Legal

Data deletion guide

This guide explains how to request deletion of your BuffIt account or selected personal data in a GDPR-compliant way. It applies to guests, restaurant partners and business users alike.

Fast path: delete your account directly in your profile

You can remove your account yourself at any time: sign in and open buffitapp.com/profile, switch to the tab Settings and in the section Privacy tap Delete account. After a short confirmation, BuffIt automatically removes:

  • Favorites, visit history and created reviews.
  • Notifications, messaging tokens and active sessions, and existing push devices are signed out.
  • Stored notification settings and marketing preferences.
  • Submitted restaurants are not deleted, but the submitter mapping is anonymized; claimed restaurants lose the owner connection.
  • The underlying Firebase login is deleted by default so the account is signed out immediately.

This process calls the privacy endpoint /api/user/privacy/account and by default passes the option to remove the linked Firebase account. That removes both app access and traceable records in one step. If you also need a written confirmation, follow the extended steps below.

1. Send your request

  • Send us an email to [email protected] or use the in-app contact form in the profile area ("Support and privacy").
  • Include the email address or phone number you used to register with BuffIt so that we can identify your account clearly.

2. Confirm your identity

  • For security reasons we need proof that you are the account holder, for example via the registered email address or a one-time code.
  • For restaurant or business accounts, additional business registration evidence may be required.

3. Choose the scope

  • Tell us whether you want to delete the whole account or only specific data such as restaurant uploads or marketing data.
  • Mandatory records that must be retained for tax or commercial law reasons are kept for the legally required retention period and deleted afterwards.

4. Processing and confirmation

  • We process deletions within 30 days. In complex cases we will inform you about a possible extension of another 30 days.
  • Once deletion is completed, you will receive confirmation by email. On request, we can also provide a PDF confirmation.

Direct contact for deletion requests

Please mention the subject "Data deletion" and the affected email address. We reply with an acknowledgement within one business day.

Privacy team

Business support

  • For restaurant and campaign requests
  • [email protected]
  • +49 5361 890 993 0 (Mon-Fri, 10:00-16:00)
Email the privacy team

Important notes

  • Transaction and invoice data may need to be retained for up to 10 years by law. They are locked and deleted only after the retention period ends.
  • If you manage multiple restaurants, please include all restaurant IDs or profile links so that no data is missed.
  • You can request a status update at any time. We document each step in our privacy ticket system.