Privacy Policy

Last updated: 23 March 2026

1. Who we are

TourMeals ("we", "our", "the service") is a meal coordination tool for tour guides, operated by Lyrd.io. Our contact address is privacy@tourmeals.app.

2. What data we collect

2a. Guide accounts (when you sign in with Google)

When you authenticate via Google Sign-In (powered by Firebase Auth), we receive:

• Your Google display name
• Your Google email address
• Your Google profile photo URL
• A unique Firebase user ID

This data is used solely to identify your account and associate your meal data with it. We do not access your Google contacts, calendar, drive, or any other Google services.

2b. Meal and tour data

All meal setup data (venue names, cities, menus, passenger lists, responses) is stored locally on your device using IndexedDB. On the Pro and Unlimited tiers, this data is also synced to your Firebase account for cross-device access. We do not analyse, share, or monetise this data.

2c. Passenger data

Passenger meal choices are encoded directly into the share URL as a base64 string. When a passenger opens the link and submits their choices, that data is sent back to the guide's device via our relay service and stored locally. Passenger names and choices are never stored on TourMeals servers beyond the brief time required for relay transmission.

Passengers are not required to create an account. We collect no personally identifiable information from passengers beyond what the guide enters into their manifest (first name, last name).

2d. Usage data

We collect minimal, anonymous usage analytics (page views, feature usage counts) via Firebase Analytics. No personally identifiable information is included. You can opt out by using your browser's Do Not Track setting.

3. How we use data

• To provide and improve the TourMeals service
• To associate your saved meals with your account across devices
• To send transactional emails (purchase confirmations, receipts) if you buy credits
• To respond to support requests

We do not use your data for advertising. We do not sell data to third parties. We do not use data to train AI models.

4. Data storage and security

Local data is stored in your browser's IndexedDB. Cloud-synced data is stored in Firebase Firestore (Google Cloud), encrypted at rest, in EU data centres. Payment processing is handled by Stripe — we never see or store your card details.

5. Cookies

TourMeals uses only technically necessary cookies required for Firebase Authentication (session tokens). We do not use advertising cookies or third-party tracking cookies.

6. Your rights (GDPR)

If you are in the European Economic Area, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and all associated data
• Object to processing or request restriction
• Data portability (export your data as JSON or CSV)

To exercise any of these rights, email privacy@tourmeals.app. We respond within 30 days.

7. Data deletion

To delete your account and all associated data: sign in to the guide dashboard → Settings → Delete account. This permanently removes your Firebase account and all cloud-synced meal data. Local device data must be cleared separately via your browser settings.

8. Third-party services

• Firebase (Google) — authentication and cloud data sync. Firebase Privacy Policy
• Stripe — payment processing. Stripe Privacy Policy
• Google Fonts — typeface loading (DM Sans, DM Serif Display)

9. Children's privacy

TourMeals is not intended for use by anyone under the age of 16. We do not knowingly collect data from children.

10. Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to registered users at least 14 days before taking effect. The current version is always at tourmeals.app/privacy.

11. Contact

Questions about this policy: privacy@tourmeals.app