What we collect
The minimum the app needs to work, and nothing else.
- Your email address — used to sign you in and, if you ever ask us to, send a password-reset link. We don't send marketing email.
- Your display name — auto-generated as something like "Diner #4F2A" unless you change it. Shown on comments and menu uploads you make.
- Your preferred language and region — so menus translate into the right script and we can pre-load a polite "I'd like to order…" line in the local language.
- Dietary tags and allergens you set — kept on your account and only used to warn you about dishes you might want to avoid.
- Menus you photograph and dish comments you write — these are intentionally public (see "What others see," below) so the next diner at the same restaurant gets an instant menu.
- Your approximate location — only if you grant permission. Used in the moment to bias restaurant search results to places near you. We don't store a history.
What we don't collect
- No advertising IDs.
- No third-party analytics scripts, no behavioural tracking, no fingerprinting.
- No social-graph data — we don't ask for or read your contacts.
- No payment info — TableVox is free at launch.
What others see
TableVox is a community library of menus. A few pieces of your activity are visible to other diners by design:
- Menu photos you upload to a restaurant, along with the display name attached to the upload and the timestamp.
- Comments you post on dishes, with your display name and a relative timestamp.
- Likes on dish posts (count only — your identity isn't shown on likes).
- Reports on comments — these go only to us, not to other diners.
Your email, language preference, region, dietary tags, and allergens are never shown to other diners.
Where your data lives
TableVox's backend runs on Supabase (Postgres database, authentication, file storage) hosted in the United States. Your account row and the photos you upload live there.
Third parties we send things to
For the app to function we pass small slices of data to a handful of trusted services:
- OpenAI — menu text and dish descriptions are sent to OpenAI's API so the model can OCR a photo and translate the dishes. OpenAI's privacy policy applies to that hop. No identifying data about you is included.
- Google — restaurant search uses the Google Places API; sign-in with Google goes through Google OAuth.
- Apple — sign-in with Apple goes through Apple's identity service, which returns an opaque token to us. We never see your Apple ID.
Cookies and similar tech
The TableVox app doesn't use cookies — it stores your session token locally on your device, in the system keychain. The website you're reading right now uses no cookies and no analytics scripts; the only outbound calls are to Google Fonts (to load the typeface). If we ever add analytics, we'll tell you before turning them on and we'll pick a privacy-respecting tool.
Children
TableVox isn't designed for, marketed to, or intentionally used by children under 13. If you believe a child has signed up, write to us and we'll delete the account.
Your choices
Change what you've set
Account → tap any field. Display name, language, region, dietary tags, allergens — all editable. Changes propagate to your prior comments and menu uploads.
Delete your account
Email [email protected] from the address tied to your account and we'll delete it. Your row, your dietary preferences, and any photos that attribute uploads to you are removed within seven days. Menu and dish photos themselves stay in the public library, but the upload attribution becomes "Anonymous diner."
Withdraw location permission
Anytime, in your phone's settings. The app still works without it — you just search by typing a restaurant name or address.
Changes to this page
If we change how TableVox handles data in any material way, we'll update this page and surface a one-time note inside the app. The "Effective" date at the top is always the latest version's date.
Get in touch
Privacy questions, deletion requests, or anything else — write to [email protected]. A human reads every message.