*** the fine print *** · yuckr

Privacy Policy

Privacy Policy

This Privacy Policy explains how Daps Dev collects, uses, and shares information when you use yuckr. It applies to the iOS app, the web pages on https://dapsdev.dev that describe yuckr, and anything else that links here. We have written it in plain English where we can; the legalese is unavoidable in places.

Effective
July 6, 2026
Applies to
yuckr
Contact
dapsdev.support@gmail.com

§1. Summary of key points

The short version. Every point links to the section with full detail.

  • Daps Dev ("we," "us," or "our") operates yuckr. yuckr is a social food-ranking app for the dishes you regret. You log what you didn't like — with an optional photo and an optional voice memo — and yuckr assigns it a Yuck Score from 0.0 to 10.0 (higher is worse) through pairwise "Which is WORSE?" matchups. Reality Check aggregates the community's verdict on hyped restaurants before you waste a meal, the Hall of Regret leaderboard crowns the worst-rated dishes, and Gross Match tells you what percent of your bad taste your friends share. Restaurant search and nearby suggestions are powered by Google Places using your approximate location (or a city you pick manually).
  • What personal information do we process? Account information you provide (where applicable), the username and display name you choose, the friend connections you create, the content you submit (photos, text, audio), and technical/diagnostic data about your device. We process only what's necessary to deliver the Services.
  • Do we use AI? No. yuckr does not send your content to a third-party AI provider.
  • Do we process sensitive personal information? We try not to. yuckr is not designed to collect special-category data (race, religion, health, sexual orientation, biometrics, precise geolocation, government IDs, financial-account numbers). If you submit such data inside content you upload, you do so at your own risk.
  • Do we collect information from third parties? Outside of the sub-processors and platform-provided data described in this Privacy Notice, no.
  • How do we share your information? Only with the sub-processors that operate the Services on our behalf (listed in Section 6 (Sub-processors)), service providers under contract, or where legally required. We do not sell your personal information and we do not share it for cross-context behavioural advertising.
  • What about international transfers? yuckr is operated from the United States. Where we transfer EEA/UK/Swiss data to the U.S., we rely on Standard Contractual Clauses or equivalent transfer mechanisms.
  • What are your rights? Depending on where you live, you may have rights to access, correct, delete, port, or restrict our processing of your personal information, and to object or withdraw consent. See Section 11 (Your privacy rights) and Section 12 (U.S. state privacy rights).
  • How do you contact us? Email dapsdev.support@gmail.com from the email associated with your yuckr account (or, for guests, the device used).

§2. Information we collect

We collect only what we need to make the Services work.

