Privacy and Polices

BiteBuddy
Last updated: Apr 6, 2026

1. Introduction

This Privacy Policy explains how BiteBuddy collects, uses, discloses, and protects personal information when you use our platform.

This Policy applies to BiteBuddy services made available through, or in connection with:

  • bitebuddy.ca and related BiteBuddy pages
  • order.bitebuddy.ca/store/[restaurant-slug] restaurant ordering pages
  • BiteBuddy customer account features
  • the BiteBuddy Restaurant Manager tablet application and related operator tools
  • support communications and service-related messages

The Services are operated by Whitespace Studio LLP, operating as BiteBuddy (“BiteBuddy,” “we,” “us,” or “our”), a business based in Richmond, British Columbia, Canada.

This Privacy Policy is intended to comply with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and substantially similar provincial legislation, including British Columbia’s Personal Information Protection Act (BC PIPA).

By using the Services, you acknowledge the practices described in this Privacy Policy.

2. How BiteBuddy Works

BiteBuddy provides a technology platform that helps customers place orders with participating restaurants.

2.1 BiteBuddy’s role

Depending on the context, BiteBuddy may act as:

  • the organization responsible for personal information collected through the platform;
  • a platform operator and service provider facilitating ordering, payments, communications, and support; and
  • a processor or service provider handling data on behalf of participating restaurants in certain operational contexts.

2.2 Restaurant role

Participating restaurants are independent businesses. They are responsible for their own food preparation, fulfillment, pricing, menu accuracy, food safety, and their own business practices.

When you place an order, the restaurant fulfilling the order receives the information it needs to prepare and complete that order.

2.3 Brand groups and related locations

Some participating restaurants may be connected as part of the same brand group. For example, this may include:

  • sister locations under the same restaurant brand;
  • related business locations operated by the same owner or group; or
  • participating locations in the same franchise or brand program.

Where we clearly indicate that locations are part of the same brand group, certain customer program information may be shared across those related locations, such as:

  • account or membership status;
  • loyalty points or rewards balances;
  • available offers or coupons;
  • order history within that brand group; and
  • marketing preferences for that brand group, where disclosed.

If restaurants are not part of the same disclosed brand group, we do not treat them as related locations for customer program sharing.

3. Scope

This Privacy Policy applies to personal information collected when you:

  • place an order through the BiteBuddy platform;
  • browse or interact with a participating restaurant’s online ordering page;
  • create or use a customer account;
  • join or use optional features such as loyalty, rewards, offers, coupons, or saved preferences;
  • receive transactional or marketing communications from us or from participating restaurants through the platform;
  • use the BiteBuddy Restaurant Manager tablet application as merchant staff; or
  • contact us for support.

This Privacy Policy does not apply to third-party websites, apps, or services that are not controlled by BiteBuddy, even if they are linked from our platform.

4. Features May Vary by Restaurant

Not every restaurant uses the same BiteBuddy features.

Depending on the restaurant, available features may include some or none of the following:

  • guest checkout;
  • customer accounts;
  • loyalty or rewards programs;
  • coupons, offers, or promotional pricing;
  • scheduled orders;
  • delivery or third-party delivery integrations;
  • email or SMS marketing sign-up; and
  • account features shared across related locations in the same brand group.

The features available to you may depend on the restaurant you are ordering from, the settings used by that restaurant, and whether that restaurant participates in a shared brand program.

5. Personal Information We Collect

We collect personal information that is reasonably necessary to operate, secure, and improve the Services.

5.1 Customer account and membership information

This may include:

  • name;
  • email address;
  • phone number;
  • encrypted or hashed authentication credentials;
  • account preferences;
  • membership or loyalty status;
  • marketing preferences; and
  • information you provide when creating or activating an account.

5.2 Order and transaction information

This may include:

  • items ordered;
  • modifiers, notes, and special instructions;
  • prices, taxes, tips, discounts, and totals;
  • order timestamps;
  • order status and fulfillment details;
  • order history;
  • coupon, offer, or loyalty redemption details; and
  • refund, cancellation, or chargeback-related records.

5.3 Contact and fulfillment information

This may include:

  • name;
  • email address;
  • phone number;
  • pickup details;
  • delivery address, if delivery is offered; and
  • any information you provide to help fulfill your order.

