Privacy Policy

Numo Eats - Customer App Data Protection & Privacy

Effective Date: October 21, 2025 | Last Updated: October 21, 2025

Numo Eats, operating Numo-Eats ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Numo-Eats mobile application (the "App"), a food delivery marketplace that connects customers with local restaurants in South Africa. By using the App, you consent to the practices described herein. This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and Google Play Store requirements.

Information We Collect

We collect the following types of information to provide and improve our services:

Account Information:

  • Email address and/or phone number (for authentication and communication)
  • First and last name (for profile management and order personalization)

Location Data:

  • Precise GPS location (accessed via device permissions) to set up delivery addresses, calculate real-time delivery distances and fees, and display nearby restaurants
  • Saved delivery addresses (including street address, city, and postal code) for future orders

Payment Information:

  • Credit/debit card details (tokenized and stored securely by our third-party payment gateway; we do not store full card numbers)
  • Transaction history and in-app wallet balance (for digital payments and refunds)

Order History and Preferences:

  • Details of food orders, including customizations, preferences, delivery addresses, order notes, and special instructions (e.g., utensil requests or drop-off preferences like "meet at door" or "leave at location")

Device and Usage Data:

  • Device identifiers and Firebase Cloud Messaging (FCM) tokens for delivering push notifications (e.g., order updates)
  • App usage data (e.g., search queries, viewed menus) to improve recommendations and functionality

We do not collect sensitive personal information (e.g., health data) unless voluntarily provided in order notes.

How We Use Your Information

We use your information for the following purposes:

  • To create and manage your user account, process orders, and facilitate payments (credit/debit cards, in-app wallet, or cash on delivery)
  • To calculate delivery fees based on distance and provide real-time tracking using location data
  • To send push notifications for order status updates, promotions, and support via Firebase and Expo Notifications
  • To personalize your experience (e.g., recommending restaurants based on order history)
  • To comply with legal obligations, prevent fraud, and improve the App
  • For refunds: Cancelled orders are automatically refunded to your in-app wallet

Location data is only accessed when you grant permission and is used solely for delivery-related features. You can revoke location access at any time via device settings.

Third-Party Services and Sharing

We share information only as necessary to operate the App:

Google Maps API: For address autocomplete, geocoding, and distance calculations (shared: location data; their privacy policy: https://policies.google.com/privacy)

Payment Gateway: For secure card processing and transaction handling (shared: payment details; compliant with PCI DSS)

Supabase: For backend database and authentication (shared: account and order data; their privacy policy: https://supabase.com/privacy)

Firebase Cloud Messaging: For push notifications (shared: device tokens; their privacy policy: https://policies.google.com/privacy)

Service Providers: Limited sharing with analytics or support tools, bound by confidentiality

We do not sell your personal data. Data may be shared with:

  • Restaurants: For order fulfillment (e.g., delivery instructions)
  • Authorities: If required by law (e.g., under POPIA or for fraud prevention)

International transfers (e.g., to Google or Supabase servers) are protected by standard contractual clauses.

Data Security and Retention

We implement reasonable security measures (e.g., encryption, access controls) to protect your data, aligned with PCI DSS for payments. However, no system is infallible, and we cannot guarantee absolute security.

Data is retained as long as needed for service provision:

  • Account info: Until account deletion
  • Order history: 7 years for legal/compliance reasons
  • Location data: Deleted after order completion unless saved by you

Your Rights Under POPIA and Google Play

As a South African user, you have rights under POPIA:

Access: Request a copy of your personal data

Correction: Update inaccurate information

Deletion: Request erasure (e.g., account deletion removes most data within 30 days; some may be retained for legal reasons)

Objection/Portability: Object to processing or request data export in a structured format

Withdraw Consent: Revoke permissions (e.g., location) at any time, though this may limit App functionality

To exercise rights, contact us at support@numoeats.com. We respond within 30 days. For data deletion requests via Google Play, use the App's settings or contact support.

Children's Privacy

The App is not intended for children under 13. We do not knowingly collect data from children. If we discover such data, it will be deleted.

Changes to This Policy

We may update this policy; changes will be posted in the App with notice. Continued use constitutes acceptance.

Contact Us

Numo Eats

Email: support@numoeats.com

Phone: +27 81 790 8420

Address: Tuthong Street, Soshanguve - DD, Pretoria, South Africa

For privacy complaints, contact the Information Regulator of South Africa.