Privacy Policy

1. Introduction

This Privacy Policy applies to all personal data processed by FoodRaccoon through our mobile application (App), website, and related services. FoodRaccoon acts as the data controller within the meaning of the GDPR.

If you have any questions about data protection, you can contact us at:

Raccoon Services UG (haftungsbeschränkt)
Mühlenstraße 8a, 14167 Berlin
Email: [email protected]

2. Personal Data We Collect

We collect the following categories of personal data:

(a) Contact data: name, email address, telephone number, postal address.

(b) Account data: username, password (encrypted), profile information, preferences.

(c) Transaction data: order history, payment information (processed by our payment provider), delivery/pickup details, receipts.

(d) Communication data: messages sent through the platform, customer service inquiries, reviews and ratings.

(e) Usage data: app usage patterns, device information (device type, operating system, app version), IP address, access times, pages viewed, features used, crash reports.

(f) Geohash-based location data: An approximate area derived from the device's GPS signal (max. ~150m for consenting users, ~1.2 km for anonymous users). Precise GPS coordinates are not stored. See section 11 for details on heatmap analysis.

3. Processing Purposes and Legal Bases

We process your personal data for the following purposes and on the following legal bases:

(a) Performance of our services: Processing your orders, managing your account, facilitating payments, and providing customer support. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

(b) Customer relationship management: Communicating with you about your orders, account updates, and service changes. Legal basis: Art. 6(1)(b) GDPR (performance of a contract).

(c) Direct marketing: Sending you promotional offers, newsletters, and information about new features or partners, where you have consented. Legal basis: Art. 6(1)(a) GDPR (consent).

(d) Research and improvement: Analysing usage patterns and feedback to improve our services, develop new features, and enhance user experience. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

(e) Heatmap analysis to identify user clusters for partner acquisition. Legal basis: Art. 6(1)(f) GDPR (legitimate interest) for anonymous Tier 1 users; Art. 6(1)(a) GDPR (consent) for Tier 2 profiles.

(f) Record keeping: Maintaining records for accounting, tax, and regulatory compliance. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

(g) Security: Protecting our platform, detecting fraud, and ensuring the security of our systems and users. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

(h) Legal claims: Establishing, exercising, or defending legal claims. Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

(i) Compliance: Fulfilling legal obligations, including responding to lawful requests from public authorities. Legal basis: Art. 6(1)(c) GDPR (legal obligation).

4. Data Sharing with Third Parties

We may share your personal data with the following categories of recipients:

(a) Partner restaurants: We share your order details and necessary contact information with Partner restaurants to fulfil your orders.

(b) Payment service providers: We use third-party payment processors (such as Stripe) to process payments. These providers receive only the payment-related data necessary to process your transactions and are contractually obligated to protect your data.

(c) Service providers: We engage service providers who process data on our behalf for purposes such as hosting, analytics, and customer support. These providers are bound by data processing agreements in accordance with Art. 28 GDPR.

(d) Legal obligations: We may disclose your data to law enforcement agencies, courts, or regulatory authorities when required by law or when necessary to protect our rights, property, or safety, or the rights, property, or safety of others.

5. Data Retention and Deletion

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by law.

6. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

(a) Right of access (Art. 15 GDPR): You have the right to obtain information about whether and which personal data we process about you.

(b) Right to rectification (Art. 16 GDPR): You have the right to request the correction of inaccurate personal data or the completion of incomplete personal data.

(c) Right to erasure (Art. 17 GDPR): You have the right to request the deletion of your personal data, provided there is no legal obligation to retain it.

(d) Right to restriction of processing (Art. 18 GDPR): You have the right to request the restriction of processing of your personal data under certain conditions.

(e) Right to object (Art. 21 GDPR): You have the right to object to the processing of your personal data based on legitimate interests, including direct marketing.

(f) Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

(g) Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with a supervisory authority.

(h) Right to withdraw consent (Art. 7(3) GDPR): Where processing is based on your consent, you have the right to withdraw your consent at any time.

To exercise your rights, please contact us at: [email protected]

7. Cookies We Use

We use the following types of cookies and similar technologies:

(a) Authentication cookies: These cookies are necessary to identify you as a logged-in user and to maintain your session.

(b) Personalisation cookies: These cookies store your preferences and settings.

(c) Security cookies: These cookies help protect against fraud and unauthorised access.

(d) Analytics cookies: These cookies help us understand how users interact with our Service. Analytics cookies require your explicit consent via the cookie banner.

(e) Consent management cookies: These cookies, set by CookieYes, store your cookie preferences and consent decisions.

8. Cookies and Technologies

We use the following third-party services and technologies:

(a) Firebase (Google LLC): We use Firebase for authentication, database services, and cloud functions.

(b) PostHog (PostHog, Inc.): We use PostHog for website analytics, session recording, and product improvement. Data is processed exclusively in the EU (Frankfurt, Germany). PostHog analytics require your explicit consent via the cookie banner.

(c) CookieYes (CookieYes Limited): We use CookieYes to manage cookie consent and comply with GDPR requirements.

(d) Microsoft 365 (Microsoft Corporation): We use Microsoft 365 for internal communications and business operations.

(e) TypeForm (TYPEFORM S.L.): We use TypeForm for surveys and forms.

(f) Stripe (Stripe, Inc.): We use Stripe for payment processing.

(g) Claude (Anthropic, PBC): We use Claude as an AI-assisted development tool exclusively internally for software development. No user data is transmitted to Anthropic. For more information, please refer to Anthropic's privacy policy at anthropic.com/privacy.