Account information
When you create an account we collect your email address and a unique account identifier. We do not request your real name or date of birth. If you sign in with Apple, you may choose to share your real email or use Apple's private relay; we receive whichever you choose. We also receive an Apple-issued user identifier so we can recognize your account on future sign-ins. We do not receive your Apple ID password or your real name unless you explicitly share it.
Public profile (username and display name)
If you set a username, yuckr stores it in lowercase so other yuckr users can look you up case-insensitively. Your display name is the friendly form (e.g. "Ivan") shown next to your activity inside the app. Both fields are visible to other yuckr users who can already see your account (for example, anyone you have added as a friend, or anyone searching by your exact username). We do not publish your username or display name to the open web.
Friend connections
When you add another yuckr user as a friend, we store a row in our friends table linking your user ID to theirs. The graph is directed: adding someone does not automatically give them access to your account. Row-Level Security restricts each friend row to (a) the person who created it and (b) the person it points at — no other yuckr user can see your connections. You can remove a friend at any time from inside the app, which deletes the row.
Photos and camera input
yuckr can use your device's camera or photo library when you choose to add an image. We only access photos you explicitly select; we never scan your library in the background. Images are uploaded to our infrastructure so the Services can process them.
Text you submit
Text you type into yuckr (descriptions, prompts, captions, free-form notes, search queries) is sent to our servers so we can return a response.
Voice memos
You can attach a short voice memo to a yuck — record the rage in the moment. Recording starts only when you tap the record control; we never use the microphone for ambient listening. The memo is uploaded to our infrastructure and stored so it can be played back by you and by the yuckr users who can already see the yuck it is attached to (for example, your friends in the feed). Voice memos are not transcribed and are not sent to any AI provider. Deleting the yuck deletes the memo.
Device and usage information
We automatically collect technical information about your device (model, operating system, language, time zone, app version), a randomly generated installation identifier, an IP address (used at the moment of the request and not stored long-term), and basic usage events (which screens you visit, when you tap a feature). This helps us debug issues and understand which features are useful.
Diagnostics and crash reports
If yuckr crashes or hits an error, we may collect a stack trace, the OS version, and the app state at the time of the crash so we can fix the bug. These reports do not include the contents of your photos, audio or text inputs.
Information from people you invite
When you share a yuckr link with another person, the recipient may interact with the Services without creating an account. We collect only what is necessary to provide the shared experience (a temporary identifier and the choices they make on the shared link). Recipients are not added to any marketing list.
Sensitive personal information
yuckr is not designed to collect "special category" data under GDPR (Article 9) or "sensitive personal information" under the CPRA — including racial or ethnic origin, religious or philosophical beliefs, genetic or biometric data for unique identification, health data, sex life or sexual orientation, government IDs, precise geolocation (within 1,750 feet), or financial-account numbers. We will not knowingly process such data, and we ask that you not include it in your inputs.
Location
If you grant location permission, yuckr uses your device's location to find restaurants near you and to suggest nearby alternatives (the Least Shitty Score list). Your coordinates are sent to Google's Places API to run the search and are used in the moment; we do not build or store a history of the places you have been. If you decline location permission, yuckr falls back to a city you pick manually (a city-centroid search) and works fully without location access.

Data we do not collect

For the avoidance of doubt, yuckr does not collect the following categories of personal information. If a category is on this list it is not declared on our App Store privacy label, it does not appear in our database, and it is not transmitted to any sub-processor.

  • Precise (GPS-exact) location history — location is used in the moment to find nearby restaurants, not stored as a movement trail
  • Your device contacts or address book
  • HealthKit or health data
  • Financial-account numbers or payment-card details
  • Any data used for cross-context behavioural advertising

§3. How we use your information

We use the information described above to:

  • Provide, operate, and maintain yuckr, including delivering the core feature you asked for (analyzing an image, generating a recommendation, splitting a bill, etc.).
  • Authenticate you, secure your session, and remember your preferences across devices.
  • Communicate with you about your account, your subscription, security alerts, and customer support requests.
  • Detect, investigate, and prevent fraudulent, abusive, or unsafe activity, and to enforce our Terms of Service.
  • Improve the Services — for example, by analyzing aggregate usage to decide which features to prioritize and to fix bugs.
  • Apply any account-level settings or saved preferences across your devices.
  • Let other yuckr users look you up by your exact username so they can add you as a friend, and display your display name next to your in-app activity to the people authorised to see it.
  • Maintain the friend graph you create inside yuckr so we can show you the activity of people you have added as friends and surface them in the friends feed. We never message the people you add and we never expose your friend list to anyone outside the relationship.
  • Comply with our legal obligations, including responding to lawful requests from public authorities.
  • With your express consent, for any other purpose disclosed at the time we ask for that consent.

§5. How we share information

We do not sell your personal information and we do not share it for cross-context behavioural advertising. We share only what's necessary to operate the Services or comply with the law.

We share information in the following limited circumstances:

  • With sub-processors that operate the Services on our behalf, listed in Section 6 (Sub-processors).
  • With service providers acting on our behalf (such as email delivery, hosting, and customer support tooling), under written contracts that limit how they can use your data.
  • With law enforcement, courts, or other public authorities, when we are legally required to do so or when we believe in good faith that disclosure is necessary to protect rights, property, or safety.
  • With professional advisors (lawyers, accountants, auditors) under duties of confidentiality, where reasonably necessary.
  • With an acquirer or successor entity, in the event of a merger, acquisition, financing, reorganization, or sale of all or a portion of our assets — in which case any new entity will continue to be bound by this Privacy Policy or will give you advance notice and an opportunity to opt out where required by law.
  • With your direction or consent, including content you choose to share via a public link or to publicly post.

