Palora

Privacy Policy

Last updated: March 23, 2026

1. Introduction

Welcome to Palora (“we,” “us,” or “our”). Palora is a community-driven dish rating platform that helps people discover what’s actually worth ordering at restaurants. We are committed to protecting your personal information and your right to privacy.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service at paloraapp.com (the “Service”). Please read this policy carefully. If you do not agree with the terms, please do not access the Service.

2. Information We Collect

Information You Provide

We collect personal information that you voluntarily provide when you register for an account or use the Service. This includes:

  • Name and email address (via email signup or Google sign-in)
  • Profile photo URL and display name (when signing in with Google)
  • Dish ratings and written reviews
  • Photos of dishes you upload
  • Restaurant selections and preferences

Information Collected Automatically

When you access the Service, we may automatically collect certain information, including:

  • Precise location data: With your permission, we collect your GPS location via your browser to show nearby dishes and restaurants. This is classified as sensitive personal information under California law (CPRA). We use precise location solely for the purpose of displaying nearby content and do not use it for any other purpose. If GPS is unavailable or denied, we may use your IP address to determine an approximate (city-level) location instead.
  • Device information: Browser type, operating system, and device identifiers.
  • Usage data: Pages viewed, access times, and how you interact with the Service.
  • IP address: Used for approximate geolocation and security purposes.

Information From Third Parties

We retrieve restaurant information (names, addresses, photos, and details) from the Google Places API to display on the Service.

3. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Service
  • Display dish ratings, reviews, and restaurant information
  • Show nearby dishes and restaurants based on your location
  • Authenticate your account and maintain your session
  • Analyze usage patterns to improve the user experience
  • Communicate service updates and respond to inquiries
  • Detect and prevent fraud or abuse

4. Third-Party Services

We use the following third-party services to operate and improve Palora. Each has its own privacy policy governing how they handle data:

  • Supabase — Authentication, database hosting, and image storage (supabase.com/privacy)
  • Google Places API — Restaurant data and photos (policies.google.com/privacy)
  • Vercel — Application hosting and analytics (vercel.com/legal/privacy-policy)
  • MaxMind GeoLite2 — IP-based approximate geolocation using a locally hosted database (maxmind.com/en/privacy-policy)
  • ipapi.co / ip-api.com — IP-based approximate geolocation as fallback services when the local database is unavailable

We encourage you to review the privacy policies of these services.

5. Sharing Your Information

We do not sell or share your personal information for cross-context behavioral advertising purposes. We may share your information in the following situations:

  • Public content: Your dish ratings, reviews, and photos are visible to other users of the Service. Your display name may appear alongside your reviews.
  • Service providers: With third-party vendors who perform services on our behalf (as listed in Section 4).
  • Legal requirements: If required by law or in response to valid requests by public authorities.
  • Business transfers: In connection with a merger, acquisition, or sale of assets. If such a transfer occurs, we will notify you before your personal information becomes subject to a materially different privacy policy.

6. Cookies and Tracking

Palora uses only functional cookies necessary to operate the Service:

  • Authentication cookies: Managed by Supabase to maintain your login session.
  • Analytics: If enabled, Vercel Analytics collects anonymized page view and performance data. No personally identifiable information is included in analytics data.

We do not use advertising or third-party tracking cookies. You can instruct your browser to refuse cookies, but some parts of the Service may not function properly without them.

7. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. You may request account deletion by contacting us at support@paloraapp.com. Upon receiving a deletion request, we will remove your personal account data. Ratings and reviews you submitted may be retained in an anonymized form to preserve the integrity of community content.

We may also retain certain information as necessary to comply with legal obligations, resolve disputes, and enforce our policies.

8. Data Security

We take reasonable measures to protect your personal information, including:

  • Encrypted data transmission via HTTPS
  • Secure authentication managed by Supabase
  • No storage of plain-text passwords

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee its absolute security.

9. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information, including:

  • The right to access the personal data we hold about you
  • The right to request correction of inaccurate data
  • The right to request deletion of your data
  • The right to withdraw consent at any time
  • The right to data portability

California residents: Under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), you have the right to know what personal information we collect, request its deletion, and opt out of the sale or sharing of your personal information. We do not sell or share personal information for cross-context behavioral advertising. Precise geolocation is collected as sensitive personal information solely to display nearby content and is not used for any other purpose.

To exercise any of these rights, contact us at support@paloraapp.com. We will respond to verified requests within 45 days.

International Users

Palora is operated from the United States and your data is processed and stored in the United States. If you are accessing the Service from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. If you are located in the European Economic Area (EEA) or United Kingdom, you may have additional rights under applicable local data protection laws, including the right to lodge a complaint with your local supervisory authority.

10. Children’s Privacy

The Service is not directed to anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal data from a child under 13 without verification of parental consent, we will take steps to remove that information promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the “Last updated” date. You are advised to review this page periodically for any changes.

12. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us at:

  • Palora
  • Email: support@paloraapp.com