Privacy

privacy policy.

Last Updated: April 27, 2026

Overview

This Privacy Policy describes how SG Systems PTE. LTD. (“FoodBang”, “we”, “us”) collects, uses, and protects your information when you use the FoodBang mobile app and website. FoodBang is a live-video feed that connects nearby cooks and eaters — so some of what we collect (approximate location, short videos, messages between you and a cook) is inherent to how the service works.

FoodBang does not run advertising. We do not build advertising profiles of you, and we do not sell your personal information. We do not track you across other companies' apps or websites.

1. Information We Collect

Account information

  • Name, email address, phone number, and password — or the equivalent identifiers from a third-party sign-in provider (Apple, Google, or Facebook)
  • Your handle, profile photo, optional bio, and (for vendors) business name, cuisine, and currency
  • Account preferences (notifications, blocked users, dietary tags)

Location information

  • Approximate device location when you open the feed or the map, so we can show cooks near you and compute distance badges
  • For vendors: the pinned latitude/longitude of your kitchen, cart, or pickup spot, which becomes visible to an eater after you accept their order in chat
  • We do not track your location continuously in the background. Location is sampled only when you actively use a location-aware feature.

Content you upload

  • Drop videos recorded in-app and their captions, hashtags, and location of capture
  • Kitchen / banner photos and menu-item photos
  • Menu items, descriptions, prices, and currency you publish
  • Direct messages and order details you exchange with other users
  • Reports you submit about other users or content

Vendor verification (vendors only)

  • Identity or business documents you submit for vendor review — for example, a business licence, food permit, tax ID, or utility bill
  • These documents are stored encrypted at rest, accessed only by authorized reviewers, and are never shown to other users

Communications and notifications

  • Chat messages and order metadata between you and other users on the platform
  • Device push tokens (Firebase Cloud Messaging on Android, Apple Push Notification service on iOS) so we can deliver new-drop and order notifications
  • Customer-support emails and the contents of those threads

Usage and diagnostics

  • Device type, OS version, app version, language, time zone, and device-generated identifiers
  • In-app actions (screens viewed, drops opened, searches performed, orders placed) for product analytics
  • Video playback metrics (start, buffering, completion)
  • Crash logs and performance traces, including stack traces and the state of the app at the time of the crash
  • IP address (used for approximate region, fraud signals, and to satisfy abuse / law-enforcement requests)

Information from third-party login providers

If you sign in with Apple, Google, or Facebook, we receive the identifiers and profile information that the provider chooses to share with us under the scopes you approve — typically a name and email (or a private relay email, in the case of Sign in with Apple). We do not receive your password.

2. How We Use Your Information

SG Systems PTE. LTD. uses the information above to:

  • Show you cooks who are open near your current location
  • Deliver drops, chat messages, and order notifications to the right accounts
  • Review vendor verification documents and maintain trust between cooks and eaters
  • Moderate content and investigate reports of unsafe, abusive, or fraudulent behavior
  • Provide customer support and respond to your messages to us
  • Improve and debug the app, measure performance, and fix bugs (using aggregated and anonymized analytics where possible)
  • Comply with legal obligations (tax, law-enforcement requests)

3. Location Data

FoodBang is a hyperlocal feed — matching you with cooks near you is the core of the product, so approximate location is the most important data we process.

  • You can turn location permission off in your device settings. If you do, the feed will fall back to a city-level area or a manually entered location, and some features (like distance badges and the map view) will not work.
  • We do not track your location continuously in the background. Location is sampled when you open the feed, the map, or when you publish a drop.
  • Vendors' pinned kitchen locations are only revealed to an eater once the vendor accepts that eater's order in chat.

4. Service Providers (Subprocessors)

FoodBang is a small operation. We rely on a handful of well-known infrastructure providers to run the service. Each provider only receives the data they need to perform their role and is bound by a Data Processing Agreement (or equivalent contractual safeguards).

  • Supabase (hosted on AWS) — Database, authentication, and file storage. Receives: account information, profile data, uploaded photos, vendor verification documents, menu items, order metadata.
  • Mux (USA) — Video upload, transcoding, hosting, and playback analytics. Receives: drop videos, video metadata, viewer playback metrics.
  • Stream (getstream.io, USA) — Chat messaging and push-notification routing. Receives: chat messages, message metadata, user IDs, device push tokens.
  • Firebase Cloud Messaging(Google, USA) — Delivery of push notifications to your device. Receives: device push tokens and the notification payload (e.g. “new order from @handle”).
  • Mapbox (USA) — Map tiles and geocoding for the map view and vendor location picker. Receives: approximate viewport coordinates while the map is on screen.
  • Meilisearch — Search index for vendors, dishes, and drops. Receives: public profile data, menu items, video captions and tags, and your search queries.
  • PostHog — Product analytics. Receives: anonymized device IDs, app version, in-app event names, and screen views. We do not send your name or email to PostHog.
  • Sentry (USA, EU regions) — Crash reporting and performance monitoring. Receives: stack traces, device model, OS version, and a non-identifying user ID so we can deduplicate crashes per user.
  • Apple, Google, and Meta (Facebook) — Third-party sign-in. Receives: only what you authorize at the consent prompt.
  • Apple App Store, TestFlight, and Google Play — Distribution of the app and beta builds. These platforms collect their own usage and crash data subject to their own privacy policies.
  • Vercel — Hosting for the FoodBang website (foodbang.app). Receives: standard web request logs (IP address, user agent, requested URL).

