Privacy Policy
1. Who is responsible
The data controller for VerifyEat is:
Catalin Ionut Portan
Independent developer, Switzerland
Email: hello@verifyeat.com
For full contact details and business identification, see the Imprint.
2. Scope of this policy
This policy covers two distinct surfaces:
- The VerifyEat macOS application installed on your Mac.
- The verifyeat.com public website.
It does not cover the public QR product pages a restaurant publishes using VerifyEat. Those pages are operated by the restaurant; the restaurant is the data controller for any information shown on them.
3. Data handled by the macOS app
3.1 Local-first design
VerifyEat stores all menu, restaurant, product, image, allergen, and configuration data on your Mac, in ~/Library/Application Support/VerifyEat/. We do not have a backend that receives, stores, or processes this data.
3.2 Personal data inside the app
The app does not require an account. It does not ask for your name, email, or address. The only personal-style data the app may store is whatever you choose to enter (e.g., your restaurant's name, address, or menu copy you wrote yourself).
3.3 Anthropic API key & AI translations
If you enable AI translation, the app uses an API key you provide. The key is stored in the macOS Keychain on your Mac. When you click "Translate":
- The product text you want translated is sent directly from your Mac to Anthropic's API endpoint.
- VerifyEat servers are not involved and never see your menu text or your key.
- Anthropic processes the data under its own privacy policy: anthropic.com/legal/privacy.
3.4 LocalMenuServer (Live Preview)
When you start "Live on Phone", the app opens a temporary HTTP server on your local network so a phone or tablet on the same Wi-Fi can preview the menu. The server stops when you close it or quit the app. No data leaves your local network. We strongly recommend running this only on trusted Wi-Fi networks.
3.5 Subscription & trial
Trial state is stored locally. If you subscribe through the Mac App Store, payment, renewal, cancellation, and refund handling are provided by Apple. VerifyEat stores only the local subscription entitlement state required to unlock the app. Card numbers are never sent to or stored by us.
4. Data handled by this website
4.1 Server logs
Our static-site host (Cloudflare Pages or equivalent) keeps short-lived access logs containing IP address, user agent, requested URL, and timestamp. These are used solely for security, abuse prevention, and aggregate traffic analysis. Logs are retained for no longer than 30 days.
4.2 Cookies
The verifyeat.com website does not set tracking cookies. We do not use Google Analytics, Facebook Pixel, or similar tracking. The site works entirely without cookies.
4.3 Forms & email
If you contact us via hello@verifyeat.com, your email address and message will be processed by our email provider for the sole purpose of replying to you. We do not add you to any marketing list without explicit consent.
5. Third-party services we rely on
| Provider | Purpose | Data processed |
|---|---|---|
| Anthropic, PBC (USA) | AI translations, only when you trigger them with your own API key | Product text you choose to translate |
| Cloudflare, Inc. (USA / global) | Hosting and CDN for verifyeat.com | IP address, user agent, request metadata |
| Apple Inc. / Apple Distribution International | Mac App Store subscription billing and purchase validation | Apple ID account and billing data handled by Apple; local entitlement state handled by the app |
| rsms.me | Inter font CSS for the website | IP, user agent (no cookies) |
Where personal data is transferred outside Switzerland or the EU/EEA, we rely on the European Commission's Standard Contractual Clauses or equivalent safeguards.
6. Legal basis & retention
We process personal data under the following legal bases:
- Performance of a contract (Art. 6(1)(b) GDPR; Art. 31 FADP) — to deliver the app and subscription you purchased.
- Legitimate interests (Art. 6(1)(f) GDPR) — for security logs and basic abuse prevention.
- Consent (Art. 6(1)(a) GDPR) — for any optional newsletter or marketing communication you opt into.
We retain personal data only as long as necessary: server logs up to 30 days, support correspondence up to 24 months, billing records as required by Swiss tax law (10 years).
7. Your rights
If you are in the EU, EEA, UK, or Switzerland, you have the right to:
- Access the personal data we hold about you.
- Request correction of inaccurate data.
- Request deletion ("right to be forgotten").
- Object to processing or request restriction.
- Receive your data in a portable format.
- Lodge a complaint with a supervisory authority (in Switzerland: the Federal Data Protection and Information Commissioner, edoeb.admin.ch).
To exercise any right, email hello@verifyeat.com. We will reply within 30 days.
8. Security
We implement reasonable technical and organisational measures to protect personal data, including: HTTPS for all web traffic, Keychain storage for sensitive keys on your Mac, principle-of-least-privilege for any backend services we add in the future, and regular dependency updates. No system is perfectly secure; we will notify affected users and the relevant authority within 72 hours of any data breach that materially affects your rights.
9. Changes to this policy
We may update this policy as the product evolves or to reflect legal changes. Material changes will be announced on this page and, where reasonable, by email to subscribers. The "Last updated" date at the top of this page reflects the latest revision.
10. Contact
Questions, requests, or concerns? Email hello@verifyeat.com. Postal contact details are in the Imprint.