5.4 Payment information

Payments are processed by third-party payment processors such as Stripe.

We may receive and store limited payment-related information, such as:

  • transaction identifiers;
  • payment status;
  • refund identifiers; and
  • limited card details such as the card brand or last four digits, where provided by the payment processor.

We do not store full credit card numbers.

5.5 Technical and usage information

We may collect technical and usage information such as:

  • IP address or masked IP subnet information;
  • browser type;
  • device type and operating system;
  • app version;
  • log events;
  • page interactions;
  • crash and performance diagnostics; and
  • cookies or similar technologies used to operate and improve the Services.

5.6 Fraud prevention and security information

To protect customers, restaurants, and the platform, we may collect and generate information such as:

  • masked IP subnet data;
  • hashed device or browser identifiers;
  • user agent hashes;
  • fingerprint or device integrity signals;
  • challenge or verification status;
  • suspicious activity signals;
  • risk scoring results;
  • rate-limiting events; and
  • dispute or fraud investigation records.

Certain transactions may be subject to automated risk analysis. If elevated risk is detected, we may require additional verification, delay processing, or decline the transaction.

5.7 Merchant staff information

If you use the BiteBuddy Restaurant Manager tablet application or operator tools as restaurant staff, we may collect:

  • login information;
  • restaurant access scope;
  • device and app usage logs;
  • operational actions taken in the system; and
  • diagnostic, connectivity, and printer-related logs.

6. How We Collect Information

We collect personal information:

  • directly from you;
  • automatically when you use the Services;
  • from participating restaurants in connection with your order or support request;
  • from service providers such as payment processors, hosting providers, analytics tools, and messaging providers; and
  • from fraud prevention, verification, and security systems used to protect the platform.

If non-identifiable information is combined with personal information, we treat it as personal information.

7. How We Use Personal Information

We use personal information for the following purposes.

7.1 To provide the Services

We use information to:

  • operate the ordering platform;
  • create and manage customer accounts;
  • process and transmit orders;
  • enable restaurants to prepare and fulfill orders;
  • process payments, refunds, and related records;
  • provide customer support; and
  • maintain customer profiles, order history, and optional customer features.

7.2 To operate optional customer programs

Where offered by a restaurant or brand group, we may use personal information to:

  • manage loyalty or rewards participation;
  • apply or validate coupons, offers, and promotional eligibility;
  • track points balances, redemptions, or offer usage;
  • manage customer accounts across related locations within the same disclosed brand group; and
  • personalize the customer experience for that participating restaurant or disclosed brand group.

7.3 To communicate with you

We may use your information to send:

  • order confirmations;
  • receipts;
  • pickup or fulfillment updates;
  • support responses;
  • security or verification messages; and
  • marketing communications where consent has been obtained or another lawful basis applies.

7.4 To maintain security and reliability

We use personal information to:

  • prevent fraud and abuse;
  • detect suspicious transactions;
  • investigate payment disputes and chargebacks;
  • enforce platform rules;
  • protect restaurants, customers, and BiteBuddy systems; and
  • monitor and improve platform performance.

In the event of a chargeback or dispute, we may use order records, IP or device-related signals, timestamps, verification logs, and related records as evidence.

7.5 For legal and compliance purposes

We may use personal information to:

  • comply with legal obligations;
  • respond to lawful requests;
  • enforce our agreements;
  • maintain accounting and audit records; and
  • protect the rights, safety, and property of BiteBuddy, restaurants, customers, and others.

We do not use personal information for materially different purposes without notice and consent where required by applicable law.

8. Marketing Communications and Consent

Commercial electronic messages are sent only with valid consent or another lawful basis under applicable law, including Canada’s Anti-Spam Legislation (CASL).

8.1 Transactional vs. marketing communications

Some messages are service-related and not marketing messages, such as:

  • order confirmations;
  • receipts;
  • pickup or fulfillment updates;
  • refund or cancellation notices; and
  • security verification messages.

These messages may be sent as part of providing the Services.

8.2 Restaurant-specific marketing consent

Marketing consent may be collected and managed at the restaurant level or, where clearly disclosed, at the brand-group level.

