MealMatch

Privacy Policy

Last updated: May 22, 2026

App: MealMatch (iOS) · Bundle ID: MealMatch.MealMatch

Operator: FivePointTwo LLC

This Privacy Policy explains how MealMatch collects, uses, shares, and protects information when you use our mobile application. By using MealMatch, you agree to this policy. If you do not agree, please do not use the app.

For privacy questions or requests, contact us at contact@mealmatchapp.com.

1. Summary

MealMatch helps you and your dining crew decide where to eat by swiping on nearby restaurants.

• You can use MealMatch without creating an account. Much of your data stays on your device.
• MealMatch Cloud is optional. If you sign in with Apple, we sync certain group and session data through Firebase so each person can swipe on their own phone.
• Location is used to find restaurants near you via Google Places. Location is sent to Google when you search; we do not operate our own restaurant database.
• The free plan shows ads(Google AdMob) and may use analytics (Firebase Analytics) subject to your consent choices. MealMatch Plus removes ads.
• You can delete your cloud account in the app(Profile → Delete cloud account).

2. Information We Collect

2.1 Information you provide

We do not require your real name. You may choose any display name.

2.2 Sign in with Apple and MealMatch Cloud (optional)

If you choose Sign in with Apple, we receive:

• A Firebase Authentication user ID(UID) tied to your Apple ID
• A display name(from Apple on first sign-in and/or what you enter in the app)
• An email address only if Apple provides it (Apple may supply a private relay address)

We use Firebase (Google) for authentication, database, cloud functions, push messaging, and optional group photo storage. Sign-in is not required for solo “Meal for one” use or for local-only group swiping on a single device.

2.3 Location information

When you allow Location (When In Use), MealMatch uses your approximate or precise location to:

• Find restaurants near you in the swipe deck
• Sort or filter results (e.g., “Closer spots first” on MealMatch Plus)

If you deny location, you can enter a zip code or address manually instead.

Important: Restaurant search requests are sent from your device to Google Places API. Google receives your search location or coordinates as part of that request. Google’s privacy policy applies to their processing: Google Privacy Policy.

We do not continuously track your location in the background.

2.4 Device and app data (local)

Stored on your device using standard iOS storage (e.g., UserDefaults and app sandbox files):

• Onboarding and plan choices
• Swipe limits and refill timers (free tier)
• Locked group decisions until you reset a round
• Liked-places archive (“Places you’ve loved”)
• Cached restaurant decks and cached Google Places photos(temporary, on-disk cache to reduce repeat downloads)
• A per-install device user ID used before cloud sign-in and for legacy group linking
• Last registered push token (while signed in)

2.5 Cloud sync data (Firebase / Firestore)

If you use MealMatch Cloud, we store the following in Google Firebase(project region: us-central1):

User profile ( users/{uid} )

• Display name, account creation time
• APNs/FCM device tokens for push notifications ( apnsDeviceTokens )
• Optional legacy device ID for migration

Groups ( groups/{groupID} )

• Group name, admin UID, member UID list, participant count
• Optional group photo storage path
• Credit Card Roulette setting, weekly nudge preferences (for cloud-scheduled pings)
• Subscription tier at group creation (for server-side seat limits)

Members ( groups/{groupID}/members/{uid} )

• Role (admin or member), join time, display name

Sessions ( groups/{groupID}/sessions/{sessionID} )

• Session status (swiping → voting → locked)
• Restaurant IDs in the deck and lightweight restaurant summaries (name, area, rating, address, coordinates, image URL)
• Per-participant progress (swipes uploaded, vote cast)
• Ranked mutual matches and final locked restaurant
• Optional Credit Card Roulette payer seat

Swipes ( …/swipes/{swipeID} )

• Your UID, restaurant ID, like/pass, timestamp

Votes ( …/votes/{uid} )

• Your UID, chosen restaurant ID, timestamp

Scheduled pings ( groups/{groupID}/scheduledPings/{pingID} )

• Ping type (custom, reveal, weekly), scheduled time, message body, creator UID

Group photos (Firebase Storage)

• Optional JPEG at groupPhotos/{groupID}.jpg for cloud-linked groups

Only group members can read group data in Firestore. Security rules restrict access by authenticated UID.

2.6 Push notifications

Local notifications(scheduled on your device):

• Friday / weekly crew nudges
• One-time custom pings and scheduled reveals you set
• “Round complete” ping when enabled

Remote push notifications(MealMatch Cloud):

• Delivered via Firebase Cloud Messaging (FCM) and Apple Push Notification service (APNs)
• Examples: ping group now, scheduled ping, decision locked, round complete
• Require notification permission and a registered device token on your user profile

You can disable notifications in iOS Settings.

2.7 Subscriptions (MealMatch Plus)

Purchases are processed entirely by Apple through StoreKit. We receive:

• Entitlement status (whether Plus is active)
• Product identifier (monthly or annual)

We do not receive or store your payment card number. Apple’s privacy policy governs payment data: Apple Privacy Policy.

2.8 Advertising and analytics (free tier)

If you use the free plan, MealMatch may show Google AdMob banner, interstitial, and rewarded ads.

