Privacy Policy

Last Updated: March 25, 2026

Plain-Language Summary: Pingo is a free restaurant discovery app. We collect information you provide (like your phone number) and information about how you use the app (like the restaurants you save and your location when you opt in). We use this data to power your personalized map and improve the app. We do not sell, rent, or share your personal information with third parties for their own marketing purposes. We may create aggregated, de-identified insights that cannot identify you individually, which we may use for business analytics. You can control your data, opt out of features, and delete your account at any time. This summary is for convenience only — the full policy below governs.

1. Introduction

Welcome to Pingo ("Pingo," "we," "us," or "our"). Pingo is a restaurant discovery application that allows you to save restaurant recommendations from social media platforms to a personal, interactive map ("Service"). This Privacy Policy explains what information we collect, how we use it, how we protect it, and what choices you have regarding your data.

This Privacy Policy applies to all users of the Pingo mobile application, our website, and any related services we provide (collectively, the "Service"). By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.

Pingo is operated by Sean Pak, doing business as Pingo ("Operator"). Upon formal incorporation, this Privacy Policy will be updated to reflect the corporate entity. All obligations and commitments in this Privacy Policy are binding regardless of corporate status.

2. Information We Collect

We collect information in three ways: information you provide directly, information collected automatically when you use the Service, and information from third-party sources.

2.1 Information You Provide Directly

Account Registration Information: When you create an account, we collect your phone number, which serves as your primary account identifier and is used for authentication via SMS verification codes. You may also optionally provide a display name and profile photo.
User Content: Restaurant saves, lists, reviews, ratings, notes, photos, and any other content you create within the app.
Social Media Links: URLs from TikTok, Instagram, Google Maps, or other platforms that you share to Pingo via the iOS share sheet.
Communications: Information you provide when contacting our support team, responding to surveys, or participating in promotions.
Preferences: Dietary preferences, cuisine interests, and other taste profile information you voluntarily provide.

2.2 Information Collected Automatically

Location Data: With your explicit permission, we collect precise geolocation data (GPS coordinates) from your device. This is used to show nearby saved restaurants, enable proximity alerts, power check-in features, and personalize your map experience. You may grant or revoke location permission at any time through your device settings. We also collect the geographic location of restaurants you save (venue-level location data), which is necessary for core app functionality.
Device Information: Device type, operating system version, unique device identifiers (such as IDFV), app version, language settings, and time zone.
Usage Data: How you interact with the Service, including features used, restaurants viewed, searches performed, time spent on screens, and in-app actions.
Log Data: IP address, access times, referring URLs, crash reports, and diagnostic data.
Cookies and Similar Technologies: We use cookies, local storage, and similar technologies on our website. Our mobile app uses mobile analytics SDKs. See Section 9 (Cookies and Tracking Technologies) for details.

2.3 Information from Third-Party Sources

SMS Verification Providers: We use third-party providers to deliver SMS verification codes during account registration and login. These providers process your phone number solely to deliver the verification message on our behalf.
Social Media Platforms: When you share a link to Pingo, we extract metadata (such as the restaurant name and location) from the linked content. We do not access your social media accounts, contacts, or private messages.
Mapping Services: We use third-party mapping providers (such as Mapbox) to power our map interface. These providers may collect certain technical data as described in their respective privacy policies.

3. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: Displaying your personalized restaurant map, processing your saves and lists, powering search and discovery features, enabling check-ins and proximity alerts, authenticating your account via SMS verification, and maintaining your account.
Personalization: Recommending restaurants based on your preferences, saved history, and location. Our AI-powered search uses your taste profile to deliver relevant results.
Communication: Sending service-related notifications (such as proximity alerts for saved restaurants, SMS verification codes, and account security alerts), responding to your support requests, and providing important updates about the Service. We will only send marketing communications with your explicit opt-in consent.
Safety and Security: Detecting, investigating, and preventing fraud, abuse, and other harmful activity; enforcing our Terms and Conditions; and protecting the rights, property, and safety of Pingo, our users, and the public.
Improvement and Analytics: Understanding how users interact with the Service, identifying bugs and performance issues, developing new features, and improving existing functionality.
Aggregated Insights: Creating de-identified, aggregated statistical analyses and trend reports that cannot reasonably be used to identify any individual user. See Section 5 for details.
Legal Compliance: Complying with applicable laws, regulations, legal processes, or enforceable governmental requests.

