Privacy Policy

Last updated: April 29, 2026

1. Who We Are

ChatOrder is operated by Devzenix Ltd, a company registered in England and Wales. We provide a WhatsApp-based ordering platform that enables businesses to take orders directly from their customers.

Data Controller: Devzenix Ltd
Email: privacy@chatorder.co.uk
Address: United Kingdom

2. What Data We Collect

For Business Owners (Merchants)

  • Name, email address, phone number
  • Business name, address, and contact details
  • Payment information (processed securely via Stripe — we never store card numbers)
  • Menu data, pricing, and business settings
  • Login credentials (passwords are hashed and never stored in plain text)

For Customers (End Users ordering via WhatsApp)

  • WhatsApp phone number
  • Name (if provided during conversation)
  • Delivery address (if ordering delivery)
  • Order history and preferences
  • Conversation logs with the AI ordering assistant

Automatically Collected

  • IP address and browser information (for the dashboard)
  • Usage analytics (pages visited, features used)
  • WhatsApp message metadata (timestamps, delivery status)

3. How We Use Your Data

  • To provide the service: Processing orders, managing menus, sending order confirmations and status updates via WhatsApp
  • To process payments: Facilitating card payments through Stripe (money goes directly to the business's bank account)
  • To improve AI ordering: Conversation data is used to improve the accuracy and quality of the AI assistant
  • To send notifications: Order updates, booking reminders, and delivery status via WhatsApp
  • To provide customer support: Responding to enquiries and resolving issues
  • To comply with legal obligations: Tax records, regulatory requirements

4. Lawful Basis for Processing (UK GDPR)

  • Contract performance: Processing orders, managing bookings, delivering services
  • Legitimate interest: Sending order updates, improving the service, fraud prevention
  • Consent: Marketing messages, reorder prompts (customers can opt out anytime)
  • Legal obligation: Tax records, regulatory compliance

5. WhatsApp & Meta Data

ChatOrder uses the WhatsApp Business Platform (Cloud API) provided by Meta Platforms, Inc. to send and receive messages. When customers interact with a business via WhatsApp:

  • Messages are transmitted through Meta's infrastructure
  • Meta may process message metadata in accordance with their privacy policy
  • We use WhatsApp only for order-related communications (ordering, confirmations, updates)
  • Marketing messages are only sent with explicit opt-in consent
  • Customers can opt out of marketing messages by replying STOP at any time

For more information on how Meta handles data: WhatsApp Privacy Policy

6. AI Processing

ChatOrder uses artificial intelligence (AI) to process customer orders through WhatsApp conversations. The AI:

  • Processes messages to understand order intent and extract product selections
  • Uses the business's menu data and knowledge base to provide accurate responses
  • Does not make autonomous decisions about pricing — all prices come from the business's menu
  • Conversation data may be sent to third-party AI providers (Anthropic, OpenAI, Google, or Groq) for processing
  • Businesses choose their preferred AI provider and can use their own API keys

We disclose that an AI assistant is handling the conversation. Customers can request to speak to a human at any time.

7. Who We Share Data With

  • The business you're ordering from: Your order details, phone number, and delivery address
  • Meta / WhatsApp: Message delivery infrastructure
  • Stripe: Payment processing (PCI-DSS compliant)
  • AI providers: Conversation processing (Anthropic, OpenAI, Google, or Groq — depending on business configuration)
  • Cloud hosting: Data stored on secure servers (AWS, Supabase, or similar)

We do NOT sell personal data to third parties. We do NOT share data with advertisers.

8. Data Retention

  • Order data: 6 years (UK tax/legal requirements)
  • Conversation logs: 24 months, then automatically deleted
  • Customer profiles: Until deletion is requested
  • Business account data: Until account is closed + 30 days
  • Marketing consent records: Duration of consent + 12 months after opt-out
  • Payment data: We NEVER store card numbers. Stripe handles all card data.

9. Your Rights (UK GDPR)

You have the right to:

  • Access: Request a copy of all data we hold about you
  • Rectification: Correct any inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Portability: Receive your data in a machine-readable format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw consent: For marketing messages, reply STOP on WhatsApp or email us

To exercise any of these rights, email privacy@chatorder.co.uk. We will respond within 1 month.

10. Data Security

  • All data is encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Passwords are hashed using bcrypt — never stored in plain text
  • API access is authenticated via JWT tokens
  • Payment data is handled exclusively by Stripe (PCI-DSS Level 1 compliant)
  • Each business's data is isolated from other businesses on the platform
  • Regular security reviews and dependency scanning

11. International Transfers

Some data may be processed outside the UK by our service providers (Meta, Stripe, AI providers, cloud hosting). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions.

12. Cookies

The ChatOrder dashboard uses essential cookies for authentication (JWT session tokens) and sidebar state. We do not use advertising cookies or third-party tracking cookies.

13. Children

ChatOrder is not directed at children under 16. We do not knowingly collect data from children. If you believe a child has provided us with personal data, please contact us immediately.

14. Changes to This Policy

We may update this privacy policy from time to time. We will notify registered users of significant changes via email. The "last updated" date at the top reflects the most recent revision.

15. Complaints

If you have concerns about how we handle your data, please contact us at privacy@chatorder.co.uk.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

Website: ico.org.uk/make-a-complaint
Phone: 0303 123 1113