BestBasket NL

Back to home

Privacy Policy

Last updated: February 2026

1. Who we are

BestBasket NL is a grocery price comparison service for Dutch supermarkets. This privacy policy explains how we handle your data in accordance with the General Data Protection Regulation (GDPR) and the Dutch Uitvoeringswet AVG (UAVG).

2. What data we process

Essential local storage (no consent required)

  • Your grocery list (stored in your browser only)
  • Selected stores (stored in your browser only)
  • Consent preferences (stored in your browser only)

Analytics (with consent)

  • Anonymous usage events (e.g. number of items parsed, stores compared)
  • Stored in your browser only until a third-party analytics service is integrated

Account data (if you sign in)

  • Email address (for authentication via magic link)
  • Savings history (amounts saved per session)
  • Profile preferences (usual store, dietary restrictions)
  • Push notification subscription (if enabled)

3. Third-party data processors

Supabase (database and authentication)

Stores account data when you sign in. Supabase processes data under GDPR-compliant terms. Data may be stored in EU and US regions.

OpenAI (meal plan parsing)

When you submit a meal plan, recipe URL, or food photo, the text or image content is sent to OpenAI for processing into a grocery list. OpenAI may process this data in the United States. We do not send your email, name, or other personal identifiers to OpenAI. You are asked for explicit consent before your first submission.

Mapbox (maps)

If you view the store map, your approximate location may be shared with Mapbox for rendering the map. This is loaded from Mapbox CDN.

4. Location data

We request your browser location to find nearby stores. This happens via the browser geolocation API, which requires your explicit permission. Your coordinates are sent to our server to calculate store distances but are not stored permanently. If you deny location access, we default to a central location in the Netherlands.

5. Legal basis

Essential storage: Legitimate interest (Art. 6(1)(f) GDPR) - necessary for the service to function.

Analytics: Consent (Art. 6(1)(a) GDPR) - only with your explicit opt-in.

Account data: Contract performance (Art. 6(1)(b) GDPR) - necessary to provide account features you requested.

OpenAI processing: Consent (Art. 6(1)(a) GDPR) - explicit consent before first submission.

6. Data retention

Local browser storage: until you clear your browser data or revoke consent.

Account data: until you delete your account.

Savings history: automatically deleted after 24 months of inactivity.

Push subscriptions: automatically deleted if the endpoint becomes invalid or after 12 months of inactivity.

7. Your rights

Under the GDPR, you have the right to:

  • Access your data (download via your profile settings)
  • Correct your data (edit your profile)
  • Delete your data (delete your account in profile settings)
  • Port your data (export as JSON via profile settings)
  • Object to processing (revoke consent via the consent banner or profile settings)
  • Restrict processing (contact us)
  • Lodge a complaint with the Autoriteit Persoonsgegevens (Dutch Data Protection Authority)

8. Cookies

BestBasket does not use tracking cookies. We use localStorage (browser local storage) for essential functionality and optional analytics. Supabase authentication may use session cookies strictly for login purposes.

9. Contact

For privacy-related questions or to exercise your rights, contact us at: privacy@bestbasket.nl