§6. Sub-processors

The third-party services that operate behind yuckr on our behalf.

We engage the following sub-processors. Each is bound by a written contract that limits the use of your personal information to the purposes described in this Privacy Policy and requires appropriate technical and organizational security measures.

Google LLC — Places API (restaurant search)
Powers yuckr's restaurant search and nearby suggestions. Receives your search query and, if you granted location permission, your approximate coordinates (or the centroid of the city you picked manually), and returns matching venues, addresses, and place metadata. Requests are proxied through our server-side functions with rate limiting; Google does not receive your yuckr account identity. Subject to Google's own privacy policy. United States. Privacy policy: https://policies.google.com/privacy.
Supabase, Inc. — backend, database, auth, storage
Hosts your account, content, and metadata in PostgreSQL with row-level security. Data centres in the United States. Privacy policy: https://supabase.com/privacy.
Apple Inc. — App Store distribution, Sign in with Apple
Distributes the iOS app and provides crash logs. When you choose Sign in with Apple, Apple shares with us either your real email or an Apple-issued private-relay address, plus a stable Apple user identifier so we can recognise your account on future sign-ins. Apple does not share your Apple ID password and does not share your real name unless you explicitly elect to. United States. Privacy policy: https://www.apple.com/legal/privacy/.
Vercel, Inc. — web hosting for https://dapsdev.dev
Hosts the public Daps website (the page you are reading). Receives standard web-server logs (request URL, IP, user-agent) for security and abuse prevention. United States. Privacy policy: https://vercel.com/legal/privacy-policy.
Email service providers
If we email you about your account, the email is delivered via a transactional email provider that processes your address solely to deliver our message and does not use it for any other purpose.

§7. Cookies and tracking technologies

yuckr is an iOS application and does not use HTTP cookies for in-app functionality. We use Apple-provided device identifiers (the IDFV — vendor identifier) and randomly generated installation identifiers to keep you signed in and to debug issues; these reset when you reinstall the app.

yuckr does not include the App Tracking Transparency tracking domain pattern, does not use the IDFA (advertising identifier), and does not call `requestTrackingAuthorization`. We do not engage in cross-app or cross-website tracking, and our App Privacy Manifest declares no third-party "tracking" SDKs as defined by Apple.

Our website at https://dapsdev.dev sets only the minimum cookies necessary to operate the site. We do not run ad networks, retargeting pixels, or third-party analytics that share data with advertising networks. If we ever introduce non-essential cookies, we will surface a consent banner to users in jurisdictions that require opt-in (EEA, UK, Switzerland, Brazil) before they are set.

If you choose to turn on the optional hand-gesture control in the website's interactive hero, your camera feed is processed entirely on your device, inside your browser, solely to detect hand gestures — no video or image is ever uploaded, recorded, or transmitted off your device, and the camera is released the moment you turn the feature off.

§8. How long we keep information

We keep information only as long as necessary to deliver the Services, comply with law, or protect our rights — and never longer than the periods listed below.

  • Photos and other media you upload are retained only as long as needed to deliver the response and, if applicable, to keep it in your in-app history. You can delete saved items from within the app at any time, after which they are removed from our active systems within 30 days and from backups within an additional 30 days.
  • Text inputs and AI responses are retained in your account history (where applicable) until you delete them or close your account.
  • Account information is retained for as long as your account is active. When you delete your account we delete or de-identify it within 30 days, except where we are required to keep it for legal, accounting, or fraud-prevention purposes.
  • Your username and display name are retained for as long as your account is active. They are deleted alongside your account when you tap "Delete account."
  • Friend connection rows are retained for as long as both endpoints exist. Removing a friend from inside yuckr deletes the row immediately; deleting either user's account cascades to every row that references that user's ID.
  • Records of customer support communications are retained for as long as needed to address your request and for a reasonable period afterward (up to 24 months).
  • Diagnostics, crash reports, and aggregate usage data are retained for up to 12 months for engineering and product purposes.
  • Records of any free-trial usage are retained for up to 24 months for fraud prevention.
  • Backup copies on encrypted, isolated storage may persist for up to 60 days after deletion before being permanently overwritten.

