Veggeo

Find your soulful way to wellness.

Privacy Policy

Last Updated: 4 October 2025

1. Overview & Scope

This Privacy Policy explains how Veggeo® collects, uses, and protects your personal data when you use our mobile application, website, and related services (collectively, the “Service”). The Veggeo mobile app is currently available only in the United Kingdom and the United States, but our website can be visited worldwide. Vizorent Ltd is the data controller for all personal data processed through the Service.

For the contractual terms that govern use of the Service, please also see our Terms of Service.

2. Information We Collect

To enhance your experience and provide tailored recommendations, we collect the following categories of data:

  • Personal Information (voluntarily provided): name or nickname, email address, phone number (used for one-time password authentication and optional SMS updates), dietary preferences.
  • Location Data: Collected only with your explicit consent. See Section 5 (“Location Permissions”) for details.
  • Automatically Collected Data: device information (e.g., OS, model), interaction metrics (screens viewed, taps, session length), IP address and coarse location, crash logs, device push‑notification token, and analytics data via Google Firebase or similar tools.
  • Third-party account data (with your consent): If you choose to sign in with Google, we receive your Google account name, email address, and profile picture. We use your name and profile image to create your Veggeo profile. These may appear in your public profile if you choose to make it visible to others. Your email address is never shown publicly. You can edit or remove this information at any time in your account settings.
  • We may obtain non-personal environmental or contextual data (for example, venue or weather information) from reputable third-party sources to improve recommendations. We do not receive your personal data from those providers.

Cookies & SDKs

We use non-essential cookies and SDKs only after your consent. Manage choices any time via Cookie Settings; non-essential cookies are off by default until you opt in. See our separate Cookie Notice for details.

3. How We Use Your Information

We use the information above to:

  • Deliver personalised food‑ and wellness‑related recommendations—such as nearby restaurants that meet your dietary preferences and suitable fitness or wellbeing venues—based on your stated interests and location.
  • Improve the usability, performance, and safety of the Service.
  • Provide customer support and respond to inquiries.
  • Send service notifications (enabled by default) and optional marketing messages, push notifications, or SMS updates (sent only after you opt in, and you may opt out at any time).
  • Enable sign-in with Google or another third-party provider and manage your account link.
  • Create and display your profile (and, if you choose, a public profile you can control).
  • We may use algorithms and machine-learning tools (AI) to analyse trends and improve or personalise recommendations. These tools assist our human team but do not make decisions with legal or significant effects about you.

We do not sell or rent your personal data to third parties.

4. Legal Bases

Under the UK GDPR—and, where applicable, the EU GDPR—we process your data using one or more of the following legal bases:

  • Consent – e.g., for location services, marketing emails.
  • Contract – to provide the Service you request.
  • Legitimate interests – to improve and secure our Service, provided those interests are not overridden by your rights.
  • Legal obligation – where we must comply with applicable law.

We have carried out a legitimate-interests assessment; a summary is available on request.

5. Location Permissions

When enabled, your device’s location data helps Veggeo suggest nearby venues. You can withdraw permission at any time in your device settings. We retain only the minimal location data required to deliver core features. For example, we may store venues you actively save to your Favourites or a small set of recently viewed or visited places, but we never maintain a continuous location timeline or systematically track your movements.

6. Data Security & Retention

  • All traffic is encrypted in transit (TLS) and sensitive data is encrypted at rest.
  • Data is hosted with reputable cloud service providers. Primary storage regions currently include the United Kingdom and the United States (we may add EU regions in future).
  • Marketing consents are retained for up to 3 years; transactional data for up to 7 years, unless you request deletion sooner or a longer period is required by law.

7. International Data Transfers

We host and process personal data on secure cloud infrastructure provided by Google Cloud Platform and Microsoft Azure. Our primary storage regions are the United Kingdom and the United States. When personal data is transferred outside the United Kingdom, we rely on appropriate safeguards, including:

  • the UK International Data Transfer Agreement (IDTA),
  • the EU Standard Contractual Clauses (SCCs) together with the UK Addendum, or
  • another lawful transfer mechanism such as an adequacy decision.

We have completed a transfer-risk assessment in line with ICO guidance and will update this section—and notify you where required—if our hosting regions or transfer mechanisms materially change.

