Legal

Privacy Policy

