top of page

Privacy Policy

Kahsay LLC

Version: 1.0

Last Updated: May 1, 2026

Effective Date: May 1, 2026

 

Kahsay LLC ("Kahsay," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use the Kahsay mobile application and any related services (collectively, the "Service").

This Policy applies to residents of the United States. The Service is intended for use within the United States only.

Please read this Policy carefully. By using the Service, you agree to the practices described here. If you do not agree, do not use the Service.

 

Section 1. Information We Collect

1.1 Information You Provide Directly

  • Account Information: Name, email address, phone number, birthday, and password when you create an account.

  • Profile Information: Flavor preferences, cuisine interests, dining habits, and other information you choose to add to your flavor profile.

  • Allergy Information: Food allergies you voluntarily submit. This is Sensitive Personal Information and Consumer Health Data (see Section 4). Collection of this data requires your affirmative consent, which you provide before data entry into the Service.

  • Dietary Preferences: Lifestyle and dietary choices such as vegan, vegetarian, halal, kosher, gluten-free, and similar preferences you choose to add to your flavor profile. These are treated as standard profile data, not health data.

  • User-Generated Content: Reviews, photos, ratings, comments, and other content you submit through the Service.

  • Communications: Messages you send to Kahsay LLC, including support requests and feedback.

1.2 Information Collected Automatically

  • Usage Data: Information about how you interact with the Service, including dishes and restaurants viewed and interacted with, features used, search queries, and session duration.

  • Device Information: Device type, operating system and version, app version, unique device identifiers, and crash data.

  • Location Data: Precise or approximate geolocation data when you grant location permissions, used to surface nearby restaurants and provide location-relevant recommendations. This is Sensitive Personal Information (see Section 4).

  • Log Data: IP address, timestamps, and activity logs associated with your use of the Service.

  • Analytics Data: Aggregated and anonymized data about usage patterns, feature performance, and app behavior.

  • Inferred and Derived Data: Flavor profile scores, taste preference rankings, and other inferences drawn from your activity, inputs, and interactions with the Service to build and refine your personal flavor profile. This data powers the personalized recommendations you receive.

1.3 Information from Third Parties

  • Platform Providers: If you create an account using Apple Sign-In or Google Sign-In, we receive your name and email address from those providers.

  • Restaurant Data Providers: We obtain restaurant, menu, and dish information from one or more of the following: publicly available data, third-party providers, or restaurant-submitted information.

 

Section 2. How We Use Your Information

We use the information we collect for the following purposes:

To Provide and Improve the Service:

  • Create and manage your account

  • Build and maintain your personal flavor profile

  • Generate personalized dish and restaurant recommendations

  • Display restaurant, menu, and dish information

  • Enable UGC submission and display

  • Provide customer support

To Personalize Your Experience:

  • Tailor content, recommendations, and features to your stated preferences, dietary needs, and usage patterns using AI-powered recommendation systems (see Section 8)

For Safety and Security:

  • Detect and prevent fraud, abuse, and unauthorized access

  • Enforce our Terms of Service

  • Comply with legal obligations, including CSAM reporting

For Communications:

  • Send transactional messages (account confirmations, subscription notices, receipts)

  • Notify you of updates to the Service or these Terms

  • Send marketing communications where you have opted in

For Analytics and Service Development:

  • Analyze usage trends to improve the Service

  • Conduct research and development using aggregated and anonymized data

  • Monitor Service performance and resolve technical issues

For De-Identified Commercial Purposes:

  • Kahsay may create, maintain, and share aggregated, de-identified data derived from the following categories for commercial purposes, including market research reports, industry analytics, and data licensing ("Commercial Data"): (a) flavor profiles and taste preferences; (b) cuisine and dish preferences and ratings; (c) restaurant discovery and engagement patterns; and (d) app usage and feature interaction behavior. Kahsay may add additional categories to Commercial Data. Commercial Data does not include and is never derived from food allergy information, dietary or health restriction data that identifies or is reasonably linkable to a physical or mental health condition, or any Sensitive Personal Information as defined under applicable law. Kahsay publicly commits to maintaining and using Commercial Data only in de-identified and aggregated form. We implement reasonable technical and organizational measures to ensure this data cannot be associated with individual consumers or households. Any third party that receives Commercial Data is contractually prohibited from attempting to re-identify the data or associate it with individual consumers or households.

