Privacy Policy

1. About This Policy

This Privacy Policy explains how EatApp ("we", "us", "our") collects, uses, discloses, and protects personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). It also addresses our obligations under the New Zealand Privacy Act 2020 for our New Zealand operations.

This policy applies to all EatApp services, including:

• Our website (eatapp.com.au) and any subdomains
• Restaurant websites we build and manage on behalf of clients
• Commission-free online ordering systems
• Restaurant reservation and booking systems
• AI-powered chatbot and phone answering services
• Email and SMS marketing campaigns
• Local SEO and Google Business Profile management services
• Google Ads campaign management
• Social media marketing and management
• Google Business Profile audit reports
• Partner and B2B services
• Any mobile applications associated with our platform

2. Information We Collect

We collect personal information in several contexts, depending on how you interact with EatApp.

Information from restaurant owners and business clients:

• Name, email address, phone number, and business name
• Business address and ABN/NZBN
• Payment and billing information (processed securely via third-party payment providers — we do not store credit card numbers)
• Login credentials for your EatApp account
• Communication history (emails, phone calls, support requests)
• Google Business Profile data and analytics (with your authorisation)
• Google Ads account data (with your authorisation)
• Social media account access (with your authorisation)
• Website analytics data

Information from restaurant customers (collected via our platform on behalf of restaurant clients):

• Name, email address, and phone number (when placing orders, making reservations, or submitting enquiries)
• Order history, preferences, and transaction data
• Reservation details (date, time, party size, special requests)
• Dietary and allergen preferences (when voluntarily provided)
• Delivery address (for delivery orders)
• Payment information (processed securely via Stripe or other PCI-compliant payment providers — we do not store credit card details)
• Chatbot conversation transcripts (when interacting with an EatApp AI chatbot on a restaurant website)
• Phone call interaction data (when handled by EatApp AI phone answering — see Section 9)
• IP address, browser type, device information, and general location data
• Cookies and usage data (see Section 8)

Information from website visitors:

• Information submitted through contact forms, audit request forms, or enquiry forms
• IP address, browser type, device information
• Pages visited, time on site, and referral source
• Cookies and tracking data (see Section 8)

3. How We Use Personal Information

We use personal information for the following purposes:

For restaurant owners and business clients:

• To provide, manage, and improve our services
• To build and maintain your restaurant website
• To operate your online ordering and reservation systems
• To manage your local SEO, Google Ads, and social media campaigns
• To configure and operate AI chatbot and AI phone answering services for your venue
• To send email and SMS marketing campaigns on your behalf to your customer database
• To generate Google Business Profile audit reports
• To communicate with you about your account, services, and billing
• To provide customer support
• To send you relevant updates about our services (you may opt out at any time)

For restaurant customers (on behalf of our restaurant clients):

• To process and fulfil online orders
• To manage reservations and bookings
• To respond to enquiries via AI chatbot or AI phone answering
• To send email and SMS marketing communications on behalf of the restaurant (with appropriate consent — see Section 6)
• To personalise offers and promotions based on order history and preferences
• To improve the restaurant's service and customer experience
• To generate anonymised, aggregated analytics for the restaurant owner

For website visitors:

• To respond to enquiries and audit requests
• To improve our website and user experience
• To analyse website traffic and marketing effectiveness

4. Data Ownership — Restaurant Customer Data

An important distinction: when restaurant customers interact with an EatApp-powered ordering system, reservation system, chatbot, or phone answering service, the personal information collected belongs to the restaurant. EatApp processes this data on behalf of the restaurant client.

Restaurant owners retain full ownership of their customer database. If a restaurant ends their relationship with EatApp, their customer data will be exported and provided to them (or deleted, at their request) within a reasonable timeframe.

EatApp will not sell, rent, or share restaurant customer data with third parties for marketing purposes. We will not use one restaurant's customer data to benefit another restaurant or any other business.

5. AI-Powered Services — Additional Privacy Information

EatApp provides AI-powered services that interact with personal information in specific ways:

AI Chatbot: Our AI chatbot operates on restaurant websites to answer customer enquiries, assist with reservations, and provide information. Chatbot conversations may be recorded and stored to improve service quality and for the restaurant owner's reference. Conversations are stored securely and are only accessible to the restaurant owner and authorised EatApp staff.

AI Phone Answering: Our AI phone answering service handles incoming calls to restaurants. Call interaction data (including the substance of the conversation, caller information provided, and booking details captured) is recorded and stored. This data is used to process reservations, route enquiries to the restaurant team, and improve service quality. Call data is stored securely and is only accessible to the restaurant owner and authorised EatApp staff.

AI Marketing Automation: Our email and SMS marketing tools use AI to optimise send times, personalise subject lines, and segment audiences based on customer behaviour. This processing is automated but operates within the boundaries of the data the restaurant customer has provided and the consent they have given.

Important: EatApp's AI tools do not make autonomous decisions that have legal or similarly significant effects on individuals. They assist with customer service, bookings, and marketing — always under the oversight of the restaurant owner and EatApp's team.

6. Consent and Marketing Communications

Email and SMS marketing sent on behalf of restaurants: Restaurant customers who provide their contact details when placing an order or making a reservation may receive marketing communications from that restaurant via EatApp's platform. These communications comply with the Australian Spam Act 2003 and the Telecommunications (Telemarketing and Research Calls) Industry Standard.

