Privacy Policy

Data controller: MAKAN APP LTD

Registered address: 86–90 Paul Street, London, EC2A 4NE, United Kingdom

Contact email: support@makanofficial.com

MAKAN APP LTD is responsible for determining how and why personal data is processed under this Privacy Policy. We have not appointed a Data Protection Officer, as we are not required to; data-protection queries can be sent to the contact email above.

We do not intentionally collect special category personal data. However, user-generated content may reveal sensitive information. You should avoid uploading personal data you do not wish to be processed.

We use personal data to:

• Create and manage user accounts
• Provide core App functionality, including saving meals and displaying feeds according to your selected audience settings
• Operate the friend graph, including friend requests and mutual friendships
• Synchronise content across your devices
• Show nearby places and calculate distances, using your device location where you have granted permission
• Operate the waitlist and send beta invitations
• Maintain security, prevent abuse, and protect the integrity of the Services
• Respond to support enquiries
• Understand usage and improve the reliability, performance, and design of the Services

We do not sell personal data, we do not use personal data for third-party advertising, and we do not use AI to generate, infer, or analyse the content of your meals.

Under UK GDPR, we rely on the following lawful bases.

The App supports different visibility settings. What other users can see depends on the choices you make.

• Public posts are visible to other users and may appear in discovery features within the App
• Friends-only posts are visible only to your mutual friends
• Private posts are visible only to you within your personal meal diary

If you change the audience of a post or delete it, the change is applied within the App. Copies may remain temporarily in device caches or system backups for limited periods, as described in the retention section.

We use the following providers to operate the Services. Each processes personal data on our behalf under contractual terms that require appropriate security and confidentiality.

• Google LLC (Firebase)— the App's backend. We use Firebase Authentication, Cloud Firestore, Cloud Storage, Cloud Functions, and Firebase Analytics to store and synchronise account and meal data, operate core features, and understand usage.
• Vercel Inc. — hosting for the Site, and Vercel Web Analytics, which measures aggregate Site usage.
• Google LLC (Google Sheets) — secure storage of waitlist and enquiry submissions.
• Resend — delivery of transactional emails, such as your beta invitation.
• Apple Inc. — distribution of the App through TestFlight and the App Store.

We do not use third-party advertising SDKs or cross-app tracking technologies. If we introduce additional processors, we will update this Privacy Policy before those changes take effect.

The Site uses Vercel Web Analytics, which is privacy-friendly and cookieless: it identifies visits using a hash that resets daily and cannot track you across days or across other websites. It stores no information on your device and collects no personal identifiers, so it does not require a consent banner.

The App uses Firebase Analytics, which relies on device identifiers to measure how features are used. Because this stores and accesses information on your device, we ask for your consent within the App before enabling non-essential analytics, and you can change your choice at any time in the App's settings. We never use these technologies for advertising or cross-app tracking.

Some of our providers — including Google, Vercel, Resend, and Apple — process personal data outside the United Kingdom, including in the United States.

Where international transfers occur, we rely on appropriate safeguards recognised under UK law, such as the UK International Data Transfer Agreement or Addendum, the UK extension to the EU Standard Contractual Clauses, or transfers to providers certified under an applicable data protection framework. You can request more information about these safeguards using the contact details above.

We apply technical and organisational measures designed to protect personal data, including encryption in transit, access controls, and server-side security rules.

No system is completely secure, but we take reasonable steps to protect data against unauthorised access, loss, or misuse. If a personal data breach occurs that is likely to result in a risk to your rights, we will notify the Information Commissioner's Office, and affected users where required, within the timeframes set by law.

We retain personal data only for as long as necessary for the purposes described in this Privacy Policy.

Under UK GDPR, you have the right to:

• Access your personal data
• Request correction of inaccurate data
• Request deletion of personal data
• Request restriction of processing in certain circumstances
• Request data portability where applicable
• Object to processing in certain circumstances
• Withdraw consent where we rely on it

You can delete your account at any time from within the App, which begins the deletion process described above. To exercise any other right, contact us at support@makanofficial.com. We may request information to verify your identity, and we handle requests within the time limits required by law.

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

You must be at least 13 to create an account. Because a service like ours may be accessed by people under 18, we follow the UK Age Appropriate Design Code (the Children's Code). In practice this means:

• Privacy-protective defaults — new posts default to friends-only, not public
• Location access is off by default and only used, with permission, at the moment you use a location feature
• We collect the minimum data needed and do not profile users or use data for targeted advertising
• We do not use manipulative design or nudges to push you to share more than you intend

If we become aware that personal data has been collected from a child under 13, we will take steps to delete that data. If you believe a child has provided us with personal data, please contact us.

We may update this Privacy Policy from time to time.

The updated version will be published with a revised “Last updated” date. Where the change is significant, we will take reasonable steps to notify you, for example within the App or by email.