(h) Airbridge (AB180 Inc.): We use Airbridge for mobile marketing attribution in our apps, in particular to link QR code scans and advertising links to app installs (deferred deep links). Processing starts automatically on first app launch and before consent is obtained, because the attribution window between an advertising click, app install, and first launch does not allow a prior consent prompt without making the measurement of our marketing activities impossible. Processing is based on our legitimate interest under Art. 6(1)(f) GDPR in measuring the effectiveness of marketing activities. Only pseudonymized device and link identifiers are processed (configuration `hashUserInformationEnabled: true`); profiling tied to an identifiable person only occurs after the user has granted Tier 2 analytics consent later in the app journey.

9. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes through the App or by other appropriate means.

10. Our Details

Raccoon Services UG (haftungsbeschränkt)
Mühlenstraße 8a, 14167 Berlin
Commercial register: HRB 257349, District Court Berlin (Charlottenburg)
Email: [email protected]
VAT ID: DE365826522

11. Location Data and Heatmap

For the heatmap analysis described in section 3, we process approximate location data of our app users. The purpose of processing is to identify user clusters in order to inform data-driven decisions about acquiring new partner restaurants.

Processor: Location data is processed exclusively by our processor PostHog, Inc. on PostHog Cloud (EU region, Frankfurt am Main data centre). A data processing agreement under Art. 28 GDPR is in place with PostHog.

Anonymous capture (Tier 1): If location permission has been granted, we capture at most once per app session (typically once per cold start of the app) an anonymous geohash at ~1.2 km × 0.6 km precision (Geohash6). The underlying GPS coordinates are discarded immediately after geohash computation. The IP address is not stored for these events (`disableGeoip: true`). No person profile is created; the capture occurs under a randomly assigned, session-bound identifier.

Identified capture (Tier 2, consent-based): With your consent to enhanced analytics (the toggle "Enhanced analytics with location" under Settings → Privacy), we process at the same frequency a geohash at ~150 m × 150 m precision (Geohash7), as well as a corresponding person property `last_known_geohash7`. Consent can be withdrawn at any time in the app. On withdrawal, the location person properties are removed from the PostHog profile (PostHog `$unset`).

No persistent on-device storage: The frequency cap ("once per session") is enforced exclusively in the running app session's memory. No data is stored on your device for this purpose (no cookies, no AsyncStorage keys). The frequency cap therefore does not require consent under § 25 TDDDG.

Paths without location permission: If the user has not granted location permission, PostHog derives country, region (Bundesland), and city server-side from the IP address (GeoIP enrichment). The raw IP address is then discarded immediately after this enrichment via the project-wide "Discard client IP after processing" setting. No geohash is created; data from this path does not contribute to the heatmap.

Retention: Events are retained per the active PostHog Cloud plan's policy. On the currently active Free plan, raw event retention is 12 months (as of May 2026). PostHog does not currently offer a project-configurable shorter retention period; switching to a paid PostHog plan would change retention (default 7 years there). We review this annually and update this notice accordingly. Tier 2 person properties are removed immediately on consent withdrawal.

Erasure (Art. 17 GDPR): On an explicit Art. 17 request, in addition to person properties, we also delete all historical location events from your profile via the PostHog person-deletion API. Direct your request to [email protected].

Legal basis:
- Anonymous capture (Tier 1): Art. 6(1)(f) GDPR — legitimate interest in data-informed partner acquisition. The balancing test reflects strong data minimization (Geohash6, no IP, no person profile, no persistent on-device storage, processing exclusively in the EEA).
- Identified capture (Tier 2): Art. 6(1)(a) GDPR — consent. Consent is given via an in-app toggle that explicitly names the linking of location data to your profile.

Your rights and right to lodge a complaint: A complete overview of your rights under Art. 15–22 GDPR (access, rectification, erasure, restriction, portability, objection, withdrawal) is in section 6. Complaints may be lodged with the supervisory authority competent for our place of establishment — the Berliner Beauftragte für Datenschutz und Informationsfreiheit (BlnBDI), Friedrichstraße 219, 10969 Berlin. Under Art. 77 GDPR you may alternatively turn to the supervisory authority of your habitual residence — for users based in Cologne, that is the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW), Kavalleriestraße 2-4, 40213 Düsseldorf.

12. Crash Reports (Crashlytics)

To detect and fix software defects in our mobile applications we use Firebase Crashlytics (Google LLC, "Google"). Crashlytics automatically captures crash reports, including stack traces, anonymous device and operating-system information (model, OS version, free memory, language), and the app version. Processing begins on first app launch.

Anonymous capture (Tier 1): As long as you have not opted in to extended analytics (Tier 2 consent), crash reports are captured anonymously and are not linked to your user identifier. Legal basis: Art. 6(1)(f) GDPR — legitimate interest in app stability and security.

Identified capture (Tier 2, consent-based): With your consent to extended analytics (Settings → Privacy toggle), newly captured crash reports are linked to your user identifier so that recurring errors affecting individual accounts can be investigated. When you withdraw consent, future crash reports are no longer linked to your user identifier. Crash reports captured anonymously before consent remain unchanged; they contain no personal identifier.

Recipients and transfer: Data is transmitted to Google servers and may be processed in the United States. Google is certified under the EU-US Data Privacy Framework.

Retention: Crashlytics retains crash reports under Google Firebase's default schedule (currently 90 days for detailed stack traces, after which aggregated statistics remain).

Your rights: A full overview of your rights under Art. 15–22 GDPR is provided in Section 6.