Privacy Policy

Last updated: April 9, 2026

DirectBite ("we," "our," or "us") operates the DirectBite mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, phone number, and password when you create an account.
• Profile Information: Profile picture, saved addresses, and date of birth (optional).
• Payment Information: Credit/debit card details processed securely through Stripe. We do not store your full card number on our servers.
• Order Information: Your order history, special instructions, dietary preferences, and restaurant reviews.
• Communications: Messages you send to us through customer support or feedback channels.

1.2 Information Collected Automatically

• Device Information: Device type, operating system, unique device identifiers, and app version.
• Location Data: With your permission, we collect your device location to show nearby restaurants. You can disable location access in your device settings.
• Usage Data: Pages visited, features used, time spent in the app, and interaction patterns.
• Push Notification Tokens: To send you order updates and relevant notifications.

1.3 Information from Third Parties

• Google Sign-In: If you sign in with Google, we receive your name, email, and profile picture from Google. We do not access your Google contacts, calendar, or other data.
• Payment Processor: Stripe provides us with transaction confirmation details (not your full card number).

2. How We Use Your Information

We use your information to:

• Process and fulfill your food orders
• Send order status notifications (confirmed, preparing, ready for pickup)
• Show restaurants near your location
• Process payments securely
• Provide customer support
• Improve our Service and develop new features
• Send promotional offers and loyalty rewards (you can opt out at any time)
• Prevent fraud and ensure platform security
• Comply with legal obligations

3. How We Share Your Information

We share your information only in these circumstances:

• With Restaurants: Your name, order details, and phone number are shared with the restaurant fulfilling your order so they can prepare it and contact you if needed.
• Payment Processing: Stripe processes your payment information. See Stripe's Privacy Policy.
• Analytics: We use Firebase Analytics and Crashlytics to understand app usage and fix bugs. This data is aggregated and anonymized.
• Legal Requirements: We may disclose your information if required by law, court order, or governmental authority.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity.

We do not sell your personal information to third parties.

4. Data Security

We implement industry-standard security measures to protect your information:

• All data is transmitted over HTTPS/TLS encryption
• Passwords are hashed using bcrypt (we never store plaintext passwords)
• Payment data is handled entirely by Stripe (PCI DSS compliant)
• Access to user data is restricted to authorized personnel only
• We conduct regular security audits

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

5. Data Retention

• Account Data: Retained as long as your account is active. You can request deletion at any time.
• Order History: Retained for 3 years for legal and tax purposes, then anonymized.
• Payment Records: Retained as required by financial regulations (typically 7 years).
• Analytics Data: Aggregated data is retained indefinitely. Individual-level data is deleted after 14 months.

6. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Update or correct your personal information through the app or by contacting us.
• Deletion: Request deletion of your account and personal data. You can do this in the app under Profile > Settings > Delete Account.
• Opt-Out: Unsubscribe from marketing emails and push notifications at any time through the app settings.
• Data Portability: Request your data in a machine-readable format.

To exercise any of these rights, contact us at privacy@directbite.app.

7. Children's Privacy

DirectBite is not intended for children under the age of 13. We do not knowingly collect personal information from children under 13. If we discover that we have collected information from a child under 13, we will delete it immediately.

8. Cookies and Tracking

Our website uses essential cookies for authentication (session cookies) and security (CSRF tokens). We do not use third-party advertising cookies. Our mobile app does not use cookies.

9. Third-Party Services

Our Service integrates with the following third-party services, each with their own privacy policies:

• Stripe — Payment processing
• Firebase (Google) — Push notifications, analytics, crash reporting
• Cloudflare — Content delivery and security

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

• Email: privacy@directbite.app
• Website: www.directbite.app