We do not share your personal information with third parties for their own marketing or advertising purposes.

5. When We Share Information

Beyond the service providers listed above, we share information:

  • With other users on the platform— your handle, profile photo, bio, drops, and menu are public. Your messages and order details are shared with the user(s) you're chatting with.
  • When legally required — to comply with a valid subpoena, court order, or other legal process; to protect the rights, property, or safety of FoodBang, our users, or the public; or to investigate fraud or abuse.
  • In a business transfer — if SG Systems PTE. LTD. is acquired, merges, or sells substantially all of its assets, your information may transfer to the successor entity, subject to this Privacy Policy.
  • With your explicit consent — for any other purpose disclosed at the time of collection.

6. Data Security

We use industry-standard practices to protect your information:

  • TLS encryption for all data in transit between your device and our servers
  • Encryption at rest for our databases, file storage, and backups
  • Row-level access controls — vendors can only see their own orders and chats; eaters can only see their own
  • Vendor verification documents are isolated from the public profile data and accessible only to authorized reviewers
  • Regular security updates of our dependencies and infrastructure
  • Two-factor authentication on administrative accounts and minimum access privileges

No system is perfectly secure. If we discover a breach affecting your information, we will notify you and the appropriate regulators as required by applicable law.

7. Data Retention

  • Drop videos become unavailable in the public feed 24 hours after posting and are removed from our hot storage shortly afterwards. Cold backups may persist for up to 30 days.
  • Chat messages are retained for as long as both participants keep the thread; either side can delete a thread, which removes the messages from their device and from our servers.
  • Account data is retained for as long as your account is active. When you delete your account, profile data is removed within 30 days, except where we are required to retain it for legal, tax, or fraud-prevention purposes.
  • Vendor verification documentsare retained for the life of the vendor account plus 12 months, or longer if required by law (e.g. tax records).
  • Crash and analytics data is retained in aggregated, non-identifying form. Identifiable diagnostics are retained for up to 90 days.

8. Your Rights and Choices

Depending on where you live (Singapore, the EU, the UK, California, or elsewhere), you may have the following rights:

  • Access — request a copy of the personal information we hold about you
  • Correction — ask us to update inaccurate information
  • Deletion — ask us to delete your account and associated personal information (subject to legal retention)
  • Portability — receive your data in a structured, machine-readable format
  • Objection / restriction — object to or restrict certain types of processing, where applicable
  • Withdraw consent — for any processing that we rely on consent for (for example, marketing emails)

You can exercise most of these rights directly in the app:

  • Location, camera, microphone, photo library, and notifications— toggle in your device's system Settings
  • Account deletion — Profile → Settings → Delete Account
  • Block / report another user— long-press a message or open the user's profile and tap the report icon
  • Marketing emails — unsubscribe link at the bottom of any marketing email

For anything you can't do in-app, email sebastian@sg-systems.co with your request and we'll respond within 30 days.

9. International Data Transfers

SG Systems PTE. LTD. is based in Singapore. Our service providers operate primarily in Singapore, the United States, and the European Union. By using FoodBang, you acknowledge that your information may be transferred to and processed in countries other than your own. Where transfers are made out of the EU/UK, we rely on Standard Contractual Clauses or other lawful transfer mechanisms.

10. Cookies and Similar Technologies

Mobile app

The mobile app does not use browser cookies. It stores limited data on your device (your session token, cached profile, drafts of in-progress messages) using the operating system's secure storage. Clearing the app's storage in your device settings removes this data.

Website

The FoodBang website (foodbang.app) uses:

  • Strictly necessary cookies to keep you signed in and to remember your preferences
  • Analytics cookies (PostHog) to understand how visitors use the site

We do not use advertising or cross-site tracking cookies. You can control cookies through your browser settings; doing so may prevent some features from working.

11. Tracking

FoodBang does not track you across apps or websites owned by other companies for advertising purposes. We do not respond to Do Not Track signals because we do not engage in the tracking behaviors those signals are designed to limit.

12. Children's Privacy

FoodBang is not intended for children under 13 (or under 16 in certain EU/EEA jurisdictions where local law sets a higher age). We do not knowingly collect personal information from children below these ages. If you believe we have collected information from a child, please contact us at sebastian@sg-systems.co and we will delete it promptly.

13. Policy Changes

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top and, for material changes, notify you in-app or by email before the changes take effect. We encourage you to review this policy periodically.

14. Contact Information

For privacy questions, requests, or complaints:

SG Systems PTE. LTD.
Email: sebastian@sg-systems.co
Data Protection Officer: sebastian@sg-systems.co
Location: Singapore

If you are in the EU/EEA or UK and believe your rights have been violated, you also have the right to lodge a complaint with your local data protection authority.

15. Regulatory Compliance

SG Systems PTE. LTD. is committed to complying with applicable data protection laws, including the Singapore Personal Data Protection Act (PDPA), the European Union General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA) as amended by the CPRA.

← BACK TO THE FEED