Privacy Policy

Effective date: 3 May 2026  ·  bestcheesecakeintheworld.com

1. Who We Are

Best Cheesecake in the World is a personal project operated by a small team of cheesecake enthusiasts publishing rankings at bestcheesecakeintheworld.com. For questions about this policy, use the contact form on the website.

2. Information We Collect

Website — forms

When you submit a cheesecake, request an assessment, or send us a message, we collect the information you fill in:

• Submit a Cheesecake: venue name, city, country, optional website & address, your rating and notes, optional photo URL, your name and email address.
• Request an Assessment: restaurant name, address, website, contact person name, email, optional phone number, optional message.
• Contact form: your name, email address, optional subject and message.

Form submissions are sent to Firebase (Google) and stored in Firestore so our team can review them. We use your email address only to follow up on your submission — never for marketing.

Website — community votes

When you vote on a cheesecake ranking, that vote is stored only in your browser's localStorage. It never leaves your device and is not linked to any identity.

Website — behavioural analytics (ContentSquare)

We use ContentSquare to analyse how visitors navigate the website. ContentSquare collects anonymised behavioural data including mouse movements, clicks, scrolls, and page navigation (used for heatmaps and session recordings). IP addresses are anonymised before storage and are never retained in full.

ContentSquare SAS is based in Paris, France (EU), so data remains within the EU. You can opt out at any time via the ContentSquare Privacy Center.

Website — hosting and CDNs

The website is hosted on GitHub Pages. GitHub may log your IP address when you visit. We load fonts from Google Fonts and the map library from unpkg.com — those providers may log your IP address per their own privacy policies. Map tiles are served by OpenStreetMap contributors.

iOS app — Sign in with Apple

The app uses Sign in with Apple as its sole authentication method, implemented through Firebase Authentication. When you sign in:

• Apple authenticates you on-device and issues a secure identity token. We never receive your Apple ID password.
• We request your full name scope on first sign-in only, so we can set a display name for you inside the app. Apple may relay a real name or a relay email address — you control what is shared in the Apple sign-in dialogue.
• Firebase Authentication stores a unique user ID (derived from your Apple identity) and your display name. This is used to identify your assessments and manage your access to the app.
• We do not receive or store your Apple ID email address unless Apple explicitly relays it as part of the sign-in. If Apple provides a private relay email, we do not use it for any communication.

You can revoke the app's access to your Apple ID at any time under Settings → [Your Name] → Password & Security → Apps Using Apple ID on your iPhone.

iOS app — analytics & performance (optional)

With your consent, we collect anonymous usage analytics (screens visited, features used) and performance metrics (app startup time, network timing) via Firebase Analytics and Firebase Performance. You can opt out at any time in Settings → Privacy. No data is collected without your explicit consent.

iOS app — push notifications

If you grant notification permission, Firebase Cloud Messaging (FCM) assigns a token to your device. This token is used only to deliver in-app notifications about assessment activity. It is not used for advertising.

iOS app — photos

When you attach a photo to an assessment, it is saved to your device's local storage. Photos are not automatically uploaded to any server. If an assessment is published, an admin may upload the photo separately to our public GitHub repository.

iOS app — GitHub token (admins only)

Admin users may enter a GitHub Personal Access Token to publish rankings. This token is stored exclusively in your device's secure Keychain and is never transmitted to any server other than GitHub's API.

3. How We Use Your Information

• To authenticate you and identify your assessments inside the app.
• To review and respond to cheesecake submissions, assessment requests, and contact messages.
• To send push notifications about assessment activity to assessors who have granted permission.
• To improve the app's reliability and user experience (only with your consent, via Firebase Analytics and Performance).
• We do not use your information for advertising, profiling, or automated decision-making.

4. Third-Party Services

We rely on the following third parties. Each has its own privacy policy.

• Apple (Sign in with Apple) — apple.com/legal/privacy
• Firebase / Google (authentication, firestore, cloud messaging, analytics, performance) — firebase.google.com/support/privacy
• ContentSquare SAS (website behavioural analytics, EU-based) — contentsquare.com/privacy-center
• GitHub (Pages hosting, API) — github.com privacy policy
• Google Fonts — fonts.google.com/about
• unpkg / npm (Leaflet.js CDN) — unpkg.com
• OpenStreetMap (map tiles) — osmfoundation.org privacy policy

5. Data Retention

• Firebase Authentication user records are retained while your account is active. If you delete the app and revoke Apple ID access, your Firebase Auth record will remain until you request deletion.
• Form submissions are kept in Firestore until they have been reviewed and actioned, after which they may be deleted.
• Published cheesecake rankings are stored in our public GitHub repository indefinitely as part of the list.
• Analytics and performance data is retained per Google's standard Firebase retention settings (up to 14 months).
• Community votes in localStorage are cleared if you clear your browser data.

6. Your Rights

If you are in the European Economic Area or United Kingdom, you have rights under GDPR / UK GDPR including the right to access, correct, or request deletion of personal data we hold about you. To exercise these rights, use our contact form. We will respond within 30 days.

To request deletion of your app account and associated data, contact us via the contact form and mention "Account Deletion" in your message. We will delete your Firebase Authentication record and any personal data within 30 days.

You can withdraw analytics and performance consent at any time in the iOS app under Settings → Privacy. If you withdraw consent, collection stops immediately for future sessions.

7. Children

This website and app are not directed at children under 16. We do not knowingly collect personal information from anyone under 16.

8. Changes to This Policy

We may update this policy when the site or app changes materially. The effective date at the top of this page reflects the most recent revision. Continued use of the site or app after a change constitutes acceptance of the updated policy.

9. Contact

Questions about this privacy policy? Use the contact form on the main site and mention "Privacy" in the subject line.