Privacy Policy

The Scraper app and its backend API respect your privacy. Below we describe what data is collected and how it is processed, in line with the project structure.

1. Data we process

• Registration and login: username, email address, and password. Passwords are stored on the server only as a cryptographic hash (bcrypt); they are never stored or logged in plain form.
• Restaurant registration: a one-time invite key is used (only its hash is stored on the server), plus username, email, and password under the same rules.
• On your device (iOS): access and refresh tokens are stored in the iOS Keychain, protected by the device passcode or biometrics.

2. What is stored on the server

• Users: identifier, username, email, password hash, role, token version. Passwords and tokens are never written to logs.
• Offers (discount feed): public data: restaurant name, photo, discount text, address, Yandex Maps link.
• Restaurant invites: key hash, restaurant name, expiry; issued keys are stored only as hashes.
• Technical data: revoked token list (by fingerprint, not the token itself), rate limiting by IP — no storage of personal data in plain form.

3. Logging

Server logs record only request path, HTTP method, response code, and duration. Request bodies, passwords, tokens, and other personal data are not logged. Sensitive keys in log metadata are automatically redacted.

4. Purpose of use

Data is used only for authentication, profile display, and app features (offers feed, profile, logout). We do not share your data with third parties for advertising or sell it.

5. Security

Communication with the server is over HTTPS only. Passwords are stored as a strong hash. Tokens on the device are stored in the iOS Keychain. The server does not log passwords or tokens.

6. Contact

For privacy and personal data enquiries: scraperteam@mail.ru.

← Back to main · Политика конфиденциальности (рус.)