Privacy Policy

1. Introduction

Foodfy ("Company", "we", "our", "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, store, and safeguard your data when you interact with the Foodfy platform, including our website at foodfy.ai, mobile applications, APIs, merchant dashboards, AI services, drone delivery network, and all related services and features (collectively, the "Platform").

This Privacy Policy applies to all users of the Platform worldwide, including Customers, Business Partners, Delivery Partners, Territory Partners, Corporate Account administrators and employees, Investors, Influencers, NutriLife users, and visitors. By accessing or using the Platform, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Foodfy operates across 250+ countries. The specific data protection laws applicable to you may vary depending on your location. Where local law provides greater protection than this Privacy Policy, the local law prevails. Supplemental regional provisions are detailed in Section 16.

2. Data Controller

Foodfy is the data controller responsible for your personal data processed through the Platform, unless otherwise stated. For Foodfy for Work (Corporate Accounts), the enrolling organization acts as the data controller for employee personal data, and Foodfy acts as a data processor on their behalf.

For data protection inquiries, you may contact our Data Protection Officer at:

Email: [email protected]
Postal Address: Foodfy, Data Protection Officer, available upon request via [email protected]

3. Information We Collect

We collect different categories of personal data depending on how you interact with the Platform and which services you use.

3.1 All Users

Account Information: Full name, email address, phone number, date of birth, profile photograph, and encrypted password.
Authentication Data: Login credentials, two-factor authentication secrets and recovery codes, API tokens, and session identifiers.
Device and Technical Data: Device type, operating system and version, browser type and version, screen resolution, unique device identifiers, mobile network information, IP address, and push notification tokens (Expo tokens).
Usage Data: Pages visited, features used, search queries, click patterns, navigation paths, session duration, timestamps, referring URLs, and interaction events.
Location Data: Approximate location derived from IP address. With your explicit consent, precise GPS location for delivery, nearby business discovery, and location-based features.
Communication Data: Messages sent through the Platform, customer support interactions, feedback, and survey responses.

3.2 Customers

Order Data: Items ordered, order history, delivery addresses (including building name, street, apartment, floor, entry code, and delivery instructions), order preferences, special dietary requirements, and order source (web, app, kiosk, QR, WhatsApp, meal plan).
Payment Data: Payment method type, billing address, transaction amounts, and transaction history. Full payment card numbers are processed by our PCI DSS-compliant payment processor (Stripe) and are never stored on Foodfy servers.
Address Book: Saved delivery addresses including structured address components, GPS coordinates, Google Place IDs, and formatted addresses.
Preferences: Favorite businesses, saved items, dietary preferences, language and currency settings.
Reviews and Ratings: Product reviews, business ratings, delivery ratings, photos, and comments.

3.3 Business Partners

Business Information: Business legal name, trade name, subdomain, public store identifier, business type (restaurant, grocery, pharmacy, flowers, retail, supplier, brand), physical address, phone number, email, and website URL.
Legal and Financial Data: Tax identification name and number, legal entity type, banking details for payouts, and business registration documents.
Operational Data: Menu items, product catalog, pricing, inventory levels, operating hours, preparation times, delivery zones, and service configurations.
Customer Relationship Data: CRM profiles including customer order frequency, total spend, RFM (Recency, Frequency, Monetary) scores, lifecycle stage, loyalty tier, marketing opt-in status, preferred language, tags, and notes.
Employee Data: Staff member names, roles, employee codes, departments, designations, employment type, contact information, emergency contacts, banking details, identity documents, and HR records when using the People and HR feature.
Third-Party Integrations: Google Place ID, Google rating, social media profiles (WhatsApp, Facebook), and data exchanged with integrated services (accounting software, delivery platforms).
Franchise Data: Franchise brand association, outlet codes, multi-location configurations, and brand-level analytics.

