Bisso
All legal documents

Privacy Policy

Last updated: 25 June 2026 · Controller: Tor Jensen, a private individual based in Copenhagen, Denmark · Privacy contact: privacy@bisso.app

1. Who we are

Bisso ("we", "us") runs a restaurant-review website (https://bisso.app) focused on honest, structured, per-dish reviews. We are the data controller for the personal data described here. We are not required to appoint a Data Protection Officer; for any privacy question contact us at privacy@bisso.app.

2. What we collect and why (and our legal basis)

DataExamplesPurpose & legal basis (GDPR Art. 6)
Accountemail address, handle, display name, optional bio and avatarCreate and operate your account and reviewer profile — performance of a contract (Art. 6(1)(b))
Reviews & ratingsreview text, dish ratings, title, visit date, wait time, per-person spend, noise level, take-away details, the language you wrote inPublish your contributions — the core service — contract (Art. 6(1)(b))
Social actionswho you follow, favourites/wishlist, quick-ratesPower feeds and collections — contract (Art. 6(1)(b))
Approximate distancea one-off distance between you and a venue, stored only on take-away reviewsShow "how far it travelled"; computed from your device location in your browser — we do not store your coordinates or any location history — legitimate interest (Art. 6(1)(f))
Technical/operationalminimal logs needed to run and secure the serviceSecurity and abuse-prevention — legitimate interest (Art. 6(1)(f))

We do not collect special-category data, and we do not store payment data. "Near me" uses your browser's geolocation only while you use it and only with your device's permission.

Is providing this required? To create an account you must provide an email address and a handle/display name — these are necessary to operate your account and publish your contributions, and without them we cannot provide the account-based service. Everything else (bio, avatar, the content of your reviews) is optional.

3. Machine translation

If you read a review in a language other than the one it was written in, we may send that review's text to a translation provider to produce a translation, which we cache. Translations are clearly labelled machine-translated, and you can always view the original.

4. Who we share it with (processors)

We use service providers ("processors") who act only on our instructions under a data-processing agreement:

  • Supabase — database, authentication and email relay (your data is stored in the EU / Frankfurt);
  • Vercel — website hosting and serverless compute (EU / Frankfurt region);
  • Google — sign-in, if you choose "Continue with Google" (processes your Google email/name);
  • Zoho Mail — sending sign-in and notification emails (EU data centre);
  • a geocoding provider — restaurant addresses, not your location.

We do not sell your data. Your published reviews and public profile are, by design, visible to anyone.

5. Where your data is processed (international transfers)

Your data is stored and processed in the EU (Frankfurt, Germany). Some of our providers are US-incorporated companies that may access this data from outside the EEA; this counts as an international transfer under the GDPR, and each is covered by a legal safeguard:

  • Vercel and Google are certified under the EU-US Data Privacy Framework;
  • Supabase relies on the European Commission's Standard Contractual Clauses in its data-processing agreement;
  • Zoho processes via its EU data centre under its agreement.

You can request a copy of the safeguards at privacy@bisso.app.

6. How long we keep it

We keep personal data only as long as needed (full schedule on our Data Retention page). In short: your account and published content stay until you delete them or close your account; drafts and operational logs are kept for limited periods; a minimal moderation record (the action and who took it, never your content) may be kept for up to 12 months for abuse-handling. If you close your account, your published reviews are deleted or irreversibly anonymised; where a review is kept in anonymised form to preserve the public corpus, we do so on the basis of our legitimate interest in the integrity of that corpus.

7. Your rights (GDPR)

You have the right to access (Art. 15), rectification (Art. 16), erasure (Art. 17), restriction (Art. 18), data portability (Art. 20), and to object (Art. 21) to processing based on legitimate interest; and to withdraw consent where processing relies on it. Erasure is implemented — closing your account erases your profile and personal data, and your published reviews are removed or irreversibly anonymised. To exercise any right, contact privacy@bisso.app. You also have the right to lodge a complaint with your supervisory authority — in Denmark, Datatilsynet (datatilsynet.dk).

8. Automated decision-making

We rank and weight reviews and reviewer reputation using automated scoring to order what you see. We do not make decisions that produce legal or similarly significant effects about you solely by automated means (Art. 22 GDPR).

9. Children

The service is not intended for children under 13 (the minimum age for online services in Denmark under § 6 of the Danish Data Protection Act). You confirm you are at least 13 when you create an account; if we learn we hold a younger child's data, we will delete it.

10. Changes

We'll post changes here and update the date above; we will notify you of material changes in-product or by email.