Privacy Policy

What Palate Does

Palate builds your dining profile by finding reservations, orders, and receipts across platforms like OpenTable, Resy, DoorDash, Toast, Uber Eats, and others. We use read-only access to your Gmail account to discover dining confirmation emails — we never modify, delete, or send emails on your behalf.

What We Access

When you sign in with Google, we request read-only access to your Gmail. We only search for emails from known dining platforms (OpenTable, Resy, DoorDash, etc.) using specific sender queries. We do not read personal emails, attachments, or any messages unrelated to dining.

From dining emails, we extract:

• Restaurant name and location
• Date, time, and party size
• Order items and amounts (when available)
• Confirmation numbers

How We Use Your Data

Your dining data is used to:

• Build your personal dining profile and timeline
• Identify cuisine preferences, favorite restaurants, and dining patterns
• Provide personalized dining recommendations (coming soon)

Data Storage & Security

Your data is stored securely in our database with row-level security policies. Your Google OAuth tokens are encrypted and stored server-side. We do not sell, share, or provide your personal data to third parties. Restaurant data (names, locations, cuisine types) may be shared in aggregate, anonymized form.

Third-Party Services

We use the following services to operate Palate:

• Google Gmail API — to discover dining emails (read-only)
• Google Places API — to enrich restaurant information
• Supabase — for authentication and database hosting
• Vercel — for application hosting

Your Controls

You can at any time:

• Delete all your dining data from Settings
• Revoke Gmail access from your Google Account permissions
• Delete your Palate account entirely

Contact

Questions about this policy? Reach us at privacy@thepalate.app.