We do not use your personal information for purposes materially different from those described in this Privacy Policy without providing you with notice and, where required by law, obtaining your consent.

4. How We Share Your Information

We do not sell, rent, or share your personal information with third parties for their own direct marketing purposes. This is a core commitment of our Service.

We may share your information only in the following limited circumstances:

With Your Consent: When you direct us to share information, such as sharing a list or profile link with friends or on social media.
Service Providers: We share information with third-party vendors who perform services on our behalf, such as cloud hosting (Supabase), mapping services (Mapbox), AI processing (Anthropic), SMS verification delivery, analytics, and customer support tools. These providers are contractually obligated to use your information only to perform the services we have engaged them to provide and are prohibited from using your personal information for their own purposes.
Legal Requirements: We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
Business Transfers: If Pingo is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you via in-app notification and/or a prominent notice within the app of any change in ownership or uses of your personal information.
Aggregated and De-Identified Data: We may share aggregated, de-identified information that cannot reasonably be used to identify you. See Section 5 below for a detailed explanation.

For clarity: We do not provide your phone number, precise location, or any other personally identifiable information to advertisers, restaurant operators, data brokers, or any other third party for their own marketing, advertising, or promotional purposes.

5. Aggregated and De-Identified Data

Pingo may create aggregated, de-identified datasets derived from user activity. This means we take information from many users, remove all personal identifiers (such as phone numbers, device identifiers, and precise locations), and combine the data into statistical summaries that cannot reasonably identify any individual.

Examples of aggregated insights include: the number of users who saved restaurants in a particular cuisine category in a given city; trending restaurant categories by metropolitan area; general dining interest patterns by broad demographic segment (e.g., age range or city-level geography).

We may use such aggregated, de-identified data for business analytics, research, industry reports, or to develop products and services. Because this data cannot reasonably identify you, it is not considered "personal information" or "personal data" under most applicable privacy laws.

We maintain the following safeguards for all de-identified data:

We implement technical measures designed to prevent re-identification of individuals.
We implement organizational policies that prohibit any attempt to re-identify de-identified data.
We contractually prohibit any downstream recipient from attempting to re-identify the data.
We apply minimum aggregation thresholds so that no data point reflects fewer than a minimum number of users.
We exclude sensitive location categories (including healthcare facilities, places of worship, domestic violence shelters, reproductive health clinics, addiction treatment centers, and facilities serving minors) from all aggregated datasets.

Under certain U.S. state privacy laws (including the California Consumer Privacy Act, as amended), the creation and sharing of aggregated, de-identified data under the conditions described above may not constitute a "sale" or "sharing" of personal information. Regardless of legal classification, we provide you with opt-out rights as described in Section 7.

6. Location Data — Special Disclosures

Because location data is especially sensitive, we provide the following additional disclosures:

Collection: We collect precise geolocation (GPS) data from your device only when you grant location permission through your operating system's permission prompt. We collect location data while the app is in the foreground (active use). If you enable proximity alerts, we may also collect location data in the background, but only when this feature is activated.
Purpose: We use your location data to show you nearby saved restaurants, enable proximity-based alerts, power check-in features, personalize search results by distance, and improve the accuracy of our mapping interface.
Control: You may disable location collection at any time by revoking location permission in your device settings (Settings > Privacy > Location Services > Pingo). Disabling location will not affect your ability to save restaurants or browse your map, but it will limit distance-based features and proximity alerts.
Retention: Precise location data associated with your device (e.g., check-in coordinates) is retained for no longer than thirteen (13) months from the date of collection and is then either deleted or aggregated in a manner that cannot identify you. The geographic coordinates of restaurants you save (venue-level data) are retained for the duration of your account.
Sharing: We do not sell, rent, or share your precise location data with third parties for their own purposes. Precise location data may be shared only with service providers who process it on our behalf (e.g., mapping providers) under strict contractual obligations.
Sensitive Locations: We do not use your location data to draw inferences about your visits to sensitive locations, including but not limited to healthcare facilities, places of worship, political gatherings, or facilities serving vulnerable populations.

