Platia

1. Data Controller and Roles

For orders, the selected restaurant acts as an independent data controller for the processing necessary to prepare and hand over your order. The platform operator acts as a separate controller for platform operations (e.g. fraud prevention) and as a processor where we handle order data strictly on behalf of the restaurant. Our payment provider (Stripe) acts as an independent controller for payment processing.

2. Legal Bases (GDPR Art. 6)

Performance of a contract (Art. 6(1)(b)) – order processing and communications.
Legitimate interests (Art. 6(1)(f)) – service security, fraud prevention, service improvement.
Legal obligation (Art. 6(1)(c)) – accounting/tax retention and compliance.
Consent (Art. 6(1)(a)) – for optional communications where applicable.

3. Information We Collect

Identification and contact details (name, phone, email if provided), order details (items, options, price), payment status from the payment provider, device/technical data for security, and your support messages. Payment card data is handled by Stripe and not stored on our systems.

2. How We Use Your Information

We use the information we collect to:

Process and fulfill your orders
Send you order confirmations and updates
Communicate with you about your orders
Improve our services and user experience
Comply with legal obligations

4. Recipients and Processors

We share data with: the restaurant fulfilling your order; payment provider Stripe; and, when enabled, notification providers such as Twilio (SMS) and Postmark/Resend (email). Transfers occur under appropriate data protection agreements.

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Payment information is processed securely through our payment provider and is not stored on our servers.

6. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session and improve your experience on our platform. You can control cookie settings through your browser preferences.

7. International Transfers

Where providers transfer data outside the EU/EEA, such transfers rely on appropriate safeguards such as Standard Contractual Clauses and supplementary measures as required.

8. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this privacy policy, unless a longer retention period is required or permitted by law.

9. Your Rights

You have the right to access, correct, or delete your personal information. You may also object to or restrict certain processing of your data. To exercise these rights, please contact us.

10. Children's Privacy

Our service is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16.

11. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of any changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact

If you have any questions about this Privacy Policy, please contact us through our contact page.