§9. Security and breach notification

We use commercially reasonable administrative, technical, and physical safeguards designed to protect your information, including encryption in transit (TLS 1.2+), encryption at rest, scoped database access controls (Row-Level Security and the principle of least privilege), audit logging, multi-factor authentication for our internal tools, and routine review of our infrastructure dependencies.

No method of transmission over the internet, however, is 100% secure, and we cannot guarantee absolute security. You use the Services at your own risk, and we encourage you to use a strong, unique password and to keep your device's operating system up to date.

If we become aware of a security incident affecting your personal information, we will notify you and any required regulator without undue delay and, where feasible, within the timeframes required by applicable law (e.g. 72 hours under GDPR/UK GDPR Article 33). Notification will describe the nature of the incident, the categories of data affected, and the steps we are taking in response.

§10. International data transfers

yuckr is operated from California, USA. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or in any other country where our service providers maintain facilities.

Where we transfer personal data of EEA, UK, or Swiss residents to a country that has not been recognised by the European Commission as providing an adequate level of protection, we rely on the European Commission's Standard Contractual Clauses (Module 2 or 3 as applicable), the UK Addendum to the SCCs, and/or the Swiss FDPIC's standard contractual clauses, supplemented by additional technical and organizational measures (encryption, access controls, transparency reporting). A copy of the relevant clauses is available on request to dapsdev.support@gmail.com.

For users in Brazil, we transfer personal data outside Brazil only on a basis permitted by Article 33 LGPD.

§11. Your privacy rights

Depending on where you live, you may have rights under privacy laws such as the EU GDPR, UK GDPR, Swiss FADP, Canadian PIPEDA, Quebec Law 25, the Australian Privacy Principles, the New Zealand Privacy Act 2020, and Brazil's LGPD. These rights may include:

  • The right to access the personal information we hold about you, and to receive a copy.
  • The right to correct inaccurate or incomplete personal information.
  • The right to delete your personal information, subject to certain exceptions.
  • The right to object to or restrict certain processing, including processing based on legitimate interests.
  • The right to data portability — to receive your information in a structured, commonly used, machine-readable format and to transmit it to another controller.
  • The right to withdraw consent where we rely on consent as our legal basis (this does not affect the lawfulness of prior processing).
  • The right not to be subject to a decision based solely on automated processing that produces legal or similarly significant effects (see Section 14 (Automated decision-making and profiling)).
  • The right to lodge a complaint with a supervisory authority — for example, your EEA Member State data protection authority, the UK Information Commissioner's Office (ICO), the Swiss Federal Data Protection and Information Commissioner (FDPIC), the Office of the Privacy Commissioner of Canada, the Commission d'accès à l'information du Québec, the Office of the Australian Information Commissioner (OAIC), the Office of the Privacy Commissioner of New Zealand, or Brazil's ANPD.

How to exercise your rights

To exercise any of these rights, email dapsdev.support@gmail.com from the email address associated with your account, or use the in-app account-deletion option (where provided). We may need to verify your identity before responding — typically by confirming control of the email used to register or by asking you to confirm a one-time code sent to that email.

We will respond within the time required by applicable law (typically 30 days, extendable by another 60 days for complex requests with notice to you), and we will not discriminate against you for exercising your rights. If we decline a request in whole or part, we will explain why and tell you how to appeal.

Authorized agents

Where applicable law allows, you may use an authorized agent to make a privacy request on your behalf. We may ask the agent for written, signed permission from you and may verify your identity directly. We will reject agent requests that are not properly authorized.

§12. U.S. state privacy rights

If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you have specific rights under your state's privacy laws.