This means:

  • you may choose to receive marketing from one restaurant but not another;
  • you may receive marketing from related locations under the same brand only where that shared program is disclosed; and
  • opting out from one restaurant or brand group may not automatically opt you out from every other restaurant on BiteBuddy unless the message or preference center says otherwise.

8.3 Unsubscribe

All marketing messages will include:

  • the sender’s identity;
  • contact information; and
  • a clear unsubscribe mechanism.

You may withdraw marketing consent at any time.

9. How We Share Personal Information

We share personal information only as reasonably necessary.

9.1 With the restaurant fulfilling your order

We share order details, customer contact information, fulfillment information, and related support information with the restaurant fulfilling your order.

9.2 With related locations in the same brand group

Where clearly disclosed, and only where relevant to the shared customer program, we may share limited personal information with related locations under the same brand group, such as:

  • account or membership status;
  • order history within that brand group;
  • loyalty or rewards balances;
  • offers or coupon eligibility; and
  • marketing preference status for that brand group.

We do not share customer data between unrelated restaurants for marketing without appropriate consent.

9.3 With service providers

We use service providers for services such as:

  • hosting and infrastructure;
  • payment processing;
  • cloud storage;
  • realtime data services;
  • messaging and email delivery;
  • analytics and diagnostics;
  • fraud prevention and security tooling; and
  • customer support and operational tools.

These service providers are required to safeguard personal information and may only use it for authorized purposes.

9.4 Legal requirements and protection

We may disclose personal information where required by law or where reasonably necessary to:

  • comply with legal obligations;
  • respond to lawful requests;
  • protect rights, safety, and security;
  • investigate fraud, abuse, or violations of our agreements; or
  • defend legal claims.

9.5 Business transfers

Personal information may be transferred as part of a merger, financing, acquisition, sale of assets, or similar transaction, subject to appropriate safeguards.

We do not sell personal information for monetary consideration.

10. International Transfers

Personal information may be stored or processed outside your province or outside Canada, including in the United States, by our service providers.

In such cases, information may be subject to the laws of those jurisdictions. We take reasonable steps to ensure appropriate protection consistent with Canadian privacy laws.

11. Retention

We retain personal information only as long as necessary for the purposes described in this Policy or as otherwise required or permitted by law.

Typical retention periods may include:

  • payment-related logs: up to 24 months;
  • security logs, including certain IP or device-related hashes: up to 12 months; and
  • fraud or dispute records: until dispute resolution and internal closure, and longer where needed for legal or risk purposes.

Some information may be retained longer where required for legal, accounting, tax, fraud prevention, contractual, or regulatory reasons.

When information is no longer required, it is securely deleted, anonymized, or de-identified where appropriate.

12. Security

We implement reasonable safeguards designed to protect personal information, including:

  • encryption in transit;
  • role-based access controls;
  • secure credential storage;
  • logging and monitoring;
  • environment and infrastructure controls; and
  • reasonable measures to reduce unauthorized access, misuse, and disclosure.

No system can be guaranteed to be completely secure.

13. Your Rights and Choices

Subject to applicable law, you may have the right to:

  • request access to your personal information;
  • request correction of inaccurate information;
  • request deletion, where legally permitted;
  • withdraw consent for certain uses, including marketing;
  • request information about how your information is used or shared; and
  • ask questions about shared brand-group programs where applicable.

We may need to verify your identity before responding. We may also retain certain information where required for legal, accounting, fraud prevention, dispute resolution, or compliance reasons.

Requests may be sent to: support@bitebuddy.ca

14. Cookies and Analytics

We use cookies and similar technologies to operate the Services and, where enabled, to improve performance, reliability, and user experience.

Some cookies are essential to the operation of the Services. Optional analytics tools may also be used. You may manage cookie settings through your browser where available.

15. Children’s Privacy

The Services are not intended for children under 13, and we do not knowingly collect personal information from children under 13.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be reflected by the “Last updated” date at the top of this page.

Where required by law, we will provide additional notice of material changes.

17. Contact Information

Whitespace Studio LLP
BiteBuddy
Richmond, British Columbia, Canada
Email: support@bitebuddy.ca

If concerns are not resolved, you may contact the Office of the Privacy Commissioner of Canada or the applicable provincial privacy authority.