EEA/Switzerland residents: At this time, our Service is directed only to users in the United Kingdom and the United States. If you are located in the EEA or Switzerland, please do not use the Service until further notice. We will update this Policy when the Service becomes formally available in those regions.

8. Third-Party Services & Integrations

We integrate trusted third‑party providers—for example, Google Firebase for analytics and crash reporting, Google Maps SDK for geospatial data, machine‑learning or AI services that help personalise recommendations, and cloud hosting services. These providers process data on our instructions and are bound by contracts ensuring GDPR compliance.

We do not guarantee the accuracy, completeness, or availability of third-party information displayed in the Service.

If you choose Google Sign-In, processing is subject to Google’s terms and privacy policy; you can revoke access in your Google account settings.

Use of Google user data obtained through Google API Services complies with the Google API Services User Data Policy, including the Limited Use requirements. We do not allow human access to Google user data except where required by law, for security purposes (e.g. investigating abuse), or with your explicit consent (such as when you contact support).

9. Your Privacy Rights

UK & EEA Rights

If you are in the UK or the European Economic Area, you have the right to:

  • Request access to, correction of, or deletion of your personal data.
  • Withdraw consent at any time without affecting prior processing.
  • Receive a portable copy of your data.
  • Object to certain processing or request restriction.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or, if you are in the EEA, with your local data-protection authority.

To exercise any right, email us at [email protected].

You can withdraw consent for marketing emails, push notifications and SMS at any time via in-app settings or the unsubscribe link.

US State Privacy Rights (including California)

Residents of certain U.S. states (including Colorado, Virginia, Connecticut, and Utah) may have additional rights regarding their personal information. Please contact us to exercise these rights.

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to:

  • Request disclosure of the categories and specific pieces of personal information we collect about you.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Opt-out of any “sale” of your personal information.
  • Not be discriminated against for exercising any of these rights.

We do not sell or share your personal information as defined under California law. To exercise your CCPA/CPRA rights, email us at [email protected].

Appeals (US state privacy laws)

If we deny your privacy request, you may appeal via [email protected]. We will respond within the timeframe required by applicable law (for example, 60 days in Virginia and 45 days in Colorado) with our reasons. If your appeal is denied, we will explain how to contact your state Attorney General or relevant regulator.

10. Children and Minors (Under 18)

We do not knowingly collect or retain personal data from children under the age of 13. If we learn that we have collected personal data of a child under 13, we will promptly delete that data.

Persons aged 13–17 (“Minors”) may use the Service; where required by local law (e.g., in certain countries), use requires verifiable parental or legal-guardian consent. In all cases, we apply enhanced safeguards consistent with the UK Age Appropriate Design Code (Children’s Code) and applicable law.

All users under age 18 are still eligible for the protections of applicable law regarding children’s data and minors’ data, including extra privacy defaults, transparency, and limitations on profiling.

We may use proportionate age-assurance measures (such as self-declaration or technical checks) to confirm age ranges where required by law.

For users under 18, we apply additional safeguards consistent with the UK Age Appropriate Design Code (Children’s Code), including setting privacy to the highest level by default, avoiding profiling or targeted advertising, and providing information in a clear, age-appropriate way.

11. Platform Disclosures (Apple App Store & Google Play)

  • Apple App Store (iOS): We do not track users across apps and websites for advertising purposes. Should future features require App Tracking Transparency (ATT) consent, you will be asked explicitly.
  • Google Play (Android): All data collected is encrypted in transit and can be deleted upon user request via in‑app settings or by emailing us. We share data only with service providers as described above and never for advertising profiling without your consent.

12. Changes to This Policy

We may update this Privacy Policy to reflect new features (e.g., AI personalisation). We will notify you of significant changes via the app, website banner, or email. Minor editorial updates that do not materially affect your rights may be posted without additional notice. The “Last Updated” date at the top will always indicate the latest revision.

13. Contact Us

Vizorent Ltd (operator of Veggeo)
Company No. 16245898
86‑90 Paul Street, London, EC2A 4NE, United Kingdom
Email: [email protected]
ICO Registration No. ZB898140

This Policy applies to veggeo.com and its subdomains (e.g., *.veggeo.com), the Veggeo mobile app(s), and any beta or test versions we release.

Veggeo® is a registered trademark of Vizorent Ltd.