The table below describes the categories of personal information that yuckr has collected over the preceding 12 months under the California Consumer Privacy Act (as amended by the CPRA). The categories track the CCPA's enumerated list. Your state's law may use slightly different category labels, but the substance is the same.

A. Identifiers
Email address (if you have an account), randomly generated user identifier, lowercase username, device identifier (IDFV), IP address used at the moment of a request. Collected: Yes.
B. Customer records (Cal. Civ. Code §1798.80(e))
Name, contact information, financial details. Collected: A self-set display name (the friendly form of your username, e.g. "Ivan") shown next to your in-app activity. We do not collect a legal name, postal address, phone number, or financial-account information.
C. Protected classifications
Age, race, religion, sexual orientation, etc. Collected: No.
D. Commercial information
Subscription tier, purchase history. Collected: No.
E. Biometric information
Fingerprints, voiceprints, faceprints. Collected: No.
F. Internet or network activity
App screens visited, features used, error events. Collected: Yes (in-app only; we do not track you across other apps or websites).
G. Geolocation data
Approximate location derived from IP for security; device location for restaurant search. Collected: Approximate IP-based, plus — only if you grant location permission — your device's coordinates, used in the moment to run a nearby-restaurant search and not stored as a location history.
H. Audio, electronic, sensory information
Voice memos you record and attach to a yuck, and photos you upload. Collected: Yes, only when you tap the record control or select a photo.
I. Professional / employment information
Employer, job title, work history. Collected: No.
J. Education information
Student records, grades, transcripts. Collected: No.
K. Inferences
Profiles drawn from the data above to predict your preferences. Collected: We use aggregated, de-identified usage information to improve features; we do not build behavioural profiles about identifiable users.
L. Sensitive personal information
Government IDs, account log-in credentials, precise geolocation, racial/ethnic origin, religious beliefs, mail/email/text contents, genetic/biometric data, health, sex life or sexual orientation. Collected: No. yuckr does not collect or use sensitive personal information for purposes other than those permitted by Cal. Civ. Code §1798.121(a) (delivering the Service requested).

Sources of personal information

  • Directly from you, when you create an account, submit content, or contact us.
  • Automatically from your device, as described in Section 2 (Information we collect).
  • From other yuckr users who add you as a friend — the existence of such a connection is visible to both endpoints under Row-Level Security.
  • From our sub-processors (e.g. subscription state from Apple/RevenueCat) and from people who share a yuckr link with you.

Sale, sharing, and targeted advertising

We do NOT sell or share your personal information for cross-context behavioural advertising as those terms are defined under the CCPA/CPRA, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, or any similar state law. We do not engage in profiling that produces legal or similarly significant effects about you. We have not sold or shared personal information in the preceding 12 months and have no current plans to do so.

Your rights as a U.S. state resident

  • Right to know whether we are processing your personal data.
  • Right to access your personal data and obtain a copy in a portable format.
  • Right to correct inaccuracies in your personal data.
  • Right to delete personal data about you, subject to permitted exceptions.
  • Right to opt out of the sale, sharing, or processing for targeted advertising of personal data (we do not engage in any of these — see above).
  • Right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects (we do not engage in such profiling).
  • Right to limit use and disclosure of sensitive personal information, where collected (we do not collect SPI for purposes outside §1798.121(a)).
  • Right to non-discrimination for exercising any of these rights.
  • Right to obtain the categories of third parties to whom we have disclosed personal data (Connecticut, Delaware, Maryland, Minnesota, Oregon).
  • Right to question and, where allowed, correct profiling decisions (Connecticut, Minnesota).
  • Where required by Florida law, right to opt out of the collection of sensitive data and personal data collected through voice/facial-recognition features.

How to exercise U.S. state rights

Email dapsdev.support@gmail.com with the subject line "Privacy Request – [your state]" from the email associated with your yuckr account, or use the in-app account-deletion option. We will verify your identity by confirming control of that email or by sending you a one-time code, and we will respond within the timeframes required by your state's law (typically 45 days, extendable by another 45 days with notice).

