Privacy Policy

This Privacy Policy explains how DishDash2GO ("DishDash2GO," "we," "us," or "our") collects, uses, stores, and shares personal information when restaurants ("Customers") use our platform and when end users ("End Customers") place orders through a Customer's WhatsApp number that has been connected to our platform. It should be read together with our Terms of Service.

For a Customer's account-level data (logins, billing, settings), DishDash2GO acts as the data controller. For data that flows through the platform on behalf of a Customer — most importantly End Customer phone numbers, names, addresses, message content, and order history — DishDash2GO acts as a data processor. The Customer (the restaurant) is the controller of that data and is responsible for the lawful basis for collecting and using it.

From Customers (restaurants):

• Account info — email, password (hashed), restaurant name, subdomain.
• Owner/staff contact details and role assignments.
• Billing info processed by Stripe (we do not store full card numbers).
• Configuration data — menu items, prices, hours, taxes, fees, delivery zones, branding, T&C copy.
• Meta / WhatsApp Business credentials and tokens that you authorize us to use on your behalf.
• Operational telemetry — login times, dashboard usage, error logs.

From End Customers (your customers):

• WhatsApp phone number and display name (provided by Meta).
• Message content sent to or from the restaurant's number.
• Order details, item selections, delivery address, and any free-text notes the End Customer sends.
• Optional: language detected, conversation timestamps, basic device metadata supplied by Meta.

We do not intentionally collect special categories of data (e.g. health, biometric, financial account numbers, or government IDs). Do not paste such data into the platform.

• To run the ordering flow between End Customers and Customers.
• To bill Customers for their subscription.
• To monitor, secure, debug, and improve the platform.
• To generate analytics, KPIs, and operational insights for the Customer's dashboard.
• To send transactional notifications (order alerts, account events, security warnings).
• To comply with legal obligations and to enforce our Terms.

We do not sell End Customer personal information. We do not share End Customer data with one Customer for use by another.

The platform uses AI models to interpret messages, generate replies, summarize conversations, and produce business insights. AI output may be incorrect, incomplete, or include synthesized text that resembles — but is not — actual customer or order data. AI models we use may run on infrastructure operated by us or by third-party model providers under contract; in either case, we do not authorize those providers to train their models on Customer or End Customer content.

We rely on third-party services to deliver the platform. Each acts as a subprocessor for the data they receive from us:

• Amazon Web Services (AWS) — hosting, database, storage, identity, monitoring (US region).
• Meta / WhatsApp Business Platform — message transport, phone-number metadata.
• Stripe — subscription billing and (optionally) End Customer payments.
• Email / SMS providers — transactional notifications (e.g. AWS SNS, transactional email vendors).

These providers have their own privacy policies. By using the platform you authorize us to transmit relevant data to them as needed.

A Customer may revoke our access to their WhatsApp Business Account at any time through Meta Business Manager (see Section 5 of our Terms of Service). Once revoked, we no longer receive new messages or End Customer data on that number. Historical data already stored by us is handled per Section 8 below.

We retain Customer and End Customer data for as long as the Customer maintains an active account, plus a reasonable period afterward to satisfy tax, accounting, fraud-prevention, and legal-defense obligations. On account closure, the Customer may request deletion of End Customer personal data by contacting privacy@dishdash2go.com; we will delete or anonymize within 30 days unless retention is required by law.

End Customers who want their personal data deleted from a particular restaurant's records should first contact that restaurant directly. We will support the restaurant in honoring valid deletion requests.

We use commercially reasonable technical and organizational measures to protect personal data, including TLS in transit, encryption at rest for sensitive fields, role-based access controls, audit logging, and a shared-schema multi-tenant architecture in which every database query is scoped to a single restaurant. However, no system is immune from bugs, defects, or unauthorized access. If we discover a security incident that materially affects your data, we will notify the affected Customer without undue delay through the dashboard, by email, or both, as required by applicable law.

Depending on where you live, you may have rights to access, correct, export, restrict, or delete personal data we hold about you, and to object to certain processing. To exercise these rights, email privacy@dishdash2go.com. If you are an End Customer, please first contact the restaurant whose number you messaged; we will assist them in responding.

California residents have additional rights under the CCPA/CPRA; residents of the EEA, the UK, and Switzerland have additional rights under the GDPR / UK GDPR. We do not knowingly sell personal information.

The platform is hosted in the United States. If you access it from outside the U.S., personal data will be transferred to and processed in the U.S. By using the platform you consent to that transfer.

The platform is not intended for children under 13 (or the equivalent minimum age in your jurisdiction). We do not knowingly collect data from children. If you believe a child has submitted personal data, contact us and we will delete it.

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the current version. Material changes will be communicated through the dashboard or by email.

For privacy questions or requests, email privacy@dishdash2go.com.