 

Section 3. How We Share Your Information

We do not sell your personal information for money.

However, we may share your information in the following circumstances:

Service Providers: We share personal information with third-party vendors and service providers who perform services on our behalf, such as cloud hosting, analytics, payment processing, email delivery, and customer support tools. These service providers are contractually prohibited from using your personal information for purposes other than providing services to us.

Categories of service providers include: cloud infrastructure providers, analytics platforms, payment processors (through the applicable app store), email service providers, and customer support platforms.

 

Targeted Advertising Partners: We may share certain identifiers (such as device advertising IDs) and activity data with advertising service providers for the purpose of serving targeted advertisements. This sharing may constitute a "sale" or "sharing" of personal information under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). You have the right to opt out; see Section 7.

Legal Requirements: We may disclose personal information when required by law, court order, or government authority, or when we believe disclosure is necessary to protect our rights, prevent fraud, or protect the safety of our users or others.

Business Transfers: If Kahsay LLC undergoes a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. Your continued use of the Service following the transfer constitutes acceptance of the successor’s privacy practices which will remain subject to applicable privacy law.

With Your Consent: We may share your information for other purposes with your explicit consent.

 

De-Identified Commercial Data: We may share Commercial Data with third parties as described in Section 2. All such sharing is subject to the positive enumeration, exclusions, and de-identification commitments described there.

Other Users and the Public: When social and User-Generated Content features are active, certain profile information and content you submit may be visible to other users of the Service and, in some cases, the public. The scope of what is visible will depend on your privacy settings and the features in use. Content shared with other users may be cached, copied, or stored by those individuals, and Kahsay LLC is not responsible for any such downstream use.

 

Section 4. Sensitive Personal Information and Consumer Health Data

4.1 Sensitive Personal Information (CPRA)

Under the California Privacy Rights Act (CPRA), certain categories of information receive heightened protection as "Sensitive Personal Information" (SPI). Kahsay LLC collects the following SPI:

 

Precise Geolocation: Used to identify nearby restaurants and provide location-relevant dish recommendations. Processed in real-time and cached only for the duration of your active session.

 

Dietary Restrictions and Allergy Information: Health-adjacent information you provide to personalize your experience and receive allergen-relevant warnings. Used solely to provide the Service. Never used for targeted advertising. Never included in Commercial Data shared with third parties.

 

Your Right to Limit Use of SPI: You have the right to direct Kahsay LLC to limit use of your Sensitive Personal Information to purposes necessary to provide the Service. To exercise this right, use the in-app privacy controls under Settings > Privacy, or contact us at support@kahsay.app.

 

4.2 Consumer Health Data (Washington MHMDA and Nevada SB 370)

The Washington My Health My Data Act (MHMDA) and Nevada Senate Bill 370 provide additional protections for "consumer health data," which includes food allergy information and dietary restrictions that identify or are reasonably linkable to a physical health condition.

Affirmative Authorization Required: Before you enter any food allergy or health-condition-linked dietary restriction into the app, Kahsay will present a consent screen identifying the data as health-related, explaining how it will be used, and requiring your affirmative tap to proceed. You may withdraw this consent at any time by deleting your allergy data from your profile or by deleting your account.

 

Use Limitation: Consumer health data is used exclusively to personalize your in-app experience, specifically to filter dish recommendations and display allergen warnings. It is never used for targeted advertising, never included in Commercial Data, and never shared with third parties except as required by law.

 

Consumer Health Data Privacy Policy: For complete disclosures regarding our collection and handling of consumer health data as required by MHMDA, please review our standalone Consumer Health Data Privacy Policy, which is separately linked from the app.