Consent and choices

• Google User Messaging Platform (UMP) — consent form for ads in applicable regions; accessible again from Profile → Ad privacy choices when required
• App Tracking Transparency (ATT) — on supported iOS versions, you may be asked whether MealMatch can track you across other companies’ apps and websites for personalized ads
• MealMatch Plus — ad-related consent flags are turned off because Plus does not show ads

Firebase Analytics (Google Analytics for Firebase)

When Firebase is configured and consent allows, we log events such as:

• Subscription success ( plus_subscribe_success )
• Share sheet opened ( share_sheet_opened )
• Final decision revealed ( final_decision_revealed ) — method, solo vs group, table size
• Final decision actions ( final_decision_action ) — e.g., copy, save, Instagram, share
• User property: subscription_tier (free or plus)

Analytics collection follows Google consent mode settings mapped from UMP and ATT. Analytics is limited or off until consent is resolved.

AdMob and Analytics may collect device identifiers, IP address, and ad interaction data according to Google’s policies and your choices.

2.9 Photos and sharing

With your permission, MealMatch can:

• Read a photo you pick for your profile or a group (Photos library)
• Save a share card image to Photos
• Open Instagram Stories or the system share sheet with an image you choose to share

Share cards show who is eating(profile, duo “kiss cam,” or group photo)—not the restaurant name—unless you add details elsewhere when sharing. Exported images are generated on your device.

2.10 What we do not collect

• We do not upload profile photos to our servers in the current version
• We do not sell your personal information
• We do not run background location tracking
• We do not access your contacts or microphone

3. How We Use Information

We use information to:

• Show restaurant swipe decks and Results near your chosen location
• Run group decision flows (overlap, voting, locking a pick)
• Sync sessions across crew members’ phones (when you use MealMatch Cloud)
• Send local and remote notifications you request or enable
• Enforce free-tier limits and deliver MealMatch Plus features
• Show ads on the free plan and measure ad performance (with consent)
• Understand aggregate app usage via analytics (with consent)
• Prevent abuse and keep the service secure
• Comply with law and respond to valid requests

4. How We Share Information

We share information only as described below:

We may disclose information if required by law, to protect rights and safety, or in connection with a merger or acquisition (with notice where required).

We do not share your swipe history with restaurants or sell personal data to data brokers.

5. Legal Bases (EEA / UK users)

If you are in the European Economic Area or United Kingdom, we process personal data on these bases:

• Contract — to provide the app and MealMatch Cloud features you request
• Consent — for ads, analytics, ATT, and optional sign-in where applicable
• Legitimate interests — to secure and improve the app, prevent fraud, and support users (balanced against your rights)

You may withdraw consent for ads/analytics through in-app privacy choices and iOS Settings without affecting core swiping features.

6. Your Choices and Rights

Use without an account — Meal for one and local-only groups work without Sign in with Apple.

Location — Allow or deny in iOS Settings → MealMatch → Location.

Ads and tracking — Profile → Ad privacy choices (UMP); iOS Settings → Privacy & Security → Tracking; upgrade to Plus to remove ads.

Notifications — iOS Settings → MealMatch → Notifications.

Access / correction — Edit your display name and photos in Profile and group settings. Cloud profile fields are updated when you change them in the app.

Delete cloud account — Profile → Delete cloud account. This calls our deleteUserData server function, which:

• Deletes your users/{uid} document and Firebase Authentication account
• If you are a group admin, deletes groups you administer (including sessions, swipes, votes, and scheduled pings)
• If you are a member(not admin), removes you from groups and deletes your member document

Deletion is permanent and cannot be undone. Local data on your device(groups, photos, past matches stored only on-device) is not automatically erased by cloud account deletion—you may delete the app to remove local storage.

Apple subscriptions — Manage or cancel MealMatch Plus in Settings → Apple ID → Subscriptions or Apple’s subscription management page. Deleting your cloud account does not cancel an active subscription.

Depending on your location, you may have additional rights (access, portability, objection, restriction, complaint to a supervisory authority). Contact contact@mealmatchapp.com to exercise them.

7. Data Retention

We may retain minimal logs needed for security, fraud prevention, or legal compliance after deletion.

8. Security

We use industry-standard measures including HTTPS, Firebase security rules, authenticated access to cloud data, and Apple’s secure sign-in. No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

9. Children’s Privacy

MealMatch is not directed to children under 13 (or the minimum age in your country). We do not knowingly collect personal information from children. If you believe a child has provided us information, contact contact@mealmatchapp.com and we will delete it.

10. International Transfers

Firebase and Google services may process data in the United States and other countries. By using MealMatch Cloud, you acknowledge that your information may be transferred to jurisdictions with different data-protection laws. Google offers appropriate safeguards for many regions; see Firebase and Google Cloud documentation.

11. Third-Party Links

Restaurant cards may link to Apple Maps, Google Maps, restaurant websites, or delivery search URLs. Those services have their own privacy policies. We are not responsible for third-party sites or apps.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the revised policy at the same URL and update the “Last updated” date. Material changes may also be communicated in-app where appropriate. Continued use after changes means you accept the updated policy.

13. Contact Us

FivePointTwo LLC
Email: contact@mealmatchapp.com

For App Store subscription or payment issues, contact Apple Support. For Sign in with Apple account issues, see Apple’s documentation.

---

Appendix: App Store Privacy Label Mapping

Use this appendix when completing App Store Connect → App Privacy. Adjust if your counsel advises otherwise.

Data not collected by us directly: Payment card numbers (Apple handles payments).