Munchie Maps
Privacy Terms Support Home
Legal Document

Privacy Notice

This notice explains what information Munchie Maps collects, why we collect it, how we use it, and what rights you have over it.

Effective Date [ENTER DATE]
Last Updated [ENTER DATE]
Applies To All Munchie Maps users & vendors
Attorney Review Recommended This document is a good-faith template based on common practices for location-based food ordering apps. It has not been reviewed by a lawyer. Before publishing, have a licensed attorney review it — especially the California/CCPA section, data retention periods, and any payment processing details specific to your business.
Section 1

Overview

Munchie Maps ("we," "our," or "us") operates a location-based platform that connects users with food truck vendors. This Privacy Notice applies to the Munchie Maps web application, mobile application, and any related services (collectively, the "Service").

By using the Service, you agree to the collection and use of information as described in this notice. If you do not agree, please discontinue use of the Service.

We operate two types of accounts: User accounts (customers browsing and ordering from trucks) and Vendor accounts (food truck operators managing their business). Some data collection practices differ between these account types and are noted where applicable.

Section 2

Data We Collect

2.1 Information You Provide Directly

Data Type Examples Who It Applies To
Account information Name, email address, password (hashed) All users
Profile information Profile photo, display name, preferences All users
Vendor business information Business name, cuisine type, menu items, pricing, photos, operating hours Vendors only
Order information Items ordered, order amounts, special instructions, order history All users
Reviews & ratings Text reviews, star ratings submitted by users or vendors All users
Communications Messages sent to support, contact form submissions All users
Payment information Billing details processed through our payment provider Vendors (subscriptions)
Payment Data — Attorney Review Required If you process customer payments through the app in the future, this section must be expanded. Specify your payment processor (e.g., Stripe), confirm you do not store raw card numbers, and describe PCI DSS compliance. Confirm with your attorney and payment provider what disclosures are required.

2.2 Information Collected Automatically

Data Type Details
Location data GPS coordinates when you use map features or when a vendor sets their truck location. See Section 6 for full details.
Device information Browser type, operating system, device type, screen resolution
Usage data Pages visited, features used, search queries, filters applied, time spent
Log data IP address, browser type, referring URL, timestamps of requests
Cookies & similar technologies Session cookies for authentication, preference storage. See Section 12 for third-party services.
Section 3

How We Collect Information

We collect information in the following ways:

  • Directly from you — when you create an account, place an order, write a review, or contact support.
  • Through Google Sign-In — if you choose to sign in with Google, we receive your name, email address, and profile photo from Google. We do not receive your Google password. Your use of Google Sign-In is also governed by Google's Privacy Policy.
  • Automatically — through your use of the Service, including location data when you grant permission, and usage analytics.
  • From vendors — vendors may add information about walk-in orders that includes identifiable details. Vendors are responsible for obtaining any necessary consent from walk-in customers.
Section 4

How We Use Your Information

To provide the Service

  • Display nearby food trucks on the map based on your location
  • Process and track orders in real time
  • Calculate and display customer trust scores
  • Send order status notifications and updates
  • Enable navigation to truck locations
  • Display menus, reviews, and promotions

For vendors

  • Display your truck on the map and manage your open/closed status
  • Provide sales metrics, order history, and performance insights
  • Process subscription billing
  • Enable management of menu, promotions, and coupons

To improve and communicate

  • Analyze usage patterns to improve features and performance
  • Send service-related notifications (order updates, account alerts)
  • Send promotional communications about the app — you may opt out at any time
  • Respond to support requests and feedback
  • Detect and prevent fraud, abuse, or unauthorized use
Marketing Communications We may send you emails or push notifications about new features, promotions, or nearby trucks. You can unsubscribe from marketing emails at any time using the unsubscribe link in the email, or by adjusting your notification preferences in your account settings.
Section 5

Who We Share Information With

We do not sell your personal information. We share information only in the following circumstances:

Recipient What is Shared Why
Vendors Your name, order details, trust score, and reviews you've left To process your orders and enable vendor–customer interaction
Customers Vendor business name, location, menu, reviews, and open status Core functionality of the map and ordering system
Mapbox Map tile requests, routing requests, location coordinates To render maps and provide navigation directions
Payment processor Billing information for vendor subscriptions To process subscription payments securely
Google Authentication tokens if you use Google Sign-In Identity verification
Hosting & infrastructure Data as needed to operate the Service Application hosting, database, and file storage
Law enforcement / legal Data required by law, court order, or to protect rights Legal compliance and safety
Attorney Review — Third-Party Processors List every third-party service that processes user data (analytics tools, crash reporting, email providers, etc.). Each service should have a Data Processing Agreement (DPA) in place. Your attorney can advise on what agreements are required under CCPA and any other applicable laws.
Section 6

Location Data

Location is central to how Munchie Maps works. Here is exactly how we handle it:

User location

  • We request your device's location only when you use the map to find nearby trucks or get navigation directions.
  • Location access requires your explicit permission through your browser or device settings.
  • We use your location to find and display nearby trucks and to calculate distances shown on the map.
  • We do not continuously track your location in the background.
  • You can revoke location permission at any time in your browser or device settings. The app will still work but map features will be limited.

