Privacy Policy

Last updated: January 2025

This Privacy Policy explains how Ordera ("we", "our", or "us") collects, uses, and protects your personal information when you use our services at ordera.org, eat.ordera.org, book.ordera.org, and roam.ordera.org.

1. Information We Collect

We collect information you provide directly to us, including:

• Account registration details (name, email address, password)
• Business information (restaurant or business name, address)
• Payment information (processed securely by Stripe — we do not store card details)
• Menu content, order data, and booking data you create within our platform
• Customer email addresses provided voluntarily for order receipts or booking confirmations
• eSIM order details (email address, destination, plan selected) for Ordera Roam
• Messages you send us via our contact form

We also automatically collect certain technical information when you use our services, including IP address, browser type, device type, and usage data.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain our services
• Process payments and manage subscriptions via Stripe
• Send transactional emails (order confirmations, booking confirmations, eSIM delivery, receipts)
• Respond to your enquiries and provide customer support
• Send service-related communications (important updates, security notices)
• Improve and develop our products
• Comply with legal obligations

3. Data Sharing

We do not sell your personal data. We share data only with:

• Stripe — for payment processing. Stripe's privacy policy applies to payment data.
• eSIM providers — for delivering eSIM plans purchased through Ordera Roam. Only the minimum data required to provision the eSIM is shared.
• Email service providers — for sending transactional emails only.
• Infrastructure providers — for hosting and operating our services (Cloudflare, hosting providers).

We may disclose information if required by law or to protect the rights and safety of our users.

4. Data Retention

We retain your account data for as long as your account is active. Order and booking history is retained for up to 2 years for business record purposes. You may request deletion of your data at any time by contacting us.

5. Your Rights

Under applicable data protection laws (including GDPR where applicable), you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Object to or restrict processing of your data
• Request a copy of your data in a portable format

To exercise any of these rights, contact us at hello@ordera.org.

6. Cookies

We use essential cookies to operate our services (authentication sessions). We do not use advertising or tracking cookies. You can disable cookies in your browser settings, though this may affect functionality.

7. Security

We implement appropriate technical and organisational measures to protect your data. All data is transmitted over HTTPS. Payment data is handled exclusively by Stripe and is never stored on our servers.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by posting a notice on our website. Continued use of our services after changes constitutes acceptance of the updated policy.

9. Contact

For any privacy-related questions or to exercise your rights, contact us at hello@ordera.org.