Privacy Policy

1. Introduction

Oberbit ("we," "our," or "us") operates a QR code-based restaurant ordering and payment system. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our services.

This policy applies to customers in the European Union, Singapore, United States, and other jurisdictions where our services are available.

2. Information We Collect

2.1 Information You Provide

• Order information (food items, quantities, special instructions)
• Contact information (name, phone number for order updates)
• Payment information (processed securely by our payment partners)
• Delivery address (for delivery orders)

2.2 Information Automatically Collected

• Device information (browser type, operating system)
• Usage data (pages visited, time spent, interactions)
• Location data (approximate location based on IP address)
• Cookies and similar tracking technologies

3. How We Use Your Information

• Service Delivery: Process orders, facilitate payments, provide customer support
• Communication: Send order confirmations, updates, and service notifications
• Improvement: Analyze usage patterns to enhance our services
• Legal Compliance: Meet regulatory requirements and respond to legal requests
• Security: Protect against fraud, abuse, and security threats

4. Legal Basis for Processing (EU Users)

Under GDPR, we process your personal data based on:

• Contract Performance: Processing orders and payments
• Legitimate Interest: Service improvement and fraud prevention
• Legal Obligation: Tax records and regulatory compliance
• Consent: Marketing communications (where applicable)

5. Information Sharing

We share your information only as necessary:

• Restaurants: Order details necessary for fulfillment
• Payment Processors: Secure payment processing (Stripe, Square, etc.)
• Service Providers: Analytics, hosting, customer support tools
• Legal Requirements: When required by law or to protect our rights

We do not sell or rent your personal information to third parties.

6. Data Security

We implement industry-standard security measures including:

• SSL/TLS encryption for data transmission
• Secure cloud hosting with access controls
• Payment data tokenization and PCI DSS compliance
• Regular security audits and monitoring

7. Data Retention

• Order Data: Retained for 7 years for tax and accounting purposes
• Payment Information: Tokenized data retained per payment processor policies
• Analytics Data: Aggregated and anonymized after 26 months
• Account Data: Until account deletion or as required by law

8. Your Rights

8.1 EU Users (GDPR Rights)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate information
• Erasure: Request deletion of your data
• Portability: Receive your data in a structured format
• Restriction: Limit processing of your data
• Objection: Object to processing based on legitimate interest

8.2 Singapore Users (PDPA Rights)

• Access: Request information about your personal data
• Correction: Request correction of inaccurate data
• Withdrawal: Withdraw consent for certain processing

8.3 US Users

• California Residents: CCPA rights including access, deletion, and opt-out
• All Users: Right to request information about data sharing

9. International Transfers

Your data may be transferred to and processed in countries outside your residence. For EU users, we ensure adequate protection through Standard Contractual Clauses or adequacy decisions. For Singapore users, we comply with PDPA transfer requirements.

10. Cookies and Tracking

We use essential cookies for service functionality and optional cookies for analytics. You can manage cookie preferences through your browser settings. For detailed information, see our Cookie Policy.

11. Children's Privacy

Our services are not directed to children under 16 (EU), 13 (US), or the applicable age in your jurisdiction. We do not knowingly collect personal information from children.

12. Updates to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or through our service. Continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights, contact us: