Privacy Policy

Last Updated: November 13, 2025

Effective Date: November 13, 2025

  1. Introduction

Baba! ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") available on iOS and Android platforms. The App is provided free of charge.

By using our App, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our App.

  1. Information We Collect

2.1 Information You Provide Directly

When you create an account or use our App, we may collect:

  • Account Information: Email address, password (hashed and encrypted), display name, and profile picture

  • Profile Information: Bio, phone number, preferred cuisine types, dietary restrictions, theme preferences, and language preferences

  • Restaurant Submissions: Restaurant name, address, cuisine type, phone number, website, opening hours, photos, halal certification details, verification notes, and contact information

  • User-Generated Content: Reviews, ratings, comments, and favorite restaurant lists

  • Communication Data: Any information you provide when contacting us for support

2.2 Information Collected Automatically

When you use our App, we automatically collect:

  • Device Information: Device type, operating system, unique device identifiers, app version, and device language

  • Location Data: Precise location data (latitude and longitude) when you grant location permissions, used to center the map and provide location-based restaurant recommendations

  • Usage Data: Limited usage data collected through error tracking and performance monitoring (session information, error occurrences, and performance metrics collected via Sentry, if enabled). We do not collect detailed analytics about your app interactions, features used, time spent, or navigation patterns.

  • Error and Performance Data: Crash reports, error logs, and performance metrics (collected via Sentry, if enabled)

2.3 Information from Third-Party Services

We integrate with the following third-party services that may collect information:

  • Google Maps API: Location data, address searches, and geocoding information

  • Google Places API: Address validation and place details

  • Supabase: User authentication and database storage (hosted on Supabase infrastructure)

  • Sentry: Error tracking and performance monitoring data (automatically enabled when configured)

  1. How We Use Your Information

We use the collected information for the following purposes:

3.1 Core App Functionality

  • To create and manage your account

  • To authenticate and authorize your access to the App

  • To provide restaurant discovery and mapping services

  • To display restaurants near your location

  • To enable you to submit, review, and favorite restaurants

  • To sync your data across devices

3.2 Service Improvement

  • To improve, maintain, and optimize the App's performance

  • To analyze usage patterns and user behavior

  • To fix bugs and errors

  • To develop new features and functionality

3.3 Communication

  • To send you important updates about the App

  • To respond to your inquiries and provide customer support

  • To notify you about changes to our Privacy Policy or Terms of Service

3.4 Legal Compliance

  • To comply with applicable laws, regulations, and legal processes

  • To enforce our Terms of Service

  • To protect our rights, privacy, safety, or property, and that of our users

  1. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data based on the following legal grounds:

  • Consent: When you provide explicit consent (e.g., location permissions, optional profile information)

  • Contract Performance: To provide the services you requested and fulfill our Terms of Service

  • Legitimate Interests: To improve our services, ensure security, and prevent fraud

  • Legal Obligation: To comply with applicable laws and regulations

  1. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

  • Supabase: Hosts our database and provides authentication services

  • Google: Provides Maps and Places API services for location and address functionality

  • Sentry: Provides error tracking and performance monitoring (if enabled)

These service providers are contractually obligated to protect your information and use it only for the purposes we specify.

5.2 Public Information

The following information may be visible to other users of the App:

  • Your display name and profile picture (if provided)

  • Restaurant reviews and ratings you submit

  • Restaurant submissions you make (after approval)

5.3 Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or if we believe disclosure is necessary to:

  • Comply with legal obligations

  • Protect and defend our rights or property

  • Prevent or investigate possible wrongdoing

  • Protect the personal safety of users or the public

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

  1. Data Storage and Security

6.1 Data Storage

  • Your data is stored on Supabase servers. The specific region depends on your Supabase project configuration. If you need information about the exact data storage location, please contact us.

