← WhatToEat

Privacy

Last updated: July 2026

WhatToEat is a free, experimental food-decision tool for Singapore, owned by Eidolon. This explains what we collect and why. We keep it minimal.

What we collect

  • Anonymous usage — which dishes you swipe, the area you pick, and your likes/skips, tied to a random id stored in your browser (no login, no name unless you join a group room).
  • Group rooms — the display name you enter. Older room joins may also include an email if you previously chose to provide one; the current join flow no longer asks for it.
  • Location — if you allow it, your device location is used live to find nearby spots. We do not store your precise coordinates — only a coarse area label.
  • Partner enquiries — if you request a commercial pilot, we store the company and contact details you submit so we can assess and reply to that request.
  • Saved-deal email: if you ask us to email a deal, we use the address only to deliver that transactional message. We do not store the raw address. We retain a keyed hash for abuse limits, plus a hash of the recovery link, until shortly after the link expires.
  • Quick feedback: if you send feedback, the text and page path are delivered to us through SMTP2GO. The product database records only that feedback was submitted, not what you wrote.

Restaurant data

Restaurant names, ratings, photos, prices and opening hours come live from Google Maps and are not stored by us. The only restaurant detail we keep is Google's opaque place_id (e.g. to remember a spot you liked), which carries no personal info.

Third parties

We use Google Maps / Places (live listings + photos), Google Gemini (the AI makan kaki), Cloudflare (hosting), SMTP2GO (transactional email), and Google Analytics (usage stats, if enabled). Your queries are processed by these providers to deliver the service. We do not sell personal data or individual-level activity records.

Aggregated insights

We may create or license reports about broad food-demand patterns, such as popular cuisines, coarse areas and times of day. These reports use sufficiently large groups and irreversible aggregation: they do not contain browser ids, names, emails, precise locations, exact activity trails, Google place ids, or Google restaurant content. We suppress small groups where someone could reasonably be singled out. This is statistical product insight, not the sale of personal data.

Your choices (PDPA)

The bits we keep in your browser (local storage) auto-expire on their own (recent picks, rooms and per-room flags within ~2 weeks, saved deals within ~1 month, your name within ~3 months, the anonymous usage id after ~6 months of inactivity), and you can clear them yourself any time. Google Analytics only sets its cookie if you tap "Okay" on the cookie notice — decline and it stays off. If advertising is introduced, the notice will explain it and provide the relevant choice before ad cookies are enabled. To access, correct, or delete any personal data you've given us (e.g. an email from an older room join), or to ask a question, contact stan@eidolon.biz.

See also our Terms.