Legal
Privacy Policy
Last updated: 22 March 2026
Tortellini is a decision engine for going out. We help groups decide where to go, not track where they've been. This policy explains exactly what we collect, what we don't, and why.
1. What we collect
We collect only what is necessary to help you plan a night out with your friends:
- Account information: Email address and display name, provided by you during sign-up.
- Home suburb: A suburb you choose to share, used to show relevant venues near you. This is not GPS — it is a location you type in yourself.
- Plan activity: Plans you create or join, including your commitment status (In / Maybe / Out) and any constraints you provide (budget preference, timing, blockers).
- Venue preferences: Venues you save and occasion preferences, used to improve recommendations.
- Plan feedback: Post-plan signals such as whether you arrived, whether the deal was honoured, and whether you saved the venue. This feeds our outcome learning loop to improve future recommendations.
- Availability signals:When you choose to broadcast that you're free tonight, including any area hint and visibility settings you select.
2. What we don't collect
These are deliberate architectural decisions, not afterthoughts:
- GPS location is never stored. If you grant location permission, your coordinates are used transiently to calculate distance to venues and then discarded. We do not build a history of where you have been.
- Individual group constraints are private.When you tell Tortellini “this is too expensive” or “I can't get there before 7pm,” that information is visible only to the plan creator as part of a synthesised group summary. Other group members never see your individual constraints.
- No permanent social graph.Friendships exist in the app, but we do not mine your contacts, import your address book, or build a shadow profile of people who haven't signed up.
- No tracking pixels or ad networks. We do not embed third-party trackers, retargeting pixels, or advertising SDKs. Your activity on Tortellini is not sold to advertisers.
- No chat content storage. If you use Chat-to-Plan by pasting a group chat, the text is processed by our AI to extract planning context (who is coming, preferences, timing) and then discarded. We do not retain the original conversation.
3. Ephemeral data
Some data in Tortellini is designed to disappear:
- Availability signals expire at 2am.When you broadcast “I'm free tonight,” that signal is automatically purged. There is no permanent record of your availability history.
- Plans auto-expire after 48 hours. Once a plan is past, the detailed plan data (member constraints, commitment states, messages) is removed. Only anonymised outcome data is retained to improve recommendations.
- No permanent social exhaust.We do not accumulate a timeline of your social activity. There is no “history” page showing everywhere you've been or everyone you've gone out with.
4. How we use your data
- Recommendations: Your suburb, occasion preferences, and past plan feedback are used to rank Moves (venue + timing + deal combinations) that are more likely to work for you.
- Group coordination: Your commitment status and constraints are used to help the plan creator assemble a plan that works for the whole group.
- Venue quality: Aggregated, anonymised plan outcomes improve our arrival confidence engine and deal accuracy scoring. No individual user is identifiable in this data.
- Account operations: Your email is used for authentication, plan invitations, and essential service notifications.
5. Third-party services
We use a small number of third-party services, each for a specific purpose:
| Service | Purpose | Data shared |
|---|---|---|
| Supabase | Authentication, database hosting, real-time updates | Account data, plan data (with row-level security) |
| Google Places API | Venue identity, location, and basic information | Search queries (no user-identifiable data) |
| OpenAI | Chat-to-Plan processing, venue data extraction, occasion scoring | Pasted chat text (processed and discarded), venue content for analysis |
| Vercel | Web application hosting | Standard web request data (IP address, user agent) |
We do not sell your data to any third party. We do not share your data with advertising networks. We do not use your data for purposes other than operating the Tortellini service.
7. Analytics
We collect anonymised, aggregated usage data to understand how the product is used and where it can be improved. This includes things like how many plans are created per week and which occasions are most popular. This data is not tied to individual users and cannot be used to identify you. We do not use Google Analytics, Facebook Pixel, or any third-party analytics platform that tracks individuals across the web.
8. Venue data
Venue information displayed in Tortellini (names, locations, hours, specials, features) is sourced from publicly available information including venue websites, social media pages, and the Google Places API. This is not personal data. Venue operators can claim their listing to correct or update information directly through Venue Studio.
9. Data retention
- Account data (email, display name, suburb, preferences) is retained while your account is active.
- Plan data (constraints, commitments, messages) is automatically deleted 48 hours after the plan date.
- Availability signals are automatically deleted at 2am on the day they were set.
- Outcome data (did the group arrive, was the deal honoured) is retained in anonymised, aggregated form to improve recommendations. It is not linked to your account after the plan expires.
- Chat-to-Plan input is processed in memory and not persisted to any database.
10. Account deletion
You can delete your account at any time from your account settings. Deletion is permanent and complete. We purge all data associated with your account, including:
- Your profile information and preferences
- All plans you created or participated in
- All friendship connections
- All availability signals
- All saved venues and occasion preferences
- Your authentication credentials
This is a full purge, not a soft delete. Once completed, your data cannot be recovered.
11. Data security
- All data is encrypted in transit (TLS) and at rest.
- Plan member constraints are encrypted at rest and enforced via row-level security policies — only the plan creator can access individual constraint data.
- Authentication is handled by Supabase Auth with industry-standard practices.
- We do not store passwords in plaintext. Authentication uses secure token-based sessions.
12. Your rights
You have the right to:
- Access the personal data we hold about you.
- Correct any inaccurate personal data.
- Delete your account and all associated data.
- Export your personal data in a portable format.
- Restrict how your data is processed — including granular control over who sees your availability signals and plan activity via per-friendship visibility levels (Close Friends / All Friends / Specific Group / Nobody).
To exercise any of these rights, contact us at the address below.
13. Australian Privacy Act
Tortellini is operated from Australia and complies with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). If you believe we have breached the APPs, you may lodge a complaint with us directly or with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
14. Changes to this policy
If we make material changes to this privacy policy, we will notify you via the app and update the “Last updated” date at the top of this page. We will not reduce your privacy protections without clear notice.
15. Contact
If you have questions about this privacy policy or how your data is handled, contact us at: