Vol. IV Field edition · A$0.00

The Lunch Dossier

bypurpl

“An office’s lunch, settled, one sitting at a time.”

Section · The Fine Print

Privacy Policy

Last filed · 13 May 2026


The Lunch Dossier exists to help a small office settle one lunch decision a week. The data we hold is the minimum needed to do that. This page covers what we collect, where it lives, who can see it, and how to make us delete it.

1 · Who we are

The Lunch Dossier is operated by purpl, a small studio based in Sydney, Australia. You can reach us at contact@purpl.au.

2 · What we collect

When you sign up and use the dossier, we collect:

  • Email address — to authenticate your account.
  • Display name + optional avatar — so your teammates know who picked what.
  • Office location — latitude, longitude, and the street address you set in Standing Orders. Shared with the rest of your organisation.
  • Lunch days and rotation cadence— also part of the organisation’s settings.
  • Visit history— the restaurants you’ve picked, the date filed, and any optional notes or ratings teammates leave.
  • Rejections and blocks — the places your org has decided not to go to.
  • Push notification token— your device’s push token, only if you opt in to notifications.
  • Authentication metadata — IP and user-agent at sign-in, plus Apple or Google identifiers when you use those sign-in methods.

We do not collect: device location outside what you set as your office, contacts, calendar, IDFA or ad tracking IDs, biometric data, payment information, or anything about children under 13.

3 · Where your data lives

  • Postgres database — Supabase, hosted on AWS in Sydney (ap-southeast-2). TLS in transit, encryption at rest.
  • Authentication tokens — stored as secure HTTP-only cookies set by Supabase Auth.
  • Restaurant cache — short-term cache of public OpenStreetMap data near your office, stored in Supabase. Not personal data; rebuildable any time by clearing it.

We don’t have offices outside Australia and we don’t ship your data to non-Australian processors except where listed below for sign-in only.

4 · How we use your data

We only use your data to make the dossier work for your team:

  • Show the masthead, the next pick, and the archive of past lunches.
  • Surface restaurants within walking distance of your office and remember which ones you’ve already been to.
  • Route the duty pointer to the right person on the right day.
  • Send transactional emails (sign-up confirmation, magic links, password reset) and the push notifications you opt into.

We do not:

  • Sell or rent your data to third parties.
  • Show advertising in the app.
  • Build behavioural or analytics profiles for targeting.
  • Use your data to train AI models. We don’t run one.

5 · Who can see what

  • Visible to your teammates— your display name, avatar, the picks you’ve filed, ratings and notes you leave, your spot on the duty pointer.
  • Read-only to you — your email, your push token, your in-app notification inbox.
  • Admin-only inside your org — the audit log of membership changes, the moderation queue if you ever invite the dossier to a larger group.

Cross-org visibility is zero. One organisation’s data never appears in another. This is enforced at the database level via Postgres Row-Level Security, not just in the client.

6 · Your rights

Under the Australian Privacy Act, GDPR (if you’re in the EU), and CCPA (if you’re in California), you have the right to:

  • Accessyour data. Email us and we’ll send you a JSON export.
  • Correctyour data. Edit your profile in-app; for things you can’t edit yourself, email us.
  • Delete your account and everything tied to it. In-app via account settings, or email us. We act within 30 days.
  • Object to processing. Contact us; for most of what the app does, processing is necessary for the service, so we may not be able to comply without you closing your account.
  • Portability. JSON export on request.
  • Withdraw consent to push notifications via your device settings.

To exercise any of these: contact@purpl.au. We don’t charge a fee; we don’t require ID for most requests.

7 · Data retention

  • Active accounts — held indefinitely, until you delete.
  • Deleted accounts— purged within 30 days. Visits you filed may persist as anonymised entries (your handle replaced with “former member”) so the team’s archive stays readable.
  • Backups — Supabase retains point-in-time backups for 7 days; deletes propagate.
  • Auth sessions — invalidated immediately on sign-out or account delete.

8 · Children under 13

The dossier is built for offices. We don’t direct it at children under 13 and don’t knowingly collect their data. If you’re a parent and believe your child has signed up, email us and we’ll remove the account.

9 · Third-party processors

ProcessorWhat they handleLocation
Supabase Inc.Postgres, auth, edge functionsAWS ap-southeast-2 (Sydney)
Vercel Inc.Hosting and edge delivery for the dossier site itselfGlobal edge
OpenStreetMap / OverpassPublic restaurant data near your office (no personal data sent)Global
Apple Inc.Sign in with Apple (if used)USA
Google LLCSign in with Google (if used)USA

10 · Security

  • Passwords hashed via Supabase Auth.
  • All API calls over TLS 1.2+.
  • Database access protected by Row-Level Security; no client can read another org’s rows.
  • Service-role keys held only on operator machines, never in the app bundle.
  • Regular security audits (most recent: May 2026).

Found a vulnerability? Email contact@purpl.au with subject SECURITY. We respond within 48 hours.

11 · Changes

We’ll notify users in-app of material changes. The “Last filed” date at the top of this page reflects the most recent edit.

12 · Contact

Email · contact@purpl.au

For Australian-specific complaints unresolvable via the above: the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.