Effective Date: April 1, 2026 · AK Enterprise Inc.
When you create an account, we collect your name, email address, birthday, city, state, and optional preferences like dietary restrictions and a profile photo. We also collect information you provide when using the app, including deal claims, photo verifications, food truck spot reports, wait time reports, survey responses, wishlist items, itinerary plans, and order history.
We automatically collect device information (browser type, operating system), approximate location data when you grant permission, and usage patterns to improve the app experience.
Location data is central to how BirthdayDeaLight works. We use your location to show you birthday deals and food trucks near you, calculate distances to businesses, verify that you are near a business when claiming an offer or submitting a spot report, and provide weather-aware scheduling for food truck vendors.
Location data is processed in real time and is not stored permanently. We use latitude and longitude coordinates only while you are actively using the app. You can revoke location permission at any time through your device settings, though some features will be limited without it.
We access your camera only when you choose to upload a photo for deal verification, profile pictures, or menu scanning. Photos uploaded for verification are analyzed to confirm you visited a business and are stored securely. You can delete your account and all associated photos at any time.
Camera access is never activated without your explicit action. We do not access your camera in the background.
If you opt in, we send push notifications about birthday deal reminders, new deals in your area, order updates, and community activity. You can opt out of push notifications at any time through your profile settings or your device notification settings.
We collect a device token for delivering notifications. This token is tied to your account and is deleted when you opt out or delete your account.
Your account data is stored in a secure MongoDB database. We store your profile information, deal tracking history, points and badges, punch card progress, order history, and preferences. All data is transmitted over HTTPS encryption.
Passwords are hashed using bcrypt and are never stored in plain text. We use JWT tokens for session management with short-lived access tokens and secure refresh tokens.
We use the following third-party services, each with their own privacy policies:
We retain your account data for as long as your account is active. If you request account deletion, your account is deactivated immediately and all personal data is permanently deleted after a 30-day grace period. During this grace period, you can contact us to restore your account.
Anonymous, aggregated data (such as total deal claims per category) may be retained indefinitely for analytics purposes.
You can delete your account directly from the app by going to your Profile page and selecting "Delete my account." You will be asked to confirm your decision. Your account will be deactivated immediately and permanently deleted after 30 days.
You can also request account deletion by emailing hello@birthdaydealight.com with the subject line "Account Deletion Request" and your registered email address.
If you have questions about this privacy policy or how we handle your data, contact us at:
Made with Emergent