calibRATER
Calibrated to you.
Privacy Policy
Last updated: May 2026
Overview
calibRATER is committed to protecting your personal information. This policy describes what we collect, why we collect it, how we protect it, and your rights under applicable Canadian privacy law — specifically the Personal Information Protection and Electronic Documents Act (PIPEDA) at the federal level and, for users in Québec, the Act respecting the protection of personal information in the private sector (Law 25). Users located in the European Union are also afforded rights under the General Data Protection Regulation (GDPR), which we honour on the same basis. If you have any questions, contact us at contact@calibrater.app.
What we collect
We collect the following categories of personal information:
Email address — collected at sign-up to create and identify your account.
Ratings, scores, and notes — the restaurant ratings, dimension scores, visit dates, and any notes you enter while using the Rate screen. These are your data and are never shared with other users.
Preferences — your home city, spending baseline, and dimension weights, which you set during onboarding or on the Profile screen.
Location — when you use the "Near me" search, your device's GPS coordinates are requested. These coordinates are used only to find restaurants in your vicinity during that session and are not stored on our servers. Location access is requested by the device operating system, which presents a clear consent prompt before any coordinates are shared with the app.
Payment information — if and when paid features are introduced, we will use a third-party payment processor (e.g., Stripe) that is PCI-DSS compliant. calibRATER will never store your full card number, CVV, or bank details on our own servers. We will update this policy and notify you before payment features go live.
How we use your data
Your data is used solely to operate the calibRATER service:
To display your ratings, calculate your calibration score, and rank restaurants in your personal list.
To calculate your spending baseline and suggest value ratings.
To generate personalised restaurant recommendations using anonymised, aggregated rating patterns. Your individual ratings are never shared with other users or visible to them in any form.
To provide nearby restaurant suggestions using your location (session-only, not stored).
We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in the Third-party services section below.
Who can see your data
Your ratings and notes are private by default and visible only to you. Our database uses row-level security, meaning your rows are technically inaccessible to all other users — including calibRATER employees — at the database layer.
If you choose to share your top list using the in-app share feature, a read-only text snapshot of that list is generated and shared by you, under your full control. We do not generate public profile pages or publish user data in any form without your explicit action.
Cookies and local storage
calibRATER uses a small number of functional cookies and browser storage to operate correctly:
calibrater_last_route — a cookie that remembers which screen you were last on (Discover, Rate, or Profile) so the app reopens to the correct page. This is a functional cookie; it contains no personal information and is not used for tracking or advertising.
Session storage — a temporary browser value (cleared when the tab closes) that holds the ID of the restaurant you are currently rating, so the page does not lose context if you switch tabs briefly.
We do not use tracking cookies, analytics cookies, advertising cookies, or any third-party cookies. No cookie consent banner is required under PIPEDA for strictly functional cookies, but we disclose them here in full transparency.
Data security and encryption
We implement the following technical safeguards in compliance with PIPEDA Principle 7 (Safeguards) and equivalent Québec Law 25 requirements:
Encryption in transit — all data transmitted between your device and our servers uses TLS 1.2 or higher.
Encryption at rest — all data stored in our database is encrypted at rest using AES-256, provided by Supabase on AWS infrastructure.
Row-level security — each user's data is isolated at the database layer. No query can return another user's rows, regardless of how it is written.
Access control — no calibRATER team member has routine access to your personal data. Database access requires multi-factor authentication.
Rate limiting — our API enforces per-IP request limits to protect against automated abuse.
No system is completely immune to all threats. In the event of a data breach that poses a risk to your personal information, we will notify affected users promptly and report to the Office of the Privacy Commissioner of Canada as required under PIPEDA's mandatory breach reporting rules (in force since November 2018). Québec users will also be notified as required under Law 25.
Data retention
We retain your personal data for as long as your account is active. If you delete your account, all your data — including your profile, ratings, notes, preferences, and rating history — is permanently deleted within 24 hours. This cannot be undone.
Anonymised, aggregated statistics derived from your ratings (e.g., the overall average score for a restaurant across all users) may be retained after account deletion, as these cannot be traced back to any individual.
Your rights
Under PIPEDA, Law 25, and GDPR (where applicable), you have the right to:
Access — request a copy of the personal information we hold about you.
Correction — ask us to correct inaccurate or incomplete information.
Deletion — delete your account and all associated personal data directly from the Profile screen, or contact us to request deletion.
Portability — request an export of your data in a machine-readable format.
Withdraw consent — you can stop using location features at any time by revoking location permission in your device settings. You can delete your account at any time.
To exercise any right, contact us at contact@calibrater.app. We respond to all data requests within 30 days, as required by PIPEDA.
Third-party services
calibRATER relies on a small number of third-party services to operate. Each is chosen with privacy in mind:
Supabase (database and authentication) — your data is stored on Supabase-managed infrastructure hosted on AWS in your selected region. Supabase is SOC 2 Type II certified. See supabase.com/privacy.
Google Places API — when you search for a restaurant or use the "Near me" feature, queries may be sent to Google's Places API. Google processes the restaurant name or your coordinates to return nearby results. Google's privacy policy applies to these requests: policies.google.com/privacy. We cache restaurant data in our own database to minimise the frequency of these calls.
OpenStreetMap / Overpass API — restaurant data is also fetched from OpenStreetMap's public Overpass API. No personal information is sent in these requests.
Stripe (payment processor, future) — if payment is introduced, Stripe will process transactions. calibRATER will not store card details. See stripe.com/privacy.
We do not use analytics platforms, advertising networks, or any third-party SDKs that collect behavioural data.
Changes to this policy
We may update this policy as the app evolves. We will notify you of any material changes via email at least 7 days before they take effect. Continued use of the app after the effective date of changes constitutes acceptance of the updated policy. We will never retroactively change how previously collected data is used without your explicit consent.
Contact and complaints
For any privacy questions, data access requests, or concerns, contact us at:
contact@calibrater.app
If you believe we have not handled your personal information in compliance with PIPEDA, you have the right to file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca. Québec users may also contact the Commission d'accès à l'information du Québec at cai.gouv.qc.ca.
calibRATER Inc. · Toronto, Canada · contact@calibrater.app