Privacy Policy

1. Introduction

ODEX ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website, mobile application, and related services (collectively, the "Platform"). By using ODEX, you consent to the practices described in this Privacy Policy.

This Privacy Policy is governed by the laws of the Republic of Senegal, including the Loi n° 2008-09 du 25 janvier 2008 on the protection of personal data, and the Loi n° 2008-12 du 25 janvier 2008 on cybercrime and data protection.

2. Information We Collect

We collect different types of information depending on how you use the Platform:

2.1 Information You Provide to Us

• Account information: Name, email address, phone number, password, and business details (for restaurant owners).
• Restaurant information: Restaurant name, address, cuisine type, NINEA number, logo, banner images, and menu details.
• Order information: Items ordered, quantities, special instructions, table number, and delivery address.
• Payment information: We do not store credit card details or mobile money PINs. Payments are processed by third-party providers (Wave Mobile Money). We may store transaction references and payment confirmation status.
• Communications: Messages, feedback, or support requests you send to us.

2.2 Information We Collect Automatically

• Device information: Device type, operating system, browser type, and IP address.
• Usage data: Pages visited, features used, time spent on the Platform, and interactions with menu items.
• Location data: If you grant permission, we may collect your approximate location to show nearby restaurants. You can disable location services at any time in your device settings.
• Cookies and similar technologies: We use cookies to remember your preferences, authenticate your session, and analyze Platform usage.

2.3 Information from Third Parties

We may receive information from third-party services you use to log in (such as Google or Facebook), including your name, email, and profile picture. This is subject to your privacy settings on those platforms.

3. How We Use Your Information

We use your information for the following purposes:

• To provide our services: Process orders, manage menus, generate QR codes, and facilitate restaurant management.
• To communicate with you: Send order confirmations, status updates, account notifications, and respond to your inquiries.
• To improve our Platform: Analyze usage patterns, troubleshoot issues, and develop new features.
• To ensure security: Detect and prevent fraud, unauthorized access, and other security risks.
• For legal compliance: Comply with applicable laws, regulations, and legal processes.
• For marketing (with consent): Send promotional materials, newsletters, and offers. You can opt out at any time.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• With restaurants: When you place an order, we share your order details, name, phone number, and table/delivery information with the restaurant to fulfill your order.
• With service providers: We use third-party providers for payment processing (Wave), hosting (Supabase), analytics, and email delivery. These providers are contractually bound to protect your data.
• For legal reasons: We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.

5. Data Storage and Security

We store your data on secure servers provided by Supabase (hosted in the cloud). We implement industry-standard security measures including:

• Encryption of data in transit (HTTPS/TLS).
• Row Level Security (RLS) policies on our database to ensure data isolation.
• Secure authentication using JWT tokens.
• Regular security audits and monitoring.

While we take reasonable precautions, no internet transmission is completely secure. We cannot guarantee absolute security of your data.

6. Data Retention

We retain your personal information for as long as necessary to fulfill the purposes for which it was collected, or as required by law:

• Account data: Retained while your account is active. Deleted within 30 days of account closure, unless legal requirements dictate otherwise.
• Order data: Retained for 3 years for tax, accounting, and legal purposes.
• Payment records: Retained for 5 years in accordance with Senegalese financial regulations.
• Log and analytics data: Retained for up to 12 months.

7. Your Rights

Under Senegalese law and applicable regulations, you have the following rights regarding your personal data:

• Right to access: You can request a copy of the personal information we hold about you.
• Right to rectification: You can request corrections to inaccurate or incomplete information.
• Right to deletion: You can request deletion of your personal data, subject to legal retention requirements.
• Right to restriction: You can request that we limit processing of your data in certain circumstances.
• Right to portability: You can request your data in a structured, machine-readable format.
• Right to object: You can object to processing for direct marketing purposes.
• Right to withdraw consent: Where processing is based on consent, you can withdraw it at any time.

To exercise these rights, please contact us using the information in Section 10. We will respond within 30 days of receiving your request.

8. Cookies and Tracking

We use cookies and similar technologies to:

• Keep you logged in to your account.
• Remember your language preference.
• Understand how you use our Platform.
• Improve our services and user experience.

You can control cookies through your browser settings. However, disabling cookies may affect your ability to use certain features of the Platform.

9. Children's Privacy

ODEX is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us and we will promptly delete such information.

10. International Data Transfers

Our service providers (such as Supabase) may process data outside of Senegal. By using ODEX, you consent to the transfer of your information to countries that may have different data protection laws. We ensure that such transfers are protected by appropriate safeguards, such as standard contractual clauses.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on the Platform and updating the "Last updated" date. We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Protection Officer: