2025. We keep this policy current and up-to-date.Information We CollectWe collect only the information necessary to provide and improve our app. We do not collect sensitive data, such as health, racial, or ethnic information, and we focus exclusively on public data.
We do not require logins for core app use and never access private Instagram content.How We Use Your InformationWe use your information solely to deliver the app's features and improve its performance. Our uses are transparent and limited.
Legal Bases: For public data, we rely on legitimate interests (e.g., providing aggregated insights from openly shared content). For optional Instagram linking, we use your consent, which you can withdraw anytime.Prohibited Uses: We strictly prohibit and do not engage in any practices forbidden by Meta's Platform Terms, including discrimination, surveillance, selling or licensing data, re-identification of users, or using data for eligibility determinations (e.g., credit or employment). All outputs are aggregated and anonymized; we never store or process data for advertising or tracking individuals.How We Share Your InformationWe do not sell, license, or share your personal information with third parties for advertising, marketing, or surveillance. Sharing is minimal and strictly controlled.
No government requests are fulfilled without legal requirement and user notification where possible. Aggregated, non-identifiable insights may be used internally but never shared externally.Cookies and Tracking TechnologiesWe use minimal cookies and similar technologies only for essential app functionality, such as maintaining sessions during use. We do not use them for cross-site tracking, targeted ads, or profiling.
To manage cookies, adjust your browser settings or use our in-app cookie management tool here. Opting out won't affect core app access. For more, see Meta's Cookies Policy.Your Rights and ChoicesYou have full control over your data. We honor all rights under GDPR, CCPA, Virginia CDPA, and similar laws, including access, correction, deletion, objection, and opt-out of sharing or profiling.
To exercise rights, email privacy@platebeat.com. We'll respond within 30 days (or 45 for complex requests) at no cost. For verification, we may ask for proof of identity. During optional Instagram login, you'll agree to this policy via clickwrap for enforceability.Children's PrivacyPlateBeat is not intended for children under 13. We do not knowingly collect personal information from children under 13 or target users under 13. If we learn we've collected such data, we'll delete it immediately. Parents or guardians concerned about their child's data should contact us at privacy@platebeat.com.International Data TransfersData is stored in secure facilities in the US and EU. For transfers outside the EEA (e.g., to the US), we use approved safeguards like Standard Contractual Clauses (SCCs) and rely on Meta's adequacy decisions where applicable. You can request details on transfers via our contact info.Data Security and RetentionWe prioritize your data's security with industry-standard measures, including encryption in transit and at rest, access controls, regular audits, and employee training. While no system is 100% secure, we strive to protect against unauthorized access, loss, or misuse.Retention: Public post metadata is retained only as needed for analysis (max 30 days) and deleted automatically or upon your request. Device info is kept for security purposes (up to 1 year) but anonymized. Linked Instagram data is deleted when you unlink or request removal.In case of a breach, we'll notify affected users and regulators within 72 hours per GDPR requirements.Changes to This PolicyWe may update this policy to reflect app changes or legal requirements. We'll notify you via in-app alerts or email (if provided) at least 30 days in advance for material changes. Continued use after updates means acceptance. Check back periodically.Contact UsQuestions? Reach out anytime.