7. Your Rights and Choices

Depending on where you reside, you may have some or all of the following rights regarding your personal information:

7.1 Rights Available to All Users

Access: You may request a copy of the personal information we hold about you.
Correction: You may request that we correct inaccurate or incomplete personal information.
Deletion: You may request that we delete your personal information and account. Upon receiving a verified deletion request, we will delete or de-identify your personal information within thirty (30) days, except where retention is required by law or for legitimate business purposes (such as fraud prevention or legal compliance). Aggregated, de-identified data that cannot identify you may be retained.
Data Portability: You may request a copy of your data in a structured, commonly used, machine-readable format.
Withdraw Consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing conducted prior to withdrawal.
Opt Out of Marketing: You may opt out of marketing communications at any time by following the unsubscribe instructions in any marketing message or by adjusting your notification preferences in the app. Service-related communications (such as account security alerts and SMS verification codes) are not marketing and cannot be opted out of while your account is active.
Location Opt-Out: You may disable location data collection at any time through your device settings.
Opt Out of Aggregated Data Use: You may request that your data be excluded from aggregated, de-identified datasets. To exercise this right, email us at sean.mk.pak@gmail.com with the subject line "Opt Out of Aggregated Data."

7.2 Additional Rights for California Residents (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:

Right to Know: You may request that we disclose the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share personal information.
Right to Delete: As described above.
Right to Opt Out of Sale/Sharing: You have the right to opt out of the "sale" or "sharing" of your personal information as defined by the CCPA. As of the date of this policy, Pingo does not sell or share your personal information as those terms are defined under the CCPA. If our practices change, we will update this policy and provide a "Do Not Sell or Share My Personal Information" link.
Right to Limit Sensitive Personal Information: Precise geolocation and phone numbers are classified as Sensitive Personal Information under the CCPA. You may limit our use of your precise geolocation by disabling location permissions on your device.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Global Privacy Control: We honor Global Privacy Control (GPC) signals. If your browser or device sends a GPC signal, we will treat it as a valid opt-out request for the sale or sharing of personal information.

To exercise your rights, email sean.mk.pak@gmail.com or use the in-app privacy settings. We will verify your identity before processing your request. We will respond within forty-five (45) days, with a possible extension of an additional forty-five (45) days upon notice.

7.3 Additional Rights for EEA, UK, and Swiss Residents (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, you have the following additional rights under the General Data Protection Regulation (GDPR) or UK GDPR:

Right to Restriction: You may request that we restrict the processing of your personal data in certain circumstances.
Right to Object: You may object to processing based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority.

Legal Bases for Processing: We process your personal data under the following legal bases:

Consent (Article 6(1)(a)): For precise geolocation collection, background location tracking, proximity alerts, marketing communications, and any processing for which we specifically request your consent.
Contract Performance (Article 6(1)(b)): For account creation, phone number authentication, providing core app functionality (saving restaurants, displaying your map, powering search), and customer support.
Legitimate Interests (Article 6(1)(f)): For analytics and service improvement, security and fraud prevention, and bug detection. Our legitimate interest is balanced against your rights and does not override them.
Legal Obligation (Article 6(1)(c)): For compliance with applicable laws and regulations.

7.4 Additional Rights for Canadian Residents (PIPEDA)

If you are a Canadian resident, you have rights under the Personal Information Protection and Electronic Documents Act (PIPEDA), including the right to access, correct, and withdraw consent for the collection, use, or disclosure of your personal information. To exercise these rights, contact our Privacy Officer at sean.mk.pak@gmail.com.

7.5 Additional U.S. State Rights

Residents of Virginia, Colorado, Connecticut, Texas, Oregon, Montana, and other states with comprehensive privacy laws may have additional rights, including the right to opt out of profiling, the right to appeal a denied request, and the right to opt out of targeted advertising. To exercise these rights, email sean.mk.pak@gmail.com.

8. Children's Privacy

Pingo is designed for and directed to users who are at least eighteen (18) years of age. We do not knowingly collect personal information from children under the age of thirteen (13) (or under sixteen (16) in certain jurisdictions). If we learn that we have collected personal information from a child below the applicable age threshold, we will take prompt steps to delete that information and terminate the associated account.

