Privacy Policy
Last updated: March 2026
1. Who we are
Dishi is operated by Igor Sobanski, based in Zurich, Switzerland. You can reach us at hello@dishi.menu.
In this policy, "Dishi," "we," "us," and "our" refer to the operator of dishi.menu.
2. What this policy covers
This policy explains what personal data we collect when you use dishi.menu, why we collect it, how we use it, and what rights you have. It applies to all visitors and registered users of the Dishi website.
We process personal data in accordance with the Swiss Federal Act on Data Protection (FADP/nDSG) and, where applicable, the EU General Data Protection Regulation (GDPR).
3. Data we collect
3.1 When you browse without an account
When you visit dishi.menu without signing in, we collect:
- Location data (optional): If you choose to use the "locate me" feature, your browser asks for permission to share your geographic coordinates. This data is used only in your browser to sort restaurants by distance. It is not sent to our servers or stored.
We do not use tracking cookies, advertising cookies, or third-party analytics that track you across websites.
3.2 When you create an account
If you sign in via Google or email magic link, we collect and store:
- Email address — provided by Google or entered by you
- Display name — from your Google account or derived from your email
- Profile photo URL — from your Google account, if available
- Username — auto-generated, editable by you
- User ID — a unique identifier assigned by our authentication system
3.3 When you write reviews
If you submit a dish or restaurant review, we collect and store:
- Review content — your ratings (taste, portion, value), text comment, and price paid
- Photos — any images you upload with your review
- Dish and restaurant association — which dish and restaurant you reviewed
- Timestamp — when the review was submitted
Reviews are publicly visible and associated with your username and profile photo.
3.4 When you submit a suggestion or report
If you use the "Suggest something" form, we store:
- Request type — the category you selected (missing restaurant, missing dish, correction, other)
- Message text — your free-text message
- Your user ID — if you are signed in
4. How we use your data
We use personal data for the following purposes:
- Authentication: To let you sign in and maintain your session.
- Profile: To display your username and avatar alongside your reviews.
- Reviews: To show your reviews publicly on restaurant pages and your profile.
- Moderation: To investigate flagged reviews and enforce community standards.
- Suggestions: To process your reports of missing or incorrect data.
- Communication: To respond if you contact us at hello@dishi.menu.
We do not use your data for advertising, profiling, or automated decision-making. We do not sell or rent personal data to third parties.
5. Third-party services
We use the following third-party services that may process personal data:
| Service | Purpose | Data shared | Location |
|---|---|---|---|
| Supabase (Supabase Inc., USA) | Database, authentication, file storage | Account data, reviews, photos | AWS eu-central-1 (Frankfurt) |
| Google OAuth (Google LLC, USA) | Sign-in via Google | Email, name, profile photo (from Google to us) | USA |
| OpenStreetMap / Nominatim | Address geocoding | Address text you enter in the search bar | EU |
| Leaflet / CDN resources | Map display, fonts | Your IP address (standard for any web request) | Global CDN |
| Netlify (Netlify Inc., USA) | Website hosting | Your IP address, standard server logs | Global CDN |
For transfers to the USA, we rely on the providers' adherence to recognized data protection frameworks (EU-US Data Privacy Framework, Swiss-US Data Privacy Framework) or standard contractual clauses.
6. Data retention
- Account data: Kept as long as your account exists. If you delete your account, your profile data is removed.
- Reviews: Kept as long as your account exists. Deleting your account removes your reviews.
- Photos: Stored as long as the associated review exists.
- Suggestions/reports: Kept for up to 12 months, then deleted.
- Server logs (Netlify): Retained according to Netlify's data retention policy (typically 30 days).
7. Your rights
Under the FADP and, where applicable, the GDPR, you have the right to:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Ask us to correct inaccurate data.
- Deletion: Ask us to delete your account and associated data.
- Data portability: Receive your data in a structured, machine-readable format.
- Object: Object to certain processing of your data.
- Withdraw consent: If you granted consent (e.g., for location access), you can withdraw it at any time via your browser settings.
To exercise any of these rights, email us at hello@dishi.menu. We will respond within 30 days.
8. Cookies and local storage
Dishi uses only essential cookies required for authentication (session tokens set by Supabase). We do not use advertising or tracking cookies.
We do not use Google Analytics, Facebook Pixel, or any similar tracking tools.
9. Data about restaurants
Restaurant data displayed on Dishi (names, addresses, menus, prices, opening hours) is factual business information collected from publicly available sources, including Google Places and restaurant websites. This is not personal data. Restaurant operators who wish to update or remove their listing can contact us at hello@dishi.menu.
10. Children
Dishi is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. Significant changes will be communicated via the website.
12. Contact
Igor Sobanski
Email: hello@dishi.menu
Zurich, Switzerland