Legal

Privacy Policy

GCC-wide. Compliant with UAE PDPL, Saudi Arabia PDPA, and applicable data protection frameworks.

Introduction

BiteCloud (referred to as 'we', 'us', or 'our') is committed to protecting the privacy and personal data of all individuals who interact with our platform, including operators, staff members, and end customers. This Privacy Policy explains what data we collect, how we use it, how we store and protect it, and what rights you have in relation to your data.

By accessing or using BiteCloud, you agree to the terms of this Privacy Policy. If you do not agree, you should discontinue use of the platform immediately.

Who This Policy Applies To

  • Operators: businesses and individuals who subscribe to BiteCloud as a platform
  • Staff users: employees and contractors who access the platform on behalf of an operator
  • End customers: individuals who interact with operator-facing channels powered by BiteCloud, including online ordering, QR ordering, and loyalty programs

Data We Collect

Operator data

  • Business name, trade license details, and contact information
  • Billing information and payment method details (processed by third-party payment gateways, not stored by BiteCloud)
  • Platform usage data including session activity, feature usage, and configuration settings
  • Communication history with BiteCloud support

Staff data

  • Name, email address, and phone number
  • Role and permission assignments
  • Device identifiers including UUID and browser fingerprint for registered devices
  • Action logs including orders processed, payments handled, and system interactions

End customer data

  • Name, email address, phone number, and delivery addresses
  • Order history and transaction records
  • Loyalty points balance, tier status, and redemption history
  • Device and browser information collected during platform interactions
  • Location data where provided for delivery zone validation

How We Use Your Data

  • To provide, operate, and maintain the BiteCloud platform
  • To process orders, payments, and loyalty transactions
  • To send transactional communications including order confirmations, receipts, and status updates
  • To generate operational and financial reports for operators
  • To enforce security, prevent fraud, and maintain audit trails
  • To improve platform performance and develop new features
  • To comply with applicable legal obligations across GCC jurisdictions

Data Storage and Retention

All data is stored on secure cloud infrastructure with encryption at rest and in transit. BiteCloud operates primary infrastructure within the UAE region. Data is retained for the duration of the operator's active subscription and for a period of 36 months following account termination, unless a shorter retention period is required by applicable law or requested by the data subject.

Payment card data is never stored by BiteCloud. All card transactions are processed directly by the operator's connected payment gateway. BiteCloud retains only the transaction reference, payment method type, and last four digits where provided by the gateway.

Data Sharing

BiteCloud does not sell personal data to third parties. Data is shared only in the following circumstances:

  • With payment gateway providers to process transactions
  • With aggregator platforms to fulfill delivery orders placed through those channels
  • With accounting integration providers where the operator has configured such an integration
  • With infrastructure and monitoring service providers under strict data processing agreements
  • With regulatory or law enforcement authorities where required by applicable GCC law

Data Subject Rights

Individuals whose data is processed by BiteCloud have the following rights, subject to applicable law in their jurisdiction:

  • Right to access: request a copy of the personal data held about you
  • Right to rectification: request correction of inaccurate or incomplete data
  • Right to erasure: request deletion of personal data where there is no legitimate basis for continued processing
  • Right to restriction: request that processing be limited in certain circumstances
  • Right to data portability: receive your data in a structured, machine-readable format
  • Right to object: object to processing based on legitimate interests

To exercise any of these rights, contact us at privacy@bitecloud.io. Requests will be acknowledged within 5 business days and resolved within 30 days.

Cookies

BiteCloud uses cookies and similar tracking technologies on its platform and website. See the Cookie Policy for full details.

Security

BiteCloud implements technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption at rest and in transit, role-based access controls, device fingerprinting, audit logging, and regular security assessments.

Changes to This Policy

BiteCloud reserves the right to update this Privacy Policy at any time. Operators will be notified of material changes by email or through the platform. Continued use of the platform following notification constitutes acceptance of the updated policy.

Contact

For privacy-related inquiries, contact: privacy@bitecloud.io