Privacy policy

Last updated 23 May 2026. Effective immediately.

In one paragraph

Free-Food Finder collects the minimum needed to deliver push notifications about free food at your university: your email address, the dietary tags you opt into, and the alerts you receive. We do not sell or share your data with third parties, we do not advertise, and we do not track you across the web. You can delete your account at any time from inside the app.

What we collect

Account data

  • Your university email address. Used to verify your university affiliation via one-time code, identify your campus, and send TestFlight / App Store launch notices if you joined the waitlist.
  • The dietary preferences you select. Stored as a JSON list of tags (e.g., ["kosher","nut_free"]) on your account.
  • Push notification tokens from Apple Push Notification service (APNs), so we can deliver alerts to your devices.

Alert data

  • The free-food emails forwarded by you to alerts@freefoodfinder.app. We parse the subject and body to extract food type, building, dietary tags, and time. The original email body is kept for up to 30 days for debugging and is automatically purged after that.
  • Which alerts you marked as "gone" (if you tap that button), so we can hide them for other users.

Technical data

  • Authentication logs via Cloudflare Access (your email, the time you signed in, the IP region). Retained for 30 days for security auditing.
  • No analytics cookies, no third-party trackers, no fingerprinting scripts.

What we do not collect

  • We do not read or store the contents of your inbox. We only see what you explicitly forward to alerts@freefoodfinder.app.
  • We do not collect your real name, phone number, address, or payment information.
  • We do not track your location continuously. If you enable distance-based filters (a future feature), location is sampled only when the app is in the foreground and never stored on our servers.
  • We do not share data with advertisers, brokers, or universities.

Where it lives

All account and alert data is stored in Cloudflare D1 (a managed SQLite database). Storage region defaults to North America. Cloudflare's privacy practices are documented at cloudflare.com/privacypolicy.

The parser uses Anthropic's Claude API to extract structured fields from email text. We send only the email subject and body — no account information. Anthropic's Zero Data Retention policy applies to our usage; they do not store or train on our requests. Details at anthropic.com/legal/privacy.

Your rights

  • Access — request a copy of all data we hold about you.
  • Delete — delete your account and all associated data from inside the app (Settings → Delete my account) or by emailing hello@freefoodfinder.app. Deletion is permanent and processed within 7 days.
  • Correct — change your email or dietary preferences from inside the app at any time.
  • Port — receive your data as a JSON export on request.

These rights apply globally regardless of jurisdiction. EU/EEA users have additional rights under GDPR; California users under CCPA. To exercise any right, email hello@freefoodfinder.app with the subject line "Privacy request." We respond within 30 days.

Children

Free-Food Finder is not directed at children under 13. We do not knowingly collect data from anyone under 13. If you believe a child has signed up, email us and we will delete the account.

Changes to this policy

If we change anything material, we will email everyone with an account at least 14 days before the change takes effect. The current version always lives at freefoodfinder.app/privacy.

Contact

Privacy questions or requests: hello@freefoodfinder.app. We aim to reply within 3 business days.