Vendor location

  • Vendors actively set their truck's location when they open for service. This is a deliberate action, not automatic tracking.
  • The vendor's set location is displayed publicly on the map to all users while their truck is marked open.
  • When a vendor closes their truck, their location is no longer displayed on the map.
Location Sharing is Your Choice We do not share your precise location with vendors or other users. Vendors only see that an order originated through the app — not where you physically are.
Section 7

Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

  • Account data — retained while your account is active and for [X] days after deletion to allow for account recovery.
  • Order history — retained for [X] months/years for dispute resolution and tax/accounting purposes.
  • Reviews — retained indefinitely unless removed by the reviewer or removed for policy violations.
  • Log data and analytics — typically retained for [X] months before aggregation or deletion.
  • Location data — precise location coordinates are not stored long-term. Vendor location is cleared when they close their truck.
Fill In the Blanks Replace the [X] placeholders above with your actual retention periods. These must be defensible and consistent with your actual database practices. Your attorney can advise on minimum required retention periods for financial records in your jurisdiction.
Section 8

Security

We implement industry-standard security measures to protect your information, including:

  • HTTPS encryption for all data transmitted between your device and our servers
  • Hashed and salted storage of passwords — we never store your password in plain text
  • Access controls limiting which team members can access personal data
  • Regular security reviews of our application and infrastructure

No method of transmission over the internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

If you believe your account has been compromised, please contact us immediately at privacy@munchiemaps.com.

Section 9

Your Rights

Depending on your location, you may have the following rights regarding your personal information:

Right to Access

Request a copy of the personal data we hold about you.

Right to Correct

Request correction of inaccurate or incomplete data.

Right to Delete

Request deletion of your account and personal data.

Right to Object

Object to processing of your data for marketing purposes.

Right to Portability

Receive your data in a structured, machine-readable format.

Right to Restrict

Request that we limit how we process your data in certain circumstances.

To exercise any of these rights, contact us at privacy@munchiemaps.com. We will respond within 30 days. We may need to verify your identity before processing your request.

Account Deletion You can request deletion of your account by emailing us or through your account settings. Some data may be retained for legal, financial, or fraud-prevention purposes even after deletion.
Section 10

California Residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights.

Categories of personal information collected

In the past 12 months, we have collected the following categories as defined by the CCPA:

  • Identifiers (name, email, IP address)
  • Personal information (account and billing details)
  • Geolocation data (precise location when using map features)
  • Internet or other electronic network activity (usage data, log data)
  • Commercial information (order history, transaction records)
  • Inferences drawn from the above (customer trust score, preferences)

We do not sell your personal information.

We do not sell personal information to third parties as defined under the CCPA. We do not share personal information for cross-context behavioral advertising.

Your CCPA rights

  • Right to Know — request disclosure of what personal information we collect, use, disclose, and sell.
  • Right to Delete — request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Correct — request correction of inaccurate personal information.
  • Right to Opt-Out — opt out of the sale or sharing of personal information (we do not sell, but this right applies).
  • Right to Non-Discrimination — we will not discriminate against you for exercising your privacy rights.

To submit a CCPA request, email privacy@munchiemaps.com with the subject line "CCPA Request." We will verify your identity and respond within 45 days as required by law.

Attorney Review — CCPA Section This section requires careful legal review. Thresholds for CCPA applicability (number of consumers, revenue, data volume), the definition of "sale" under CPRA, and required disclosures change regularly. A California privacy attorney should review this section before publishing.
Section 11

Children's Privacy

The Munchie Maps Service is not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13.

If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at privacy@munchiemaps.com and we will take steps to delete that information.

If you are between the ages of 13 and 18, you should review this Privacy Notice with a parent or guardian before using the Service.

COPPA Compliance If children under 13 could realistically use your app, you may be subject to COPPA requirements which are significantly more demanding. Confirm your intended minimum age with your attorney and implement appropriate age verification if needed.
Section 12

Third-Party Services

We use the following third-party services that may collect or process data as part of providing the Service. Each has its own privacy policy:

Service Purpose Data Involved
Mapbox Map rendering, routing, navigation Map tile requests, routing coordinates
Google Sign-In Optional authentication Name, email, profile photo (if you use Google Sign-In)
[Payment Processor] Vendor subscription billing Payment card details, billing address
[Hosting Provider] Application and database hosting All application data
[Email Provider] Transactional and marketing emails Email address, name
Fill In the Blanks Replace [Payment Processor], [Hosting Provider], and [Email Provider] with the actual names of your services (e.g., Stripe, Azure, SendGrid). Add or remove rows as needed. Link to each service's privacy policy.

We are not responsible for the privacy practices of third-party services. We encourage you to review their privacy policies.

Section 13

Changes to This Privacy Notice

We may update this Privacy Notice from time to time. When we make material changes, we will notify you by:

  • Updating the "Last Updated" date at the top of this page
  • Sending an email notification to registered users
  • Displaying a notice within the app

We encourage you to review this notice periodically. Your continued use of the Service after changes become effective constitutes acceptance of the updated notice.

Section 14

Contact Us

If you have questions, concerns, or requests regarding this Privacy Notice or how we handle your data, please reach out:

Privacy Inquiries

We aim to respond to all privacy-related requests within 30 days.

privacy@munchiemaps.com

Mailing address:

Munchie Maps
[Your Business Address]
[City, State, ZIP]

Required — Business Address A physical mailing address is required by CAN-SPAM (for emails), CCPA, and other privacy laws. Add your registered business address above before publishing.