Section 5. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law.

Retention periods apply to personal information maintained in connection with your account. Certain data derived from your activity may be retained in aggregated, de-identified form beyond these periods for commercial and analytical purposes as described in Section 2. De-identified data is not associated with you individually and is not subject to deletion requests.

 

Account Information: Retained for the duration of your account plus 30 days. Deleted upon a fulfilled account deletion request.

 

Flavor Profile and Preferences — Retained for the duration of your account plus 30 days. Deleted upon a fulfilled account deletion request.

 

Precise Location Data: Session only. Deleted at the end of each session.

Dietary and Allergy Information: Retained for the duration of your account plus 30 days. Deleted upon a fulfilled account deletion request.

User-Generated Content: Retained indefinitely per our Terms of Service. Deleted upon an account deletion request or a UGC removal request.

Usage and Analytics Data: Retained for 24 months on a rolling basis in aggregated form.

Payment Transaction Records: Retained for 7 years as required by applicable law.

Support Communications: Retained for 3 years from the date of case closure.

Legal Hold Data: Retained for the duration of any applicable legal hold. Deleted when the hold is lifted.

 

Section 6. Security

We implement commercially reasonable technical, administrative, and physical safeguards to protect your personal information against unauthorized access, loss, misuse, or alteration. These include encryption of data in transit (TLS), virtual private cloud (VPC), access controls, and regular security assessments.

 

No security measure is perfect or impenetrable. We cannot guarantee the absolute security of your information. You use the Service at your own risk.

 

Section 7. Your Privacy Rights

Depending on your state of residence, you may have the following rights:

 

Right to Know and Access: Request a copy of the personal information we hold about you and information about how we use and share it.

 

Right to Delete: Request deletion of your personal information, subject to certain exceptions (for example, information we are required to retain by law).

 

Right to Correct: Request correction of inaccurate personal information.

 

Right to Data Portability: Request a copy of your personal information in a portable, machine-readable format.

 

Right to Opt Out of Sale and Sharing: Opt out of the sharing of your personal information for targeted advertising purposes (see Section 3). To exercise this right, use the "Do Not Sell or Share My Personal Information" toggle in Settings > Privacy, or visit kahsay.app/privacy-choices. We do not respond to Do Not Track (DNT) signals transmitted by browsers or devices.

 

Right to Limit Use of Sensitive Personal Information: Limit our use of your geolocation and dietary/allergy data to purposes necessary to provide the Service (see Section 4).

 

Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. We will not deny you access to the Service, charge you different prices, or provide a lower quality of service because you exercised a privacy right.

 

Functional Data Requirements: Some features of the Service depend on specific categories of personal information to operate. Choosing not to provide certain data, or exercising your right to limit its use, may affect the availability of specific features. For example, location data is required to surface nearby restaurants; your flavor profile inputs are required to generate personalized recommendations; and dietary and allergy data is required to provide allergen filtering and warnings. These are functional limitations, not a consequence of exercising your privacy rights.

 

State-Specific Rights: Residents of California, Virginia, Colorado, Connecticut, Texas, Florida, Oregon, Montana, Iowa, Indiana, Tennessee, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Kentucky, Rhode Island, and other states with comprehensive privacy laws in effect may have additional rights under their respective state laws. The rights described in this section generally satisfy the requirements of those laws. Contact us at support@kahsay.app for state-specific inquiries.

Section 8. AI and Personalized Recommendations

8.1 Overview

The Service uses artificial intelligence to generate personalized dish and restaurant recommendations based on your flavor profile, preferences, usage patterns, and location data. This system does not make decisions that produce legal or similarly significant effects on you; its purpose is to surface food content you may enjoy based on your inputs.