Authorized-agent requests must include written, signed permission from the consumer; we may verify directly with you in any case.

Right to appeal

If we decline to take action on your request, you may appeal that decision by replying to our response email or sending a new email to dapsdev.support@gmail.com with the subject "Privacy Appeal". We will respond to the appeal within the time required by your state's law (typically 60 days). If your appeal is denied, you may file a complaint with your state attorney general — the Texas, Virginia, and Colorado attorneys general publish complaint pages, and the California Privacy Protection Agency accepts complaints at https://cppa.ca.gov.

California Shine the Light

California Civil Code §1798.83 entitles California residents who have an established business relationship with us to request, once per calendar year and free of charge, information about the personal information (if any) we have shared with third parties for those parties' direct marketing purposes. We do not share personal information for third-party direct marketing.

Notice of Financial Incentive

yuckr does not offer a financial incentive (such as a price or service difference) in exchange for the collection, retention, sale, or sharing of personal information. If we ever introduce one, we will provide a separate Notice of Financial Incentive that complies with Cal. Civ. Code §1798.125.

§13. Children's privacy

yuckr is not directed to children under 13 (or under 16 in the European Economic Area, the United Kingdom, Switzerland, Brazil, and any other jurisdiction where that is the applicable digital-consent age), and we do not knowingly collect personal information from children below those ages. The App Store age rating for yuckr is set accordingly.

If you believe a child has provided us with personal information, please contact us at dapsdev.support@gmail.com. We will delete the information, terminate the associated account, and take reasonable steps to prevent further collection. Parents and guardians who would like to review or delete a child's information may also contact us at the same address.

Consistent with the U.S. Children's Online Privacy Protection Act (COPPA), the EU GDPR (Article 8), the UK Age Appropriate Design Code, and the California Age-Appropriate Design Code, we have considered the categories of data we collect, the way we present choices, and the absence of behavioural-advertising and targeting features in light of the possibility that some users may be under the relevant age threshold despite our age-gating.

§14. Automated decision-making and profiling

yuckr does not produce decisions about you using automated processing.

Where AI features are involved, you can request a copy of the inputs and outputs we have stored about you, ask us to correct an output you believe is wrong, or stop using AI features entirely without losing access to the rest of the Services. To do any of these, contact dapsdev.support@gmail.com.

If you are in the EEA, UK, or Quebec, you have the right under Article 22 GDPR (and the equivalent provisions of UK GDPR and Quebec Law 25) not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects concerning you or similarly significantly affects you. We do not engage in any such processing today, and we will give you advance notice and a meaningful opt-out before we ever do.

§15. Do-Not-Track and Global Privacy Control signals

Some browsers transmit a "Do-Not-Track" (DNT) header. Because there is currently no industry-wide consensus on how to interpret DNT, our website does not currently respond to DNT signals.

Where required by law (including the California Privacy Rights Act regulations), we treat the Global Privacy Control (GPC) signal sent by your browser as a valid request to opt out of "sale" or "sharing" of personal information for cross-context behavioural advertising. Because we do not engage in either practice, we have nothing to opt you out of — but we will continue to honour the signal in our future operations.

§16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. When we do, we will revise the "Effective date" at the top of this page. For material changes — for example, a new category of personal information, a new sub-processor that handles your content, or a change in legal basis — we will provide notice through the app or by email at least 14 days before the change takes effect, and where required by law we will obtain your consent before applying the change to data already collected.

We encourage you to review this page periodically. Continued use of the Services after the effective date of an update constitutes acceptance of the updated Privacy Policy.

§17. Contact us

Daps Dev is the data controller for personal information described in this Privacy Policy. If you have questions about this Privacy Policy or want to exercise any of your privacy rights, contact us at dapsdev.support@gmail.com.

We have not appointed a separate Data Protection Officer; questions formally directed to a DPO will be handled by the same address. EEA and UK residents may also write to the supervisory authority in their country of habitual residence — a list is available on the European Data Protection Board's site (https://edpb.europa.eu) and on the UK ICO's site (https://ico.org.uk).