3.4 Delivery Partners

Identity Verification: Government-issued identification, driver license, vehicle registration, and proof of insurance.
Real-Time Location: GPS coordinates updated during active deliveries for order tracking, route optimization, and safety purposes.
Performance Data: Number of completed orders, rejected orders, delivery times, ratings received, and earnings history.
Drone Delivery Data: For drone-capable delivery partners: drone capability status, runner type, delivery statistics, DronePort assignment, and drone operational logs.

3.5 Territory Partners

Managed Territories: Assigned territory level (Region, Country, State, City, Area), territory identifiers, and geographic scope.
Performance Metrics: Business onboarding rates, revenue generated, partner satisfaction scores, and territory growth metrics.
Application Data: Territory applicant profile information submitted during the application and onboarding process.

3.6 Corporate Account Users (Foodfy for Work)

Organization Data: Company legal name, legal entity type, trade license number, tax number, registered address, billing contact information, and logo.
Employee Data: Employee name, email, role (admin/manager/employee), department, cost center, employee reference number, wallet balance, wallet transaction history, and employment status.

3.7 Investors

Investor Profile: Accreditation status, investment preferences, identity verification documents, and communication history.
Investment Activity: Investment interests, deal participation, investment amounts, and related correspondence.

3.8 NutriLife Users

NutriLife collects sensitive health and biometric data. See Section 9 for detailed information.

3.9 Information from Third Parties

Social media platforms when you sign in using social login (Google, Facebook, Apple).
Payment processors and financial institutions for transaction verification and fraud prevention.
Public business directories and government registries for business verification and directory building.
Open Food Facts and other nutritional databases for product nutritional data.
Third-party delivery platforms (Uber Eats, Deliveroo, Talabat, Keeta, Careem) for integrated order management.
Google Maps and Places API for location, mapping, and address data.
Analytics and advertising partners for website traffic analysis and campaign measurement.

4. Legal Basis for Processing

We process your personal data on the following legal bases, as applicable under the General Data Protection Regulation (GDPR) and similar frameworks:

Performance of Contract: Processing necessary to fulfill our contractual obligations to you, including account creation, order processing, payment handling, delivery coordination, and provision of Platform features you have subscribed to or requested.
Consent: Processing based on your freely given, specific, informed, and unambiguous consent. This applies to: precise GPS location tracking, NutriLife health and biometric data collection (special category data), marketing communications and promotional emails, non-essential cookies and tracking technologies, and AI-powered photo analysis of meals.
Legitimate Interest: Processing necessary for our legitimate business interests, provided these interests are not overridden by your fundamental rights and freedoms. This includes: Platform security and fraud prevention, analytics and service improvement, personalized search results and recommendations (non-AI profiling), customer support and communication, and enforcement of our Terms of Service.
Legal Obligation: Processing necessary to comply with applicable legal requirements, including tax and accounting regulations, anti-money laundering (AML) and know-your-customer (KYC) requirements, food safety and public health regulations, data retention mandated by law, and responses to lawful government or regulatory requests.
Vital Interest: In exceptional circumstances, processing necessary to protect someone vital interests, such as emergency situations involving food allergies, safety incidents, or public health emergencies.

5. How We Use Your Information

We use the personal data we collect for the following purposes:

5.1 Core Platform Operations

Provide, maintain, operate, and improve the Platform and all its features and services.
Process and fulfill orders, payments, refunds, and deliveries.
Create, authenticate, and manage user accounts across all user types.
Enable real-time order tracking, delivery coordination, and driver/drone dispatch.
Process Business Partner payouts and financial reconciliation.
Manage Foodfy Gold subscriptions, benefits, and billing.
Operate Foodfy for Work corporate wallets, allocations, and expense tracking.

5.2 Communication

Send transactional communications including order confirmations, delivery updates, payment receipts, and account notifications.
Provide customer support and respond to inquiries through all channels (email, in-app, WhatsApp, SMS).
With your consent, send promotional communications, marketing offers, and personalized recommendations.

