Veggeo

Plant-forward living, made practical.

Privacy Policy

Last Updated: 26 April 2026

1. Overview & Scope

This Privacy Policy explains how Vizorent Ltd, operating Veggeo, collects, uses, and protects your personal data when you use the Veggeo mobile application(s), the Veggeo websites and connected web resources we use to provide the Service, including veggeo.com, veggeo.eco, veggeo.app, their service-related subdomains, and related services (collectively, the “Service”). The Veggeo mobile application is currently available in selected regions, while our websites can be accessed worldwide. Vizorent Ltd is the data controller for all personal data processed through the Service.

This Privacy Policy serves as the primary privacy notice for the Veggeo mobile application(s), veggeo.com, veggeo.eco, veggeo.app, and their service-related subdomains.

For the contractual terms that govern use of the Service, please also see our Terms of Service.

2. Information We Collect

To enhance your experience and provide tailored recommendations, we collect the following categories of data:

  • Personal Information (voluntarily provided): name or nickname, email address, phone number (used for one-time password (OTP) authentication and optional SMS updates), dietary preferences. We may also collect your year of birth to verify your eligibility to use the Service, enforce minimum age requirements, and apply age-appropriate safeguards.
  • Location Data: Collected only with your explicit consent. See Section 5 (“Location Permissions”) for details.
  • Automatically Collected Data: device information (e.g., OS, model), interaction metrics (screens viewed, taps, session length), IP address and approximate (coarse) location derived from it, crash logs, diagnostics, device push‑notification token, and analytics data via Google Firebase or similar tools. This may include identifiers such as app instance IDs, Firebase Installation IDs (FID), and other device or app identifiers used for analytics, diagnostics, and service functionality. These identifiers are used to distinguish app instances, enable analytics, maintain security, and ensure proper functioning of the Service.
  • Diagnostics and crash data (e.g. via Firebase Crashlytics) may include information about your device, app version, and the state of the app at the time of an error to help us identify and fix issues.
  • Third-party account data (with your consent): If you choose to sign in with Google, we receive your Google account name, email address, and profile picture. We use your name and profile image to create your Veggeo profile. These may appear in your public profile if you choose to make it visible to others. Your email address is never shown publicly. You can edit or remove this information at any time in your account settings.
  • General location information you choose to provide (such as your country or city) to help personalise content, recommendations, and overall user experience within the Service.
  • We may obtain non-personal environmental or contextual data (for example, venue or weather information) from reputable third-party sources to improve recommendations. We do not receive personal data about you from those providers; only general or aggregated contextual information is provided.
  • Information about items, products, or places you interact with within the Service, including identifiers (such as barcodes or similar product identifiers), search queries, and items you choose to view, scan, or save (for example, favourites). This information is used to provide core functionality, personalise results, and improve the Service. We do not maintain a persistent history of such interactions linked to your account unless you choose to save items.
  • Some dietary preferences you provide may, in certain cases, be considered sensitive personal data (for example, where they reveal religious or philosophical beliefs). Where applicable, we process such data only with your explicit consent and apply additional safeguards in accordance with applicable law.

Cookies & SDKs

Where required by applicable law, we obtain your consent before using non-essential cookies or similar technologies (including analytics SDKs). Manage choices any time via Cookie Settings; non-essential cookies are off by default until you opt in. See our separate Cookie Notice for details.

Our mobile applications may use software development kits (SDKs), including Google Firebase, to provide analytics, crash reporting, messaging, and core functionality.

3. How We Use Your Information

We use the information above to:

  • Deliver personalised food‑ and wellness‑related recommendations—such as nearby restaurants that meet your dietary preferences and suitable fitness or wellbeing venues—based on your stated interests and location.
  • Improve the usability, performance, and safety of the Service.
  • Provide customer support and respond to inquiries.
  • Send service notifications (enabled by default) and optional marketing messages, push notifications, or SMS updates (sent only after you opt in, and you may opt out at any time).
  • Enable sign-in with Google or another third-party provider and manage your account link.
  • Create and display your account profile and associated user content (and, if you choose, a public profile you can control).
  • Provide information and insights about products and places (such as vegan suitability, allergen information, or venue details) based on your interactions within the Service.

We use analytics and diagnostics tools (such as Firebase Analytics and Crashlytics) to understand how users interact with the Service, improve performance, and fix errors.

