Privacy Policy

Fooddable ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our mobile applications, website, and related services (collectively, the "Services").

By using Fooddable, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information to provide and improve our Services. The types of data we collect depend on how you use Fooddable:

1.1 Account & Profile Information

• Name and display name — for personalising your experience
• Email address — for account authentication and communication
• Phone number — for account recovery, order coordination, and pickup verification
• User ID (UID) — a unique identifier generated by Firebase Authentication
• Platform role — whether you use Fooddable as a consumer, restaurant operator, or admin
• Account creation and update timestamps

1.2 Restaurant Business Information

If you register as a restaurant partner, we collect:

• Restaurant display name and legal name
• Business address, city, and neighbourhood
• Cuisine tags and food categories
• Pickup instructions for customers
• Approval status and moderation history
• Payout and settlement details for earnings disbursement
• Staff member roles and permissions within your restaurant account

1.3 Order & Transaction Data

• Order details — surprise bag title, quantity, restaurant, pickup window
• Order status — confirmed, ready for pickup, redeemed, expired, or refunded
• Redeeming code — used to verify and collect orders at restaurants
• Payment information — transaction reference, amount, currency (ZAR), and payment status via Paystack
• Order timestamps — creation, payment, redemption, and expiry times

1.4 Location Data

• Device location — with your permission, to show nearby restaurants and surprise bags
• Favourite locations — areas you save for quick browsing

1.5 Device & Push Notification Data

• FCM device token — for sending push notifications about orders, pickups, and support updates
• Device platform — Android, iOS, or web
• Notification authorisation status
• Active Fooddable module — consumer, restaurant, or admin app

1.6 Support & Refund Data

• Support case details — reason for contact, order references, and resolution notes
• Refund requests — including reasons and admin review notes

1.7 Usage & Analytics Data

• App feature usage and interactions
• Crash reports and performance diagnostics
• Session activity and navigation patterns

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide our Services — enabling you to browse, purchase, list, and redeem surprise bags
• To process payments — through our payment partner, Paystack
• To send operational notifications — order confirmations, pickup reminders, status updates, and support resolutions
• To verify pickups — restaurants use redeeming codes to confirm order collection
• To moderate and approve — restaurant partners are reviewed before joining the marketplace
• To handle disputes — refund cases and support inquiries
• To improve our Services — analysing usage patterns and fixing issues
• To comply with legal obligations — such as tax and financial record-keeping

3. How We Share Your Information

We do not sell your personal data. We only share information in the following limited circumstances:

• Between consumers and restaurants — when you place an order, the restaurant receives your name, phone number, order details, and redeeming code to fulfil the pickup
• With Paystack — to process and verify your payments securely
• With Firebase/Google — for authentication, database hosting, push notifications, and analytics (governed by Google's privacy practices)
• With our team — admin operators may access data necessary for moderation, support, and marketplace health monitoring
• For legal reasons — if required by law, regulation, or legal process

4. Data Storage & Security

Your data is stored in Firebase Firestore, hosted by Google Cloud, with the following security measures:

• Data is encrypted in transit (TLS) and at rest
• Firestore security rules enforce strict access controls — you can only access your own data or data you are authorised to see
• Firebase Auth custom claims enforce role-based access (consumer, restaurant, admin)
• Cloud Functions handle sensitive operations (payments, order finalisation) server-side to prevent tampering
• Firebase App Check adds an additional layer of protection against unauthorised API access

While we take strong measures to protect your data, no internet-based service can be 100% secure. We continuously monitor and improve our security practices.

5. Your Data Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the data we hold about you
• Correction — update inaccurate or incomplete information
• Deletion — request deletion of your account and associated data
• Restriction — limit how we process your data
• Portability — receive your data in a structured, machine-readable format
• Objection — object to certain types of processing, such as direct marketing

To exercise any of these rights, please contact us using the details below. We will respond within the timeframes required by applicable law.

6. Push Notifications

We use Firebase Cloud Messaging (FCM) to send you operational updates about:

• Order confirmations and status changes
• Pickup readiness reminders
• Order collection confirmations
• Refund and support case resolutions
• New order alerts (for restaurant partners)

You can manage notification permissions through your device settings at any time. On Android and iOS, you can also disable specific notification channels within the app.

7. Location Services

We request access to your device's location solely to show nearby restaurants and surprise bags. Location data is:

• Used only while you are actively browsing the app
• Not stored persistently unless you save a favourite location
• Never shared with third parties for advertising

You can disable location access at any time through your device settings, though this will limit nearby discovery features.

8. Data Retention

We retain your data for as long as necessary to provide our Services and comply with legal obligations:

• Account data — retained while your account is active; deleted upon account deletion request
• Order and payment records — retained for at least 5 years for tax and financial compliance
• Support and refund cases — retained for 3 years after resolution
• Device tokens — removed when you sign out or when Firebase reports them as invalid
• Analytics data — retained for up to 2 years, then anonymised or deleted

9. Children's Privacy

Fooddable is not intended for use by children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us immediately so we can delete the information.

10. Third-Party Services

Fooddable relies on the following third-party services:

• Firebase (Google) — authentication, database, storage, analytics, and push notifications
• Paystack — payment processing
• Google Maps / Location Services — nearby restaurant discovery (via device location APIs)

Each of these services has its own privacy policy and data handling practices. We encourage you to review them.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes through the app or by email. Your continued use of Fooddable after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please reach out to us: