Privacy and Polices

Last updated: 3 March 2026

1. Introduction

This Privacy Policy explains how BiteBuddy collects, uses, discloses, and protects personal information when you use:

  • The BiteBuddy web ordering platform, and
  • The BiteBuddy Restaurant Manager tablet application

(collectively, the “Services”).

The Services are operated by Whitespace Studio LLP (“BiteBuddy,” “we,” “us,” or “our”), a company registered in Richmond, British Columbia, Canada.

This Privacy Policy is intended to comply with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial legislation, including British Columbia’s Personal Information Protection Act (BC PIPA).

By using the Services, you consent to the collection, use, and disclosure of your personal information as described in this Privacy Policy.

2. Our Role

BiteBuddy provides a technology platform that connects customers with participating restaurants.

Depending on the context:

  • BiteBuddy acts as an organization responsible for personal information under PIPEDA.
  • For order transmission and platform operations, BiteBuddy acts as a service provider facilitating communication between customers and restaurants.
  • Participating restaurants act as independent organizations and are responsible for how they use customer information for order fulfillment and their own business purposes.

Each restaurant may have its own privacy practices. We are not responsible for a restaurant’s independent processing of personal information beyond the scope of the platform.

3. Scope

This Privacy Policy applies to personal information collected when you:

  • Place an order through the web ordering platform
  • Create or use a customer account
  • Use the Restaurant Manager tablet app (merchant staff only)
  • Contact us for support

This Privacy Policy does not apply to third-party websites or services linked from the platform.

4. Personal Information We Collect

We collect only information necessary to operate and improve the Services.

4.1 Customer Account Information

  • Name
  • Email address
  • Encrypted or hashed authentication credentials
  • Account preferences

4.2 Order and Transaction Information

  • Items ordered
  • Prices, taxes, tips, and totals
  • Order timestamps
  • Order history

4.3 Contact and Fulfillment Information

  • Name
  • Email address
  • Phone number
  • Delivery address (if applicable)
  • Special instructions provided by you

4.4 Payment Information

  • Transaction identifiers
  • Payment status
  • Limited card details (e.g., last four digits), where provided by the payment processor

We do not store full credit card numbers. Payments are processed by a third-party provider (e.g., Stripe) in accordance with PCI-DSS standards.

4.5 Technical and Usage Information

  • IP address
  • Device type and operating system
  • App version
  • Log events
  • Crash and performance diagnostics

4.6 Fraud Prevention and Security Signals

To protect the platform and merchants, we may collect:

  • Masked IP subnet data
  • Hashed device/browser identifiers
  • Security verification metadata
  • Risk scoring results
  • Payment dispute and fraud investigation records

Certain transactions may be subject to automated risk analysis. If elevated risk is detected, additional verification steps may be required or the transaction may be declined.

5. How We Collect Information

We collect personal information:

  • Directly from you
  • Automatically through use of the Services
  • From service providers such as payment processors

If non-identifiable data is combined with personal information, it is treated as personal information.

6. How We Use Personal Information

We use personal information to:

6.1 Provide the Services

  • Process and transmit orders
  • Enable restaurants to fulfill orders
  • Process payments
  • Provide customer support

6.2 Maintain Security and Reliability

  • Prevent fraud and abuse
  • Detect suspicious transactions
  • Investigate payment disputes and chargebacks
  • Monitor system performance

In the event of a chargeback or dispute, we may use order records, IP data, device signals, and verification logs as evidence.

6.3 Communications

  • Send transactional emails (order confirmations, receipts)
  • Send marketing communications where consent has been obtained

6.4 Legal Compliance

  • Comply with legal obligations
  • Respond to lawful requests

We do not use personal information for materially different purposes without notice and consent where required.

7. Marketing and CASL Compliance

Commercial electronic messages are sent only with valid consent or another lawful basis under Canada’s Anti-Spam Legislation (CASL).

All marketing messages include:

  • Our business identity
  • Contact information
  • A clear unsubscribe mechanism

You may withdraw consent at any time.

8. How We Share Personal Information

We share personal information only as necessary.

8.1 With Restaurants

We share order details and contact information with the restaurant fulfilling your order.

We do not share customer data between unrelated restaurants for marketing without explicit consent.

8.2 With Service Providers

We use service providers for:

  • Hosting and infrastructure
  • Payment processing
  • Realtime data services
  • Error monitoring

These providers are contractually required to safeguard personal information.

8.3 Legal Requirements

We may disclose information where required by law or to protect rights and safety.

8.4 Business Transfers

Personal information may be transferred in connection with mergers or asset sales, subject to appropriate safeguards.

We do not sell personal information for monetary consideration.

9. International Transfers

Personal information may be stored or processed outside your province or outside Canada, including in the United States, by our service providers.

In such cases, information may be subject to the laws of those jurisdictions. We take reasonable steps to ensure appropriate protection consistent with Canadian privacy laws.

10. Retention

We retain personal information only as long as necessary.

Standard Retention Periods

  • Payment-related logs: up to 24 months
  • Security logs (IP/device hashes): up to 12 months
  • Fraud/dispute records: retained until dispute resolution and internal closure

Certain data may be retained longer where required for legal, accounting, fraud prevention, or regulatory purposes.

When no longer required, information is securely deleted or anonymized.

11. Security

We implement reasonable safeguards including:

  • Encryption in transit (TLS)
  • Role-based access controls
  • Secure credential storage
  • Monitoring for unauthorized access

No system is completely secure.

12. Your Rights

Subject to applicable law, you may:

  • Request access to your personal information
  • Request correction of inaccuracies
  • Request deletion, where legally permissible
  • Withdraw consent for certain uses

We may retain certain information where required for legal, accounting, fraud prevention, or dispute resolution purposes.

Requests may be submitted to: support@bitebuddy.ca

We may verify your identity before responding and aim to respond within 30 days.

13. Cookies and Analytics

We use essential cookies to operate the Services and optional analytics tools to improve user experience.

You may manage cookies through your browser settings.

14. Children’s Privacy

The Services are not intended for children under 13. We do not knowingly collect personal information from children under 13.

15. Changes to This Policy

We may update this Privacy Policy periodically. Updates will be reflected by the “Last updated” date.

16. Contact Information

Whitespace Studio LLP
BiteBuddy
Richmond, British Columbia, Canada
Email: support@bitebuddy.ca

If concerns are not resolved, you may contact the Office of the Privacy Commissioner of Canada or your provincial privacy authority.