We may use algorithms and machine-learning tools (AI) to analyse trends and improve or personalise recommendations. These tools assist our human team but do not make decisions with legal or significant effects about you.

We may analyse interactions with products and places (such as barcode scans or similar features) in an aggregated and de-identified form to understand usage trends, improve the Service, and generate statistical insights. This information does not identify individual users.

We do not sell your personal data. We only share personal data with trusted service providers acting on our behalf and under our instructions to provide, operate, maintain, and improve the Service.

We may share aggregated and de-identified insights (which do not identify any individual user) with partners or third parties for research, analytics, or service improvement purposes.

If you choose to create or share content (such as reviews or other user-generated content), your display name and profile image may be visible to other users within the Service where you choose to share such content (for example, by posting reviews or comments).

4. Legal Bases

Under the UK GDPR—and, where applicable, the EU GDPR—we process your data using one or more of the following legal bases:

  • Consent – e.g., for location services, marketing emails.
  • Contract – to provide the Service you request.
  • Legitimate interests – to improve and secure our Service, provided those interests are not overridden by your rights.
  • Legal obligation – where we must comply with applicable law.

We have carried out a legitimate-interests assessment; a summary is available on request.

5. Location Permissions

When enabled, your device’s location data helps Veggeo suggest nearby venues. You can withdraw permission at any time in your device settings. We retain only the minimal location data required to deliver core features. For example, we may store venues you actively save to your Favourites or a small set of recently viewed or visited places, but we never maintain a continuous location timeline or systematically track your movements.

6. Data Security & Retention

  • All traffic is encrypted in transit (TLS) and sensitive data is encrypted at rest.
  • Data is hosted with reputable cloud service providers. Primary storage regions currently include the United Kingdom and the United States (we may add EU regions in future).
  • Marketing consents are retained for up to 3 years; transactional data for up to 7 years, unless you request deletion sooner or a longer period is required by law.
  • Analytics and diagnostics data may be retained for a shorter period as necessary to monitor performance, ensure security, and improve the Service.

7. International Data Transfers

We host and process personal data on secure cloud infrastructure provided by Google Cloud Platform and Microsoft Azure. Our primary storage regions are the United Kingdom and the United States. When personal data is transferred outside the United Kingdom, we rely on appropriate safeguards, including:

  • the UK International Data Transfer Agreement (IDTA),
  • the EU Standard Contractual Clauses (SCCs) together with the UK Addendum, or
  • another lawful transfer mechanism such as an adequacy decision.

We have completed a transfer-risk assessment in line with ICO guidance and will update this section—and notify you where required—if our hosting regions or transfer mechanisms materially change.

EEA/Switzerland residents: The Service is currently intended for users in the United Kingdom, United States, Canada, Australia, New Zealand, and Japan. We do not actively target, market, or offer the Service to users in the European Economic Area (EEA) or Switzerland at this time. If you access the Service from outside these regions, your data may be processed in the United Kingdom and the United States in accordance with this Privacy Policy.

8. Third-Party Services & Integrations

We integrate trusted third‑party providers—for example, Google Firebase for analytics and crash reporting, Google Maps SDK for geospatial data, machine‑learning or AI services that help personalise recommendations, and cloud hosting services. These providers process data on our instructions and are bound by contracts ensuring GDPR compliance.

  • These providers may process personal data such as device identifiers, usage data, diagnostics, and location data (where enabled) in order to provide their services.
  • Data may be transmitted to third-party service providers (such as Firebase) to enable analytics, diagnostics, security, and core functionality. These providers act as our processors and use the data only on our instructions.

We do not guarantee the accuracy, completeness, or availability of third-party information displayed in the Service.

If you choose Google Sign-In, processing is subject to Google’s terms and privacy policy; you can revoke access in your Google account settings.

Use of Google user data obtained through Google API Services complies with the Google API Services User Data Policy, including the Limited Use requirements. We do not allow human access to Google user data except where required by law, for security purposes (e.g. investigating abuse), or with your explicit consent (such as when you contact support).

9. Your Privacy Rights

UK & EEA Rights

If you are in the UK or the European Economic Area, you have the right to:

  • Request access to, correction of, or deletion of your personal data.
  • Withdraw consent at any time without affecting prior processing.
  • Receive a portable copy of your data.
  • Object to certain processing or request restriction.
  • Lodge a complaint with the UK Information Commissioner’s Office (ICO) or, if you are in the EEA, with your local data-protection authority.