 

8.2 How the Recommendation Engine Works

Kahsay's recommendation system draws on four categories of data: (a) the flavor preferences and taste ratings you have submitted; (b) the cuisine types, dishes, and restaurants you have engaged with, saved, or rated; (c) your general location at the city or region level, used to surface nearby options; and (d) aggregate patterns from users with similar profiles, applied to surface dishes you have not yet discovered. These inputs are processed automatically to generate a ranked list of dishes and restaurants predicted to align with your preferences. No human reviews or adjusts individual recommendations; the ranking is produced entirely by the automated system. The practical consequence is that the content displayed throughout the app, including your discovery feed, search results, and featured content, reflects your individual profile rather than general popularity or random selection. Users with different profiles will see different results for the same underlying restaurant and dish data.

 

8.3 AI-Generated Images

If the Service uses AI to generate or enhance images, we provide disclosure of AI-generated content where required by law. You may request information about whether specific content is AI-generated by contacting support@kahsay.app.

Section 9. How to Submit a Privacy Request

To exercise any of your privacy rights, submit a Data Subject Access Request (DSAR) by emailing support@kahsay.app with the subject line "Privacy Request," or by using the privacy request feature in Settings > Privacy if available in your version of the app.

 

Your request must include your name and the email address associated with your Kahsay account. We may need additional information to verify your identity before processing your request.

 

Verification: To protect your privacy, we verify your identity before processing access or deletion requests. Verification is performed by confirming your registered email address through a secure verification link.

 

Response Timeline: We will respond substantively within 45 calendar days of receipt. Where reasonably necessary, we may extend this period by an additional 45 days; we will notify you if an extension is required.

Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We will require written authorization or a valid power of attorney before processing requests from agents.

 

Right to Appeal: If we deny your privacy rights request in whole or in part, we will inform you of the reason for the denial. You may appeal our decision by submitting a written appeal to support@kahsay.app with the subject line "Privacy Appeal" within 30 days of receiving our decision. We will make reasonable efforts to respond to your appeal within 45 days. If your appeal is denied, we will provide you with information on how to submit a complaint to the Attorney General in your state of residence, where applicable under state law.

 

Section 10. Data Breach Notification

In the event of a security incident affecting your personal information, we will notify you and applicable regulatory authorities in accordance with applicable law. We will provide notice no later than the deadline required by your state of residence, unless law enforcement directs a delay.

 

Section 11. Children's Privacy

The Service is available to users 13 years of age and older. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected personal information from a child under 13, please contact us immediately at support@kahsay.app and we will promptly investigate and delete such information.

 

Users between the ages of 13 and 17 must have a parent or legal guardian who has reviewed and agreed to this Policy and our Terms of Service on their behalf. By using the Service, a user in this age group represents that their parent or legal guardian has done so.

 

Users who are 13 to 15 years old must provide affirmative opt-in consent before we will sell or share their personal information for targeted advertising purposes. By default, we do not sell or share the personal information of users in this age group without that consent. Users who are 16 or 17 years old are also subject to an opt-in default: sale or sharing of their personal information for targeted advertising is off by default and requires affirmative activation. This reflects both the CPRA opt-in requirement for users under 16 and the opt-in requirements for minors up to age 17 under applicable state laws including the New York Child Data Protection Act and others. We will not sell or share the personal information of any user we know to be under 18 without the required affirmative consent.

 

Section 12. California-Specific Rights

CCPA/CPRA Rights. California residents have the rights described in Section 7, including the right to opt out of sale/sharing, right to limit use of SPI, and right to non-discrimination.

 

Section 13. Third-Party Links and Services

The Service may contain links to third-party websites, restaurant ordering platforms, or other services. This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you use.

 

Section 14. Changes to This Policy

When we make material changes, we will notify you by in-app notification or email to the address associated with your account with reasonable advance notice before the revised Policy takes effect. Your continued use of the Service after the effective date constitutes acceptance of the updated Policy.

 

Section 15. Contact Us

For privacy-related questions, requests, or concerns, contact us at:

Kahsay LLC

Address: 3400 Cottage Way, Ste G2 #34436, Sacramento, CA 95825

Email: support@kahsay.app

 

© 2026 Kahsay LLC. All rights reserved.

bottom of page