5.3 Personalization and AI

Personalize your experience through AI-powered search results, business recommendations, and product suggestions.
Provide Business Partners with AI-powered tools including menu optimization, demand forecasting, automated marketing content generation, and customer analytics.
Power NutriLife features including AI meal photo analysis, nutritional calculation, and personalized dietary guidance.
Enable AI chatbots and automated customer support.

5.4 Safety, Security, and Compliance

Detect, investigate, and prevent fraud, abuse, unauthorized access, and other illegal or harmful activities.
Verify the identity of Business Partners, Delivery Partners, Territory Partners, and Investors.
Comply with applicable legal obligations, tax requirements, and regulatory mandates.
Enforce our Terms of Service and other agreements.

5.5 Analytics and Improvement

Conduct aggregated and anonymized analytics to understand usage patterns and improve Platform features.
Perform A/B testing and user experience research.
Train and improve AI and machine learning models using anonymized and aggregated data.
Generate business intelligence reports and market insights.

6. How We Share Your Information

We share your personal data only as necessary to operate the Platform and provide our services. We do not sell your personal data to third parties.

6.1 With Other Platform Users

Business Partners: When you place an order, we share your name, delivery address, phone number, and order details with the relevant Business Partner to fulfill your order. Business Partners on Foodfy retain full ownership of their customer data and can export it at any time.
Delivery Partners: We share your delivery address, order pickup location, and necessary contact information with Delivery Partners to complete deliveries. Delivery Partner access to your data is limited to what is necessary for the current delivery.
Customers: Business Partner information (name, address, ratings, menu, operating hours) is displayed publicly on the Platform to enable discovery and ordering.

6.2 With Service Providers

We engage trusted third-party service providers who process data on our behalf under strict data processing agreements:

Stripe: Payment processing, subscription billing, and fraud detection.
Cloudflare: Content delivery, DDoS protection, and web application firewall.
Anthropic and OpenAI: AI and machine learning model inference for Platform AI features. Data sent to AI providers is processed under their enterprise data processing terms and is not used to train their general models.
Deepgram: Speech-to-text processing for voice-enabled features.
Twilio: SMS delivery and voice communication services.
Google: Maps, Places API, analytics, and advertising services.
Meta: Advertising campaign management and conversion tracking.
Cloud Infrastructure Providers: Server hosting, data storage, and computing services.

6.3 With Third-Party Delivery Platforms

When Business Partners use delivery platform integrations (Uber Eats, Deliveroo, Talabat, Keeta, Careem, and others), order data and necessary operational information is exchanged between the Platform and these third-party services to enable cross-platform order management. This sharing is initiated by the Business Partner and governed by the terms of each delivery platform.

6.4 With Accounting Integrations

When Business Partners connect accounting software (Xero, QuickBooks), financial transaction data, invoices, and business records are synchronized as configured by the Business Partner.

6.5 For Legal and Regulatory Purposes

When required by applicable law, regulation, legal process, subpoena, court order, or enforceable governmental request.
To enforce our Terms of Service and other agreements.
To protect the rights, property, safety, or security of Foodfy, our Users, or the public.
To detect, prevent, or address fraud, security, or technical issues.

6.6 Business Transfers

In connection with a merger, acquisition, reorganization, bankruptcy, sale of assets, or similar corporate transaction, your personal data may be transferred to the acquiring entity. We will provide notice before your personal data becomes subject to a different privacy policy.

6.7 With Your Consent

We may share your information for purposes not described in this Privacy Policy with your explicit consent.

7. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, provide our services, and comply with legal obligations. Specific retention periods include:

Active Account Data: Retained for the duration of your account plus 30 days after account deletion request to allow for recovery.
Order and Transaction Records: Retained for a minimum of 7 years to comply with tax, accounting, and financial regulations in applicable jurisdictions.
Payment Records: Retained as required by PCI DSS standards and financial regulations, typically 7 years.
Business Partner Data: Retained for the duration of the business relationship plus the legally required retention period for business records.
NutriLife Health Data: Retained while your NutriLife profile is active. Upon deletion request, health data is permanently deleted within 30 days, except where retention is required by law.
Foodfy Gold Subscription Data: Retained for the duration of the subscription plus 3 years for billing dispute resolution.
Corporate Account Employee Data: Retained for the duration of the employee enrollment plus 1 year after removal from the Corporate Account.
Communication Logs: Customer support interactions retained for 3 years for quality assurance and dispute resolution.
Analytics Data: Aggregated and anonymized analytics data may be retained indefinitely as it does not identify individuals.

When personal data is no longer needed and no legal obligation requires its retention, we securely delete or irreversibly anonymize it using industry-standard methods.

8. AI and Automated Decision-Making

Foodfy uses artificial intelligence and automated processing across multiple Platform features. We are committed to transparency about how these technologies process your data.

8.1 How AI Processes Your Data

Personalized Recommendations: AI models analyze your order history, browsing behavior, location, and preferences to recommend businesses, products, and offers. This processing is based on legitimate interest.
Search Ranking: Search results are ranked using algorithms that consider relevance, distance, popularity, ratings, and personalization signals.
Demand Forecasting: For Business Partners, AI analyzes historical order data, seasonal patterns, local events, and weather data to predict demand. This uses aggregated business data.
Menu Optimization: AI suggests pricing adjustments and menu modifications based on sales data, competitor analysis, and customer preferences. Final decisions are always made by the Business Partner.
Fraud Detection: Automated systems analyze transaction patterns, device information, and behavioral signals to identify potentially fraudulent activity. Flagged transactions may be reviewed by human analysts.
NutriLife AI: AI analyzes meal photographs to estimate nutritional content and generates personalized dietary recommendations based on your health profile. See Section 9 for details.
Automated Marketing: AI generates marketing content, email campaigns, and promotional offers for Business Partners based on customer segmentation and behavioral data.

8.2 Your Rights Regarding Automated Decisions

Under applicable law (including GDPR Article 22), you have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. Where such automated decisions are made:

You have the right to obtain human intervention and review of the decision.
You have the right to express your point of view and contest the decision.
You may request an explanation of the logic involved in the automated decision.

To exercise these rights, contact us at [email protected].

8.3 AI Data Safeguards

Data sent to third-party AI providers (Anthropic, OpenAI) is processed under enterprise data processing agreements. Your data is not used to train their general-purpose AI models.
AI model training by Foodfy uses anonymized and aggregated data that does not identify individual users.
AI outputs are probabilistic and are presented as suggestions or estimates, not definitive determinations.

9. Health and Biometric Data (NutriLife)

NutriLife processes sensitive health-related and biometric data that requires special protection under applicable privacy laws. This section provides detailed information about how we handle this data.

9.1 Categories of Health Data Collected

With your explicit consent, NutriLife may collect and process the following categories of health data:

Physical Measurements: Body weight, height, body fat percentage, waist circumference, hip circumference, and body mass index (BMI).
Vital Signs: Blood glucose levels, blood pressure readings, and heart rate.
Lifestyle Indicators: Sleep duration, hydration levels, daily step count, energy levels, stress levels, mood, and digestive health indicators.
Dietary Information: Food diary entries, meal photographs, calorie and macronutrient intake (protein, carbohydrates, fat, fiber, sugar, sodium), micronutrient intake (vitamins A through B12, calcium, iron, potassium, and others), dietary type, and food allergies.
Health Profile: Date of birth, gender, activity level, health goals (weight loss, gain, maintenance), target weight, medical conditions, supplement usage, pregnancy or breastfeeding status.
AI Analysis Data: Meal photographs analyzed by AI, confidence scores, and AI-generated nutritional estimates.