To exercise any right, email us at [email protected].

You can withdraw consent for marketing emails, push notifications and SMS at any time via in-app settings or the unsubscribe link.

US State Privacy Rights (including California)

Residents of certain U.S. states may have additional rights regarding their personal information under applicable state privacy laws.

Where required by applicable law, you may have the right to limit the use of certain sensitive personal information (such as precise location data), and we honour such requests where applicable.

Under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), California residents have the right to:

  • Request disclosure of the categories and specific pieces of personal information we collect about you.
  • Request deletion of your personal information.
  • Request correction of inaccurate personal information.
  • Opt-out of any “sale” of your personal information.
  • Not be discriminated against for exercising any of these rights.

We do not sell your personal information. We only share personal data with trusted service providers acting on our behalf to provide, operate, maintain, and improve the Service, as permitted under applicable law. We do not “sell” or “share” personal information as those terms are defined under California law. To exercise your CCPA/CPRA rights, email us at [email protected].

Appeals (US state privacy laws)

If we deny your privacy request, you may appeal via [email protected]. We will respond within the timeframe required by applicable law (for example, 60 days in Virginia and 45 days in Colorado) with our reasons. If your appeal is denied, we will explain how to contact your state Attorney General or relevant regulator.

10. Business Owners and Venue Requests

If you are a business owner or authorised representative and wish to update, correct, claim, or request removal of a venue listing, please contact us at [email protected].

We may require reasonable verification of your authority, such as proof of business ownership or control of the listed venue.

We review all requests and aim to respond within a reasonable timeframe.

11. Children and Minors (Under 18)

We do not knowingly collect or retain personal data from children under the age of 13. If we learn that we have collected personal data of a child under 13, we will promptly delete that data.

Persons aged 13–17 (“Minors”) may use the Service; where required by local law (e.g., in certain countries), use requires verifiable parental or legal-guardian consent. In all cases, we apply enhanced safeguards consistent with the UK Age Appropriate Design Code (Children’s Code) and applicable law.

All users under age 18 are still eligible for the protections of applicable law regarding children’s data and minors’ data, including extra privacy defaults, transparency, and limitations on profiling.

We may use proportionate age-assurance measures (such as self-declaration or technical checks) to confirm age ranges where required by law. This may include collecting your year of birth for age verification and compliance with applicable age requirements.

For users under 18, we apply additional safeguards consistent with the UK Age Appropriate Design Code (Children’s Code), including setting privacy to the highest level by default, avoiding profiling or targeted advertising, and providing information in a clear, age-appropriate way.

Certain features, such as submitting public content or reviews, may be restricted or limited for users under the age of 18 to enhance safety and privacy.

We take additional measures to limit the visibility and use of personal data for users under 18, where appropriate, taking into account the age of the user and the nature of the Service.

12. Platform Disclosures (Apple App Store & Google Play)

  • Apple App Store (iOS): We do not track users across apps and websites for advertising purposes. Should future features require App Tracking Transparency (ATT) consent, you will be asked explicitly.
  • Google Play (Android): All data collected is encrypted in transit and can be deleted upon user request via in‑app settings or by emailing us. We share data only with service providers as described above and never for advertising profiling without your consent.

You can request deletion of your account and associated personal data at any time by:

  • using in-app account deletion settings, or
  • contacting us at [email protected] with your request.

We will process deletion requests without undue delay and within applicable legal timeframes.

13. Changes to This Policy

We may update this Privacy Policy to reflect new features (e.g., AI personalisation). We will notify you of significant changes via the app, website banner, or email. Minor editorial updates that do not materially affect your rights may be posted without additional notice. The “Last Updated” date at the top will always indicate the latest revision.

14. Contact Us

Vizorent Ltd (operator of Veggeo)
Company No. 16245898
86‑90 Paul Street, London, EC2A 4NE, United Kingdom
Email: [email protected]
ICO Registration No. ZB898140

This Policy applies to veggeo.com, veggeo.eco, veggeo.app, their respective service-related subdomains, the Veggeo mobile app(s), and any public beta or test versions we make available as part of the Service.

Veggeo is a registered trademark of Vizorent Ltd in the UK and certain other jurisdictions.