Privacy Policy

1. Information We Collect

We collect information you provide directly (name, email, business details) and information generated by your use of the platform (order data, menu content, store configuration). End-customer data (names, addresses, order history) is processed on behalf of the store owner.

2. How We Use Your Information

We use the information to provide and improve the Orderoo platform, process payments, send service-related communications, and comply with legal obligations. We do not sell your data or your customers' data to third parties.

3. Data Storage and Security

Data is stored on Supabase (PostgreSQL) hosted in the EU (Frankfurt, Germany). We apply industry-standard encryption in transit (TLS) and at rest. Access is restricted to authorised personnel only.

4. Third-Party Services

The platform integrates with Stripe (payments), Resend (transactional email), Google OAuth (authentication), and Supabase (database and storage). Each provider operates under their own privacy policy and is subject to GDPR where applicable. Data Processing Agreements are in place with all sub-processors.

5. Cookies

We use strictly necessary session cookies for authentication and CSRF protection. No advertising or tracking cookies are used by Orderoo directly. For full details see our Cookie Policy.

6. Your Rights (GDPR)

If you are in the EEA you have the right to access, correct, or delete your personal data, to restrict processing, and to data portability. To exercise these rights contact us at privacy@orderoo.gr. We will respond within 30 days.

7. Data Retention

We retain account data for as long as your subscription is active, plus 30 days after termination. Order records may be retained for up to 5 years for legal and accounting purposes as required by Greek tax law.

8. Contact & Data Controller

Data controller: Δημήτριος Χρηστάκης (Hexaigon Solutions), ΑΦΜ 167755989, Λεωφόρος Κυπρίων Ηρώων 3, 163 41 Ηλιούπολη, Αθήνα.
Contact: privacy@orderoo.gr