9.2 Legal Basis and Consent

Health and biometric data is classified as special category data under GDPR (Article 9) and equivalent laws worldwide. We process this data exclusively on the basis of your explicit consent, which you provide during NutriLife onboarding. You may withdraw your consent at any time by disabling NutriLife in your account settings, which will result in the deletion of your health data within 30 days.

9.3 Purpose Limitation

Your NutriLife health data is used strictly for the following purposes:

Calculating your basal metabolic rate (BMR), total daily energy expenditure (TDEE), and personalized calorie and macronutrient targets.
Tracking your food diary entries and nutritional intake over time.
Providing AI-powered dietary suggestions and meal plan recommendations.
Displaying health trends and progress toward your stated goals.

9.4 Strict Data Protection

NutriLife health data is encrypted at rest and in transit using AES-256 and TLS 1.3 encryption.
Health data is stored separately from general Platform data with additional access controls.
NutriLife health data is NEVER shared with insurance companies, employers, advertisers, or any third party for purposes unrelated to providing the NutriLife service.
Health data is NEVER used for advertising targeting or sold to third parties.
Access to health data within Foodfy is restricted to essential personnel and systems on a strict need-to-know basis.

10. Foodfy Gold Subscription Data

When you subscribe to Foodfy Gold, we process additional data related to your membership:

Subscription Data: Plan type, subscription status (active, trial, paused, cancelled, expired), start and end dates, trial period dates, and renewal dates.
Payment Data: Stripe customer ID, Stripe subscription ID, payment method (last four digits and card type only), and billing history. Full card details are stored exclusively by Stripe.
Benefit Usage: Total orders placed with Gold benefits, delivery savings, discount savings, total calculated savings, and benefit redemption logs.

This data is processed to manage your subscription, apply benefits to eligible orders, calculate your savings, and provide you with subscription management features. Legal basis: performance of contract.

11. Corporate Account and Employee Data

For Foodfy for Work (Corporate Accounts), data processing responsibilities are shared:

11.1 Data Controller Relationship

The enrolling organization (employer) acts as the data controller for employee personal data provided through the Corporate Account. Foodfy acts as a data processor, processing employee data solely as instructed by the employer and in accordance with the Foodfy for Work Data Processing Agreement.

11.2 Data Collected

Employee name, email address, and role within the Corporate Account (admin, manager, employee).
Department, cost center, and employee reference number as provided by the employer.
Wallet balance, credit history, spending history, and refund records.
Order history made using the corporate wallet, including items ordered and amounts.

11.3 Employer Responsibilities

Employers are responsible for: (a) having a lawful basis to share employee data with Foodfy; (b) informing employees about data processing through the Platform; (c) responding to employee data rights requests related to employer-controlled data; and (d) ensuring compliance with applicable employment and data protection laws.

12. Drone Delivery Operational Data

When drone delivery services are used, the following additional data is processed:

Route and GPS Data: Drone flight paths, relay points through DronePort locations, delivery GPS coordinates, and estimated arrival times.
Delivery Partner Data: For drone-capable delivery partners: real-time location during active deliveries, delivery statistics, and operational logs.
DronePort Data: DronePort utilization metrics, maintenance schedules, and operational status.
Customer Delivery Data: Precise delivery coordinates required for safe and accurate drone landing, which may be more precise than standard address-based delivery.

Drone delivery data is processed on the legal basis of contract performance and, where applicable, legitimate interest in maintaining safe and efficient delivery operations. Real-time location data of Delivery Partners is processed only during active deliveries.

13. Data Security

Foodfy implements comprehensive, industry-leading technical and organizational measures to protect your personal data:

13.1 Technical Safeguards

Encryption of all data in transit using TLS 1.2+ (HTTPS enforced across all Platform endpoints).
Encryption of sensitive data at rest using AES-256 encryption.
Web application firewall (WAF) and DDoS protection powered by Cloudflare.
Content delivery network (CDN) with edge caching for performance and security.
PCI DSS-compliant payment processing through Stripe, with no storage of full card numbers on Foodfy servers.
Two-factor authentication (2FA) available for all accounts and mandatory for privileged accounts.
API authentication using secure tokens with rate limiting and abuse detection.
Regular automated vulnerability scanning and penetration testing.

