Restaurant Privacy Policy

Numo Partners - Data Protection & Privacy

Effective Date: October 21, 2025 | Last Updated: October 21, 2025

Numo Eats, operating Numo Partners ("we," "us," or "our"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Numo Partners mobile application (the "App"), a restaurant order management platform that enables restaurant partners to receive and manage customer food orders in South Africa. By using the App, you consent to the practices described herein. This policy complies with the Protection of Personal Information Act (POPIA) of South Africa and Google Play Store requirements.

Information We Collect

We collect the following types of information to provide and improve our services:

Restaurant Account Information:

  • Email address and phone number (for authentication and communication)
  • First name and last name (for profile management)
  • Restaurant name and Restaurant ID
  • Access code (authentication credential in format REST-YYYY-XXXXXX)
  • Role within restaurant (Owner/Manager/Staff)
  • Business registration details

Customer Data (Read-Only for Order Fulfillment):

  • Customer names and phone numbers (for order coordination)
  • Delivery addresses (for order fulfillment and driver dispatch)
  • Order special requests and delivery instructions
  • Order history with your restaurant

Transaction and Financial Data:

  • Order details, timestamps, and status history
  • Payment information (method, status, reference numbers)
  • Earnings calculations and commission tracking
  • Transaction history and settlement records
  • Platform commission rates (default 15%)
  • Payment processing fees (included as part of platform commission rates)

Menu and Business Data:

  • Menu items, descriptions, pricing, and categories
  • Menu item images uploaded from device
  • Availability status and dietary information
  • Promotional campaigns and discount structures
  • Operating hours and restaurant status

Analytics and Usage Data:

  • Order acceptance/decline rates and reasons
  • Cancellation reasons and patterns
  • Menu item performance metrics
  • Peak ordering hours and patterns
  • App usage behavior (screens visited, actions taken)

Device and Notification Data:

  • Firebase Cloud Messaging (FCM) tokens for push notifications
  • Device identifiers for notification delivery
  • Session activity and last active timestamp
  • App usage patterns

We do not collect sensitive personal information beyond what is necessary for restaurant operations and order management.

How We Use Your Information

We use your information for the following purposes:

  • To create and manage restaurant partner accounts and authenticate staff members
  • To display incoming customer orders in real-time and enable order acceptance/decline
  • To process order confirmations, track preparation status, and coordinate with delivery drivers
  • To calculate earnings, track commissions, and process payments to restaurant partners
  • To send push notifications for new orders, status updates, and system alerts via Firebase and Expo Notifications
  • To enable menu management, promotional campaigns, and business analytics
  • To provide customer information necessary for order fulfillment and delivery coordination
  • To comply with legal obligations, prevent fraud, and resolve disputes
  • To improve the App and develop new features based on usage patterns

Customer data is accessed on a read-only basis solely for order fulfillment purposes. Restaurants cannot modify customer data through this App.

Third-Party Services and Sharing

We share information only as necessary to operate the App:

Supabase: For backend database, real-time order synchronization, and authentication (shared: all account data, orders, menu info, earnings; their privacy policy: https://supabase.com/privacy)

Firebase Cloud Messaging: For push notifications about new orders and updates (shared: FCM device tokens, user IDs; their privacy policy: https://policies.google.com/privacy)

Expo Notifications: For notification management and fallback delivery (shared: device info, push tokens; their privacy policy: https://expo.dev/privacy)

Paystack: For payment processing of customer orders (shared: transaction details for commission tracking; their privacy policy: https://paystack.com/privacy; compliant with PCI DSS)

Formspree: For restaurant application form submissions during onboarding (shared: application data; their privacy policy: https://formspree.io/legal/privacy-policy)

Google Maps API (optional): For delivery tracking and directions if enabled (shared: location data; their privacy policy: https://policies.google.com/privacy)

We do not sell your personal data. Data may be shared with:

  • Delivery drivers for order fulfillment (customer delivery information)
  • Platform administrators for support and dispute resolution
  • Authorities if required by law (e.g., under POPIA or for fraud prevention)

International transfers (e.g., to Google, Supabase, or Paystack servers) are protected by standard contractual clauses and encryption.

Data Security and Retention

We implement reasonable security measures (e.g., encryption in transit and at rest, access controls, secure authentication) to protect your data, aligned with PCI DSS for payment handling. However, no system is infallible, and we cannot guarantee absolute security.

Data is retained as long as needed for service provision:

  • Account info: Until account deletion or 2 years of inactivity
  • Order history: 7 years for legal/tax compliance reasons
  • Financial records: 7 years per South African tax law
  • Menu data: Until manually deleted or account termination

Your Rights Under POPIA and Google Play

As a South African user, you have rights under POPIA:

Access: Request a copy of your personal data

Correction: Update inaccurate information through the App or by contacting us

Deletion: Request erasure (account deletion removes most data within 30 days; some financial records retained for legal compliance)

Objection/Portability: Object to processing or request data export in a structured format

Withdraw Consent: Revoke permissions (e.g., notifications, camera) at any time, though this may limit App functionality

To exercise rights, contact us at support@numoeats.com. We respond within 30 days. For data deletion requests via Google Play, use the App's settings or contact support.

Children's Privacy

The App is intended for business use by restaurant staff 18+ years of age. We do not knowingly collect data from children. If we discover such data, it will be deleted.

Changes to This Policy

We may update this policy; changes will be posted in the App with notice. Continued use constitutes acceptance.

Contact Us

Numo Eats

Email: support@numoeats.com

Phone: +27817908420

Address: Tuthong Street, Soshanguve - DD, Pretoria, South Africa

For privacy complaints, contact the Information Regulator of South Africa.