Every marketing email includes a clear unsubscribe link. Every marketing SMS includes opt-out instructions. Unsubscribe requests are processed promptly and customers will be removed from future campaigns.

EatApp's own communications: If you submit an enquiry, request an audit, or otherwise provide your contact details to EatApp directly, we may contact you about our services. You may opt out at any time by replying to any email or contacting us directly.

7. Disclosure of Personal Information

We may disclose personal information to:

• Payment processors (Stripe and other PCI-compliant providers) to process transactions
• Email and SMS service providers to deliver marketing campaigns on behalf of restaurants
• Google (Analytics, Ads, Search Console, Business Profile) for marketing and analytics purposes, with your authorisation
• Social media platforms (Facebook, Instagram) for advertising campaign management, with your authorisation
• Hosting providers (Vercel, cloud infrastructure) who store data securely on our behalf
• Professional advisors (accountants, lawyers) where necessary for business operations
• Law enforcement or regulatory bodies where required by law or to protect rights, safety, or property

We do not sell personal information to third parties.

We may disclose aggregated, de-identified data that does not identify any individual for analytics, industry reporting, or marketing purposes.

8. Cookies and Tracking

Our website and the restaurant websites we manage use cookies and similar technologies to:

• Remember your preferences and settings
• Analyse website traffic and user behaviour (via Google Analytics 4)
• Measure the effectiveness of advertising campaigns
• Provide personalised content and offers

Types of cookies we use:

• Essential cookies — required for the website and ordering system to function
• Analytics cookies — help us understand how visitors use the site (Google Analytics)
• Marketing cookies — used to track advertising effectiveness and deliver relevant ads (Google Ads, Facebook Pixel)

You can control cookies through your browser settings. Disabling certain cookies may affect the functionality of the website or ordering system.

9. Data Security

We take reasonable steps to protect personal information from misuse, loss, unauthorised access, modification, and disclosure. Our security measures include:

• Secure HTTPS encryption on all websites and ordering platforms
• PCI-compliant payment processing (we never store credit card numbers)
• Access controls limiting who can view personal information
• Regular security reviews of our systems and third-party providers
• Secure storage of AI chatbot conversation logs and phone answering interaction data

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of personal information.

10. Data Retention

We retain personal information for as long as necessary to provide our services and fulfil the purposes described in this policy. Specifically:

• Restaurant client data: Retained for the duration of the client relationship and for a reasonable period afterward (typically 12 months) to allow for re-engagement or data export requests
• Restaurant customer data: Retained on behalf of the restaurant client for as long as the restaurant maintains their EatApp account. When a restaurant ends their relationship with EatApp, customer data is exported to the restaurant and/or deleted within 90 days
• Enquiry and audit request data: Retained for up to 24 months
• AI chatbot conversation logs: Retained for up to 12 months, unless the restaurant owner requests earlier deletion
• AI phone answering interaction data: Retained for up to 12 months, unless the restaurant owner requests earlier deletion
• Website analytics data: Retained in accordance with Google Analytics data retention settings (typically 14 months)

11. Your Rights

Under the Australian Privacy Principles, you have the right to:

• Access the personal information we hold about you
• Correct personal information that is inaccurate, incomplete, or out of date
• Request deletion of personal information (subject to legal and contractual obligations)
• Opt out of marketing communications at any time
• Complain about how we handle your personal information

For New Zealand residents, equivalent rights exist under the New Zealand Privacy Act 2020, including the right to access and correct personal information.

To exercise any of these rights, contact us at fenwick@eatapp.com.au or 0405 250 201.

If you are a restaurant customer and wish to access, correct, or delete the personal information a restaurant holds about you through our platform, please contact the restaurant directly in the first instance. You may also contact EatApp and we will assist in facilitating your request.

12. Third-Party Links

Our website and the restaurant websites we manage may contain links to third-party websites (e.g., Google Maps, social media platforms, review sites). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party website you visit.

13. Children's Privacy

Our services are not directed at children under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected information from a child under 16, we will take steps to delete it promptly.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or business practices. When we make significant changes, we will update the "Last updated" date at the top of this page.

We encourage you to review this policy periodically.

15. How to Contact Us

If you have questions about this Privacy Policy, wish to exercise your privacy rights, or want to make a complaint about how we handle personal information, please contact us:

Email: fenwick@eatapp.com.au Phone: 0405 250 201 Website: eatapp.com.au/contact/

If you are not satisfied with our response to a privacy complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au or, for New Zealand residents, the Office of the Privacy Commissioner at privacy.org.nz.

16. Mobile Application Privacy

If you use an EatApp-powered mobile application (for online ordering or restaurant management), the following additional information applies:

Data collected via mobile apps:

• Device type, operating system, and app version
• Push notification tokens (if you enable push notifications)
• Location data (only if you explicitly grant permission — used to show nearby restaurants or estimate delivery times)
• Order history and preferences
• Crash logs and performance data (anonymised)

Push notifications: You may receive push notifications about order status, promotions, or restaurant updates. You can disable push notifications through your device settings at any time.

Location data: We only collect location data if you grant explicit permission through your device's settings. Location data is used solely to provide location-relevant services (e.g., finding nearby restaurants, estimating delivery times). You can revoke location permissions at any time through your device settings.

App permissions: Our mobile applications may request access to camera (for QR code scanning), storage (for caching), and notifications. Each permission is requested for a specific, stated purpose, and you can manage permissions through your device settings.