Noqta
Existing sign inGet started

Legal

Privacy Policy

Version 2026-05-draft-1 · Effective 4 May 2026

1. Plain summary

When you order at a restaurant that uses Noqta, the restaurant collects your phone number, your name (if you give it), and what you ordered. The restaurant uses that to run loyalty and to remember you next time. Noqta is the software the restaurant uses; we store the data on the restaurant's behalf. The restaurant decides what to do with it. You can ask the restaurant to delete your data at any time, and they have to honor that.

This page explains the details.

2. Who controls your data

The venue you ordered at is the data controller. They decide what to collect, how long to keep it, and what to do with it.

Noqta is the data processor. We provide the software the venue uses, and we store the data on our servers (Supabase, hosted in the EU). We don't sell your data. We don't use it to advertise to you. We process it only on the venue's instructions.

If you want to exercise data rights — see your data, correct it, delete it, export it — contact the venue first. Their contact details are in the receipt you got and in the menu footer. If they don't respond within 30 days, you can contact us at privacy@noqtaplatform.com and we will act on your request on the venue's behalf.

3. What we collect

When you place an order:

  • Phone number (required) — used to identify your loyalty record and contact you about the order.
  • Name (optional) — if you provide it, the venue uses it to greet you on return visits and on receipts.
  • Order details — items, prices, table, delivery address (if delivery).
  • Optional profile fields — age range, gender, city — if you fill in the loyalty profile form. These are explicitly optional. The venue uses them for aggregate analytics.

When you visit a Noqta-powered website:

  • Cookies — minimal session cookies to remember your cart on the menu, plus a "remembered" cookie if you accepted the cookie banner. Details on /legal/cookies.
  • IP and user-agent — captured automatically by our hosting provider for security and abuse prevention. Not used for advertising.

When operators use the platform:

  • Email and login — used to authenticate.
  • Audit data — what you did, when, from which IP — captured for security and dispute resolution.

4. Why we collect it

  • To run the order — get it to the kitchen, get it to your table, calculate the bill.
  • To remember loyalty — points balance, return-customer recognition, redemption history.
  • To run the venue's business — daily reporting, end-of-day reconciliation.
  • To keep the platform secure — abuse detection, audit trails.

We do not collect data to:

  • Build a profile of you across venues.
  • Sell to third parties.
  • Run advertising — Noqta does not show ads.

5. How long we keep it

The venue decides. Default: indefinite. Most venues retain for at least 24 months for loyalty purposes. Order history older than 12 months is auto-archived in our system but remains visible to the venue.

You can ask the venue to delete your data at any time.

6. Who we share it with

  • The venue — they're the controller; they see all data they collect.
  • Our infrastructure providers — Supabase (database, hosted in EU), Vercel (web hosting). Both are GDPR-compliant data processors. Both contractually agree not to access or sell our data.
  • Nobody else. We do not share data with advertisers, analytics resellers, or social-network trackers.

7. Where it's stored

Our database lives in Supabase's EU region. Server-side code runs on Vercel infrastructure (typically EU/North America). Backups are encrypted at rest.

8. Your rights

You have the right to:

  • Know what data the venue holds about you.
  • Get a copy of it.
  • Correct it.
  • Delete it.
  • Object to specific uses.

Contact the venue first. If they don't respond in 30 days, contact us.

9. Children

Noqta is not directed at children under 13. We don't knowingly collect data from them. If a venue uses Noqta in a context where children may be ordering (a school cafeteria, an arcade), the venue is responsible for setting age-appropriate practices.

10. Changes

If we update this policy materially, we'll publish the new version under /legal/privacy and the version bump will be visible in the footer of this page. Continued use after a published change means you accept the updated terms.

11. Contact

privacy@noqtaplatform.com — for any privacy-related question.

hello@noqtaplatform.com — for general support.

Built by AtharCo, a Ramallah-based team. We answer email and WhatsApp same-day, in Arabic or English.