  • We retain your personal information for as long as your account is active or as needed to provide services

  • We may retain certain information after account deletion as required by law or for legitimate business purposes

6.2 Security Measures

We implement appropriate technical and organizational measures to protect your information:

  • Encryption of data in transit (HTTPS/TLS)

  • Secure password hashing and storage

  • Row-level security policies in our database

  • Regular security assessments and updates

  • Access controls and authentication requirements

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

  1. Your Rights and Choices

Depending on your location, you may have the following rights:

7.1 Access and Portability

  • Request access to your personal information

  • Request a copy of your data in a portable format

We will respond to your requests within 30 days (or as required by applicable law). For users in the EEA, we will respond to GDPR requests within one month, which may be extended by two additional months for complex requests.

7.2 Correction and Deletion

  • Update or correct your personal information through the App settings

  • Request deletion of your account and associated data (subject to legal retention requirements)

7.3 Opt-Out and Withdrawal

  • Withdraw consent for location tracking (via device settings)

  • Delete your account at any time

7.4 California Privacy Rights (CCPA)

If you are a California resident, you have the right to:

  • Know what personal information is collected, used, shared, or sold

  • Delete your personal information (subject to certain exceptions)

  • Opt-out of the sale of personal information (we do not sell your information)

  • Non-discrimination for exercising your privacy rights

7.5 European Privacy Rights (GDPR)

If you are located in the EEA or UK, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Erase your data ("right to be forgotten")

  • Restrict processing of your data

  • Data portability

  • Object to processing

  • Withdraw consent at any time

We will respond to your GDPR requests within one month, which may be extended by two additional months for complex requests. We will inform you of any such extension within one month of receipt of your request, together with the reasons for the delay. To exercise these rights, please contact us using the information provided in Section 11.

  1. Children's Privacy

Our App is not intended for children under the age of 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will delete such information.

  1. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from those in your country. By using our App, you consent to the transfer of your information to these countries.

For users in the EEA, we ensure appropriate safeguards are in place for international data transfers, including:

  • Standard Contractual Clauses approved by the European Commission

  • Adequacy decisions where applicable

  1. Data Retention

We retain your personal information for as long as necessary to:

  • Provide our services to you

  • Comply with legal obligations

  • Resolve disputes and enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days of your deletion request, except where we are required to retain it for legal or legitimate business purposes (e.g., restaurant submissions may be retained for community benefit). Some data may be retained in backup systems for up to 90 days before permanent deletion.

  1. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@babatheapp.com
Address: Torshamnsgatan 27, 164 40 Kista, Sweden

For users in the EEA, you also have the right to lodge a complaint with your local data protection authority.

  1. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new Privacy Policy in the App

  • Updating the "Last Updated" date

  • Sending you an email notification (if you have provided an email address)

Your continued use of the App after such changes constitutes acceptance of the updated Privacy Policy.

  1. Third-Party Links and Services

Our App may contain links to third-party websites or services (e.g., restaurant websites). We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies.

  1. Permissions

Our App requests the following permissions:

  • Location (When in Use): To center the map on your location and provide location-based restaurant recommendations. You can revoke this permission at any time through your device settings.

  • Camera/Photo Library: To allow you to upload photos when submitting restaurants. You can revoke this permission at any time through your device settings.

  1. Cookies and Tracking Technologies

Our App does not use cookies or similar tracking technologies. However, third-party services we integrate with (Google Maps, Supabase, Sentry) may use cookies or similar technologies in accordance with their own privacy policies.

  1. Do Not Track Signals

Our App does not respond to "Do Not Track" signals from your browser or device, as we do not engage in cross-site tracking.

Logo

Discover halal with confidence.

Navigation

Home

Features

Pricing

FAQ

Download

Social media

TikTok

Instagram

YouTube

© 2025 – Baba!

Privacy Policy

Terms of Service

Logo

Discover halal with confidence.

Navigation

Home

Features

Pricing

FAQ

Download

Social media

TikTok

Instagram

YouTube

© 2025 – Baba!

Privacy Policy

Terms of Service

Logo

Discover halal with confidence.

Navigation

Home

Features

Pricing

FAQ

Download

Social media

TikTok

Instagram

YouTube

© 2025 – Baba!

Privacy Policy

Terms of Service