Skip to content

Privacy Policy

Last updated: December 19, 2024

Your privacy and data security are our top priorities.

Our Privacy Commitment

At Supaorder, we believe that privacy is a fundamental right. We are committed to being transparent about how we collect, use, and protect your information while providing you with the tools and controls you need to manage your privacy.

  • Enterprise Security
  • Global Compliance
  • Full Transparency

1. Information We Collect

We collect information to provide, improve, and protect our services. The information we collect falls into several categories:

Restaurant Account Information

  • Business name, address, and contact details
  • Owner/manager information and credentials
  • Business registration and licensing data
  • Tax identification numbers
  • Banking and payment information
  • Menu items, pricing, and descriptions
  • Operating hours and delivery zones
  • Staff accounts and permissions

Customer Data (On Your Behalf)

  • Customer names and contact information
  • Delivery addresses and preferences
  • Order history and payment data
  • Loyalty program participation
  • Customer reviews and feedback
  • Communication preferences
  • Device and browser information
  • App usage and interaction data

Technical and Usage Information

Platform Usage:

  • Dashboard interactions and feature usage
  • Order processing and management activities
  • Report generation and data exports
  • Integration configurations and API usage

Technical Data:

  • IP addresses and geolocation data
  • Device identifiers and browser information
  • Performance metrics and error logs
  • Security event logs and access patterns

Important Note About Customer Data

When you use Supaorder, you remain the data controller for your customer information. We process this data on your behalf as a data processor. You are responsible for obtaining proper consent from your customers and complying with applicable privacy laws.

2. How We Use Your Information

We use the information we collect for specific, legitimate business purposes that benefit you and improve our services:

Service Delivery & Operations

  • Process and manage your restaurant orders
  • Provide customer support and technical assistance
  • Generate analytics and business insights
  • Facilitate payment processing and billing
  • Maintain and improve platform performance
  • Customize your dashboard and user experience
  • Send important service notifications
  • Manage integrations with third-party services

Security & Compliance

  • Detect and prevent fraud and security threats
  • Monitor for unauthorized access or misuse
  • Comply with legal and regulatory requirements
  • Conduct security audits and investigations
  • Verify identity and business legitimacy
  • Maintain audit trails and compliance records
  • Respond to legal requests and court orders
  • Protect intellectual property rights

Product Development & Improvement

  • Analyze usage patterns to improve features
  • Develop new products and services
  • Conduct research and testing
  • Optimize platform performance and reliability
  • Create aggregated, anonymized insights
  • Benchmark industry trends and metrics
  • Test new features and improvements
  • Enhance user interface and experience

3. Information Sharing & Disclosure

We do not sell your personal information. We only share information in specific circumstances and with appropriate safeguards:

Authorized Service Providers

We work with trusted third-party service providers who help us deliver our services. These providers are contractually bound to protect your information and use it only for specified purposes:

  • Payment processors (Stripe, PayPal, etc.)
  • Cloud infrastructure providers (AWS, Google Cloud)
  • Customer support platforms
  • Analytics and monitoring services
  • Email and communication services
  • Security and fraud prevention tools
  • Backup and disaster recovery services
  • Legal and compliance consultants

Legal Requirements & Protection

We may disclose information when required by law or to protect our rights and the safety of our users:

  • In response to valid legal requests (subpoenas, court orders)
  • To comply with applicable laws and regulations
  • To protect against fraud, security threats, or illegal activities
  • To enforce our Terms of Service and protect our rights
  • In connection with business transfers or acquisitions

With Your Consent

We may share information in other circumstances with your explicit consent:

  • Integration with third-party services you choose
  • Participation in marketing or promotional activities
  • Business partnerships you specifically authorize
  • Research studies you opt into

4. Data Security & Protection

We implement comprehensive security measures to protect your information from unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards

  • AES-256 encryption for data at rest
  • TLS 1.3 encryption for data in transit
  • Multi-factor authentication (MFA)
  • Regular security audits and penetration testing
  • Intrusion detection and prevention systems
  • Automated security monitoring and alerts
  • Secure coding practices and code reviews
  • Regular security updates and patches

Operational Security

  • Role-based access controls and permissions
  • Employee background checks and training
  • Secure development lifecycle (SDLC)
  • Incident response and breach notification procedures
  • Regular backup and disaster recovery testing
  • Physical security at data centers
  • Vendor security assessments
  • Compliance monitoring and reporting

Compliance Certifications

  • SOC 2 Type II — Security & Availability
  • PCI DSS — Payment Security
  • GDPR — EU Privacy
  • CCPA — California Privacy

5. Your Privacy Rights

You have important rights regarding your personal information. We provide tools and processes to help you exercise these rights:

Access & Portability Rights

  • Right to Access: Request copies of your personal data
  • Data Portability: Export your data in machine-readable formats
  • Transparency: Understand how your data is processed
  • Processing Records: Access logs of data processing activities

Control & Correction Rights

  • Right to Rectification: Correct inaccurate information
  • Right to Erasure: Request deletion of your data
  • Right to Restrict: Limit how we process your data
  • Right to Object: Opt out of certain processing activities

How to Exercise Your Rights

Self-Service Options:

  • Account dashboard settings
  • Data export tools
  • Privacy preference center
  • Communication preferences

Contact Methods:

Response Timeline:

  • Acknowledgment: 48 hours
  • Simple requests: 5-10 days
  • Complex requests: 30 days
  • Extensions communicated

Important Considerations

Some rights may be limited by legal requirements or legitimate business interests. For example, we may need to retain certain information for tax, legal, or security purposes. We'll explain any limitations when responding to your requests.

6. Data Retention

We retain your information only as long as necessary for the purposes outlined in this policy:

  • Active Accounts: Data retained while your account is active and for legitimate business purposes
  • Closed Accounts: Most data deleted within 90 days, some retained for legal/tax requirements
  • Legal Requirements: Financial records retained for 7 years, security logs for 2 years

7. International Data Transfers

As a global service, we may transfer your information internationally. We ensure appropriate safeguards are in place:

Transfer Mechanisms:

  • Standard Contractual Clauses (SCCs)
  • Adequacy decisions by data protection authorities
  • Binding Corporate Rules (BCRs)
  • Explicit consent where required

Data Locations:

  • Primary servers: United States (AWS)
  • Backup facilities: European Union
  • Support operations: India
  • Regional processing as needed

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

  • Provide at least 30 days' notice of material changes
  • Email notifications to account holders
  • Post updates prominently on our website
  • Maintain an archive of previous versions

8. Contact Our Privacy Team

If you have questions about this Privacy Policy or want to exercise your privacy rights, please contact us:

Privacy Officer

Email: [email protected]
Phone: +1 (331) 234-5453
Response time: 48 hours

Mailing Address

Devkart Technologies LLP
Attn: Privacy Officer
106, Min Nagar
Gobichettipalayam, Tamil Nadu 638452
India

EU Representative: For GDPR-related inquiries from EU residents, you may also contact our EU representative at [email protected]