If you are a parent or guardian and believe that your child has provided personal information to Pingo, please contact us at sean.mk.pak@gmail.com, and we will delete the information.

We comply with the U.S. Children's Online Privacy Protection Act (COPPA), the EU General Data Protection Regulation's provisions on children's data, the UK Age Appropriate Design Code, and other applicable children's privacy laws.

9. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies. Our mobile app uses mobile analytics SDKs (such as analytics and crash reporting tools).

Strictly Necessary: Required for the Service to function (e.g., authentication tokens, session management). These cannot be disabled.
Analytics: Help us understand how users interact with the Service. You may opt out of analytics tracking in the app settings.
Functional: Remember your preferences and settings (e.g., language, map view).

We do not use advertising cookies or tracking pixels. We do not engage in cross-app or cross-site behavioral advertising.

For our website, we provide a cookie preference center where you can manage your choices. You may also control cookies through your browser settings.

10. Data Security

We implement commercially reasonable technical and organizational measures to protect your personal information, including:

Encryption of data in transit using TLS 1.2 or higher.
Encryption of data at rest.
Row-level security (RLS) policies in our database to ensure users can only access their own data.
Secure phone number authentication via SMS verification codes — we never store verification codes after validation.
Regular security assessments and code reviews.
Access controls limiting employee access to personal data on a need-to-know basis.

No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

11. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

Account Data (phone number, display name): Duration of your account plus thirty (30) days after account deletion to allow for account recovery.
User Content (saves, lists, reviews): Duration of your account. Deleted promptly upon account deletion request.
Precise Location Data: Thirteen (13) months rolling from the date of collection. After this period, location data is either deleted or aggregated in a form that cannot identify you.
Device and Usage Data: Twenty-four (24) months from collection.
SMS Verification Codes: Deleted immediately upon successful verification or expiration.
Consent Records: Five (5) years after your last interaction with the Service, as required for legal compliance.
Aggregated, De-Identified Data: May be retained indefinitely, as it cannot identify individuals.

12. International Data Transfers

Pingo is operated from the United States. If you are accessing the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

For transfers from the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following safeguards:

The EU-U.S. Data Privacy Framework, the UK Extension to the DPF, and the Swiss-U.S. Data Privacy Framework, as applicable.
Standard Contractual Clauses (SCCs) approved by the European Commission, as a supplementary transfer mechanism.
Any other applicable adequacy decisions or legally recognized transfer mechanisms.

We ensure that any international transfer of personal data is accompanied by appropriate safeguards to provide a level of data protection consistent with applicable law.

13. Third-Party Links and Services

The Service may contain links to third-party websites, apps, or services (such as TikTok, Instagram, or restaurant booking platforms). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through Pingo.

14. "Do Not Track" Signals

We honor Global Privacy Control (GPC) signals as described in Section 7.2. With respect to browser-based "Do Not Track" (DNT) signals, there is currently no universally accepted standard for how companies should respond to DNT signals. We will continue to monitor developments and update our practices as industry standards evolve.

15. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, including our collection and processing of precise location data. These assessments evaluate the necessity and proportionality of the processing, assess risks, and identify mitigation measures.

16. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within seventy-two (72) hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you without undue delay.

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Post the updated policy within the app and on our website with a revised "Last Updated" date.
Notify you via in-app notification at least thirty (30) days before the changes take effect.
Where we have your email address, send notification by email as well.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the revised policy. If you do not agree to the changes, you should discontinue use and delete your account.

18. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

All Inquiries (Privacy, Legal, Support, DMCA)
Email: sean.mk.pak@gmail.com
Mailing Address: 8 Market Pl Suite # 365, Baltimore, MD 21202

For EEA/UK Residents: Our EU representative will be designated and disclosed here upon commencement of data processing activities involving EEA/UK residents.

For Canadian Residents: Privacy Officer: sean.mk.pak@gmail.com

We will acknowledge receipt of your inquiry within five (5) business days and provide a substantive response within thirty (30) days (or forty-five (45) days for CCPA requests, extendable by an additional forty-five (45) days with notice).

This Privacy Policy is effective as of the "Last Updated" date set forth above.