Privacy Policy
WHAT IS DISH
Effective Date: January 15, 2026
Version: 1.2
Data Controller
Kaedetaki LLC
License No. 2536945.01
Sharjah Media City, UAE
privacy@whatisdish.app
EU Representative (GDPR Article 27):
Maple Rapids OÜ
Registry Code: 16068572
Estonia
eu-privacy@whatisdish.app
Introduction
This Privacy Policy explains how Kaedetaki LLC ("we," "us," "our") collects, uses, and protects your personal data when you use what is dish ("Service").
We comply with the UAE Personal Data Protection Law, EU General Data Protection Regulation (GDPR), UK GDPR, California Consumer Privacy Act (CCPA), and other applicable data protection laws.
1. Data We Collect
1.1 Data You Provide
| Data | Purpose |
|---|---|
| Email address | Account, authentication, communication |
| Password (encrypted) | Account security |
| Preferences (optional) | Personalization |
1.2 Data Collected Automatically
| Data | Purpose |
|---|---|
| Menu photographs | AI analysis (deleted within 24 hours) |
| Device/browser information | Service operation |
| Usage data | Service improvement |
| IP address | Security, general location |
1.3 Data We Do NOT Collect
- Precise GPS location
- Contacts or address books
- Biometric data
- Full payment card numbers (handled by payment processors)
- Government ID numbers
- Health or medical records
2. How We Use Your Data
We use your data to:
- Provide menu translation and analysis services
- Manage your account and subscriptions
- Process payments (via third-party processors)
- Improve the Service
- Ensure security and prevent fraud
- Send service communications
- With your consent, send marketing communications
3. Anonymized and Aggregated Data
3.1 What It Is
We may create anonymized data that cannot identify any individual by combining and de-identifying usage patterns from many users.
3.2 Types of Insights
- Popular cuisine trends by region
- Average menu price analytics
- Language translation patterns
- General usage statistics
3.3 How We Use It
Anonymized data is no longer personal data. We may use it for any purpose, including:
- Internal analytics
- Research and development
- Commercial purposes, including sale to third parties (market researchers, industry analysts)
3.4 Safeguards
- Minimum 100+ users before aggregation
- No precise location data (city/region level only)
- Technical anonymization measures applied
- Third parties prohibited from re-identification
3.5 Opt-Out
Contact privacy@whatisdish.app to opt out of future data aggregation.
4. Data Sharing
4.1 We Do NOT Sell Personal Data
We do not sell, rent, or trade your personal data to third parties.
4.2 Service Providers
We share data with:
| Provider | Purpose |
|---|---|
| Cloud hosting (Supabase) | Data storage |
| AI providers (OpenAI) | Menu analysis and translation |
| Payment processors (Stripe) | Subscription billing |
| Google AdSense | Advertising (free users only) |
| Analytics | Usage statistics |
All providers are bound by data processing agreements.
4.3 Legal Requirements
We may disclose data when required by law or to protect our rights, safety, or property.
4.4 Business Transfers
Data may be transferred in connection with mergers, acquisitions, or sale of assets.
5. International Transfers
Your data may be processed in countries outside your residence. For transfers from the EU/UK, we use Standard Contractual Clauses and appropriate safeguards.
6. Data Retention
| Data | Retention |
|---|---|
| Account data | Until deletion + 30 days |
| Menu photos | Deleted within 24 hours |
| Usage analytics | 26 months (anonymized) |
| Billing records | 7 years (legal requirement) |
7. Data Security
We implement industry-standard security measures:
- Encryption in transit (TLS) and at rest (AES-256)
- Password hashing (bcrypt)
- Access controls and authentication
- Regular security assessments
No method is 100% secure. We cannot guarantee absolute security.
8. Your Rights
8.1 All Users
| Right | How to Exercise |
|---|---|
| Access | Account Settings → Download Data |
| Correction | Account Settings → Edit Profile |
| Deletion | Account Settings → Delete Account |
| Withdraw consent | Account Settings → Notifications |
Or email: privacy@whatisdish.app
8.2 EU/EEA Users (GDPR)
Additional rights:
- Restriction of processing
- Data portability
- Object to processing
- Lodge complaint with supervisory authority
EU Representative: Maple Rapids OÜ, Registry Code 16068572, Estonia, eu-privacy@whatisdish.app
8.3 UK Users
We do not currently maintain a UK Representative under UK GDPR Article 27. UK residents may contact us directly at privacy@whatisdish.app. We respond to all UK data subject requests within required timeframes.
8.4 California Users (CCPA/CPRA)
- Right to know what data we collect
- Right to delete
- Right to opt-out of sale (we do not sell personal data)
- Right to non-discrimination
8.5 Response Time
We respond within 30 days (EU) or 45 days (California).
10. Children
The Service is not intended for users under 18. We do not knowingly collect data from children. If we discover such collection, we will delete it promptly.
11. Changes
We may update this Policy. Material changes will be notified via email at least 30 days before taking effect. Continued use constitutes acceptance.
12. Contact
Data Controller:
Kaedetaki LLC
License No. 2536945.01
Sharjah Media City, UAE
privacy@whatisdish.app
EU Representative:
Maple Rapids OÜ
Registry Code: 16068572
Estonia
eu-privacy@whatisdish.app
General:
support@whatisdish.app
whatisdish.app
BY USING THE SERVICE, YOU ACKNOWLEDGE THAT YOU HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY.
Privacy Policy v1.2 • Effective January 15, 2026 • © 2026 Kaedetaki LLC