Privacy Policy

Last updated: March 2026

Comme ("we," "our," or "us") operates the Comme mobile application (the "App"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our App. It applies to all users worldwide, including users in the European Union (EU) and European Economic Area (EEA), where the General Data Protection Regulation (GDPR) applies. By using Comme, you agree to the collection and use of information in accordance with this policy.

Data Controller

For the purposes of the GDPR and other applicable data protection laws, the data controller responsible for your personal data is:

Comme

Luis Arturo Barrera

Email: hello@joincomme.com

If you have questions about how your data is processed, or wish to exercise your rights, you may contact us at the email address above.

Information We Collect

Personal Information

When you create an account and use Comme, we may collect the following personal information:

  • Name and email address (provided during sign-up)
  • Profile photo (optionally uploaded by you)
  • Favorite cuisines and language preferences
  • Fun fact (an optional personal detail you share on your profile)
  • Authentication data from Apple Sign-In or Google Sign-In (such as your name and email)

Usage Data

We collect information about how you interact with the App, including:

  • Saved restaurants and visited restaurants you mark within the App
  • Lists you create and connections made with other members
  • General interaction and analytics data (e.g., screens viewed, feature usage) to help us understand how the App is used

Location Data

With your explicit permission, we collect your device's location to show you nearby restaurants and provide location-based features such as the map view. You can disable location access at any time through your device settings, though this may limit certain features of the App.

Legal Basis for Processing (EEA/UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom (UK), we process your personal data only when we have a valid legal basis under the GDPR:

  • Performance of a contract — processing your account information, saved restaurants, and profile data is necessary to provide you with the Comme service you signed up for (Article 6(1)(b)).
  • Consent — we process your location data and send non-essential communications only with your explicit consent. You may withdraw consent at any time (Article 6(1)(a)).
  • Legitimate interests — we process analytics and usage data to improve the App, fix issues, and understand how features are used, where such interests are not overridden by your rights (Article 6(1)(f)).
  • Legal obligation — we may process data where required to comply with applicable laws (Article 6(1)(c)).

How We Use Your Information

We use the information we collect to:

  • Provide and operate the service — authenticate your account, display restaurant information, and enable core features like saving and discovering restaurants
  • Personalize your experience — show you relevant restaurants based on your location, cuisine preferences, and activity
  • Improve the App — understand usage patterns to fix issues, develop new features, and enhance overall quality
  • Communicate with you — send verification codes, respond to support requests, and share important service updates
  • Maintain security — protect against unauthorized access, fraud, and abuse

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

Third-Party Services

We use the following third-party services to operate and improve Comme:

  • Supabase — provides authentication, database storage, and file storage for the App. Your account data and profile information are stored securely on Supabase's infrastructure.
  • Google Maps Platform — powers the map view and location-based features. Your location data may be processed by Google in accordance with their privacy policy.
  • Mixpanel — provides analytics to help us understand how the App is used. Mixpanel may collect anonymized usage data such as screens viewed and feature interactions.
  • Apple Sign-In — if you choose to sign in with Apple, Apple provides us with your name and email (or a relay email) according to Apple's privacy practices.
  • Google Sign-In — if you choose to sign in with Google, Google provides us with your name, email, and profile photo according to Google's privacy policy.

We do not sell your personal information to third parties. We only share data with the service providers listed above, solely for the purposes described in this policy.

International Data Transfers

Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our third-party service providers (such as Supabase, Google, and Mixpanel) operate.

When we transfer data outside the EEA, we ensure appropriate safeguards are in place as required by the GDPR, including:

  • Transfers to countries with an adequacy decision by the European Commission
  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Other legally recognized transfer mechanisms

You may request more information about the safeguards in place by contacting us at hello@joincomme.com.

Data Security

We take the security of your data seriously and implement appropriate technical and organizational measures to protect it, including:

  • All data is transmitted over secure, encrypted connections (HTTPS/TLS)
  • Authentication tokens and sensitive data are stored securely using industry-standard practices
  • Database access is controlled through Row Level Security policies, ensuring users can only access their own data
  • Passwords are never stored directly — we use secure authentication methods (magic links, Apple Sign-In, Google Sign-In)

While we strive to protect your personal information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to using commercially reasonable safeguards.

Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the service. Specifically:

  • Account data (name, email, profile) — retained until you delete your account
  • Usage data (saved restaurants, visited restaurants, lists) — retained until you delete your account
  • Analytics data — retained in anonymized/aggregated form for up to 24 months
  • Location data — used in real time to show nearby restaurants; not stored persistently on our servers

If you request deletion of your account, we will delete or anonymize your personal data within 30 days, except where we are required by law to retain certain information.

Your Rights

You have the following rights regarding your personal data. If you are located in the EEA or UK, these rights are guaranteed under the GDPR:

  • Right of access — you can request a copy of the personal data we hold about you
  • Right to rectification — you can update or correct your personal information through the App's settings, or by contacting us
  • Right to erasure — you can delete your account through the App (Settings > Delete Account) or by emailing us. We will remove your data within 30 days
  • Right to data portability — you can request a copy of your data in a structured, commonly used, machine-readable format
  • Right to restrict processing — you can request that we limit the processing of your personal data in certain circumstances
  • Right to object — you can object to our processing of your data based on legitimate interests
  • Right to withdraw consent — where we rely on consent (e.g., location data), you can withdraw it at any time through your device settings or by contacting us. Withdrawal does not affect the lawfulness of processing before withdrawal
  • Right to lodge a complaint — if you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. If you are in the EU, you can find your local authority at edpb.europa.eu

To exercise any of these rights, please contact us at hello@joincomme.com. We will respond to your request within 30 days.

Children's Privacy

Comme is not intended for use by children under the age of 16. We do not knowingly collect personal information from children under 16. If we become aware that we have collected personal data from a child under 16, we will take steps to delete that information promptly. If you believe a child under 16 has provided us with personal information, please contact us at hello@joincomme.com.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through the App or by email. We encourage you to review this policy periodically to stay informed about how we are protecting your data.

Contact Us

If you have any questions or concerns about this Privacy Policy, our data practices, or wish to exercise your data protection rights, please contact us at:

hello@joincomme.com