13.2 Organizational Safeguards

Role-based access controls ensuring employees can only access data necessary for their function.
Multi-tenant data architecture with country-specific database sharding, ensuring data from different jurisdictions is logically separated.
Data processing agreements with all third-party service providers.
Regular security awareness training for all personnel with access to personal data.
Incident response procedures and a dedicated security team.
Data minimization practices: we collect only the data necessary for the specified purpose.

While we implement robust security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security and encourage all users to take steps to protect their own accounts, including using strong, unique passwords and enabling two-factor authentication.

14. International Data Transfers

Foodfy operates across 250+ countries through its global infrastructure and Territory Partner network. Your personal data may be transferred to and processed in countries other than your country of residence. When we transfer personal data internationally, we implement appropriate safeguards to ensure your data remains protected:

Standard Contractual Clauses (SCCs): For transfers from the EEA/UK to countries without an adequacy decision, we use European Commission-approved Standard Contractual Clauses.
Data Processing Agreements: All third-party service providers processing personal data on our behalf are bound by comprehensive data processing agreements that include data protection obligations, security requirements, and cross-border transfer safeguards.
Country-Specific Data Sharding: Our multi-tenant architecture uses country-specific database shards, which means operational data is stored and processed within or near the geographic region of the relevant Territory, minimizing cross-border transfers for day-to-day operations.
Adequacy Decisions: Where available, we rely on adequacy decisions issued by relevant regulatory authorities.
Transfer Impact Assessments: We conduct transfer impact assessments for data transfers to countries without adequate data protection frameworks.

15. Your Privacy Rights

Depending on your location, you have various rights regarding your personal data. Foodfy is committed to honoring these rights for all users worldwide:

15.1 Universal Rights

Regardless of your location, all Foodfy users may:

Access: Request a copy of the personal data we hold about you in a structured, commonly used, machine-readable format.
Correction: Request correction of inaccurate, incomplete, or outdated personal data. You can update most information directly through your account settings.
Deletion: Request deletion of your personal data, subject to legitimate retention requirements (legal obligations, dispute resolution, fraud prevention).
Restriction: Request that we restrict the processing of your personal data in certain circumstances.
Objection: Object to the processing of your personal data for direct marketing purposes. We will comply with all opt-out requests promptly.
Withdrawal of Consent: Where processing is based on consent, withdraw your consent at any time without affecting the lawfulness of prior processing.
Account Deletion: Request complete deletion of your account and associated personal data. Account deletion requests are processed within 30 days.

15.2 How to Exercise Your Rights

You may exercise your rights by:

Accessing your account settings for self-service data management, preference changes, and account deletion.
Emailing our Data Protection Officer at [email protected] with your request.
Emailing [email protected] for general privacy inquiries.

We will verify your identity before processing requests and respond within the timeframe required by applicable law (typically 30 days, extendable by an additional 60 days for complex requests with prior notification to you).

16. Regional Privacy Rights

The following supplemental provisions apply based on your location and the applicable data protection law:

16.1 European Economic Area and United Kingdom (GDPR / UK GDPR)

If you are located in the EEA or UK, you have the following additional rights under the General Data Protection Regulation:

Data Portability: Receive your personal data in a structured, commonly used, machine-readable format and transmit it to another controller.
Right to Lodge a Complaint: You have the right to lodge a complaint with your local data protection supervisory authority. A list of EEA supervisory authorities is available at ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Automated Decision-Making: Right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects (GDPR Article 22). See Section 8.2.
Data Protection Officer: Our DPO can be reached at [email protected] for any GDPR-related inquiries.

16.2 California, United States (CCPA / CPRA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act):

Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources of collection, the business purpose for collecting, and the categories of third parties with whom we share it.
Right to Delete: Request deletion of your personal information, subject to statutory exceptions.
Right to Correct: Request correction of inaccurate personal information.
Right to Opt Out of Sale or Sharing: Foodfy does not sell your personal information. We do not share personal information for cross-context behavioral advertising without your consent.
Right to Limit Use of Sensitive Personal Information: Request limitation of the use and disclosure of sensitive personal information to what is necessary for the purposes specified.
Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

In the preceding 12 months, we have not sold personal information as defined by the CCPA/CPRA.

16.3 Brazil (LGPD)

If you are located in Brazil, you have rights under the Lei Geral de Protecao de Dados (LGPD), including the right to: confirmation of processing, access, correction, anonymization, portability, deletion of data processed with consent, information about sharing, and the right to petition the Autoridade Nacional de Protecao de Dados (ANPD).

16.4 Asia-Pacific (PDPA and Equivalent Laws)

If you are located in jurisdictions with Personal Data Protection Acts or equivalent legislation (including Singapore, Thailand, and other Asia-Pacific countries), you have rights to access, correction, deletion, restriction, and portability of your personal data as provided by applicable local law. We process your data in compliance with the applicable PDPA requirements, including obtaining consent where required and providing transparent notice of data processing activities.

16.5 Middle East and North Africa

For users in UAE, Saudi Arabia, and other MENA jurisdictions, we comply with applicable data protection regulations including the UAE Federal Decree-Law on Personal Data Protection, Saudi Arabia Personal Data Protection Law, and equivalent regional frameworks. This includes data localization requirements where applicable.

16.6 Other Jurisdictions

Foodfy is committed to complying with data protection laws in all jurisdictions where we operate. If your jurisdiction has specific data protection requirements not listed above, please contact [email protected] for information about how we protect your rights under your local law.

17. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, Foodfy will:

Notify the relevant supervisory authority within 72 hours of becoming aware of the breach, as required by GDPR Article 33 and equivalent provisions in other jurisdictions.
Notify affected individuals without undue delay when the breach is likely to result in a high risk to their rights and freedoms, as required by GDPR Article 34 and equivalent provisions.
Provide details of the nature of the breach, the categories and approximate number of data subjects and records affected, the likely consequences, and the measures taken or proposed to address the breach and mitigate its effects.
Document all personal data breaches, including the facts, effects, and remedial actions taken, in accordance with our internal breach register.

If you believe your data has been compromised, please immediately contact [email protected].

18. Children and Minors

The Platform is not intended for use by individuals under the age of 18, or the age of digital consent in their jurisdiction (which may be lower, such as 16 in most EEA countries or 13 in the United States under COPPA). We do not knowingly collect personal information from children below the applicable age threshold.

If we become aware that we have inadvertently collected personal data from a child below the applicable age threshold without parental or guardian consent, we will take immediate steps to delete that information from our systems. If you believe we have collected information from a child, please contact us immediately at [email protected].

19. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, and services. This Privacy Policy does not apply to any third-party services, and Foodfy is not responsible for the privacy practices, content, or security of any third party. This includes Business Partner websites built using the Foodfy Website Builder, which may contain additional third-party integrations selected by the Business Partner.

We encourage you to review the privacy policy of every third-party service you interact with.

20. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes:

We will update the "Last updated" date at the top of this page.
We will provide prominent notice on the Platform.
For material changes that significantly affect how we process your data, we will notify you by email at least 30 days before the changes take effect.
Where required by law, we will obtain your consent to material changes in data processing practices.

Your continued use of the Platform after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.

21. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data protection practices, please contact us through the following channels:

Data Protection Officer: [email protected]
Privacy Inquiries: [email protected]
Security Issues: [email protected]
General Support: [email protected]
Website: foodfy.ai

We are committed to resolving any complaints about our collection or use of your personal data. If you have a complaint, please contact us first. If we are unable to resolve your concern, you have the right to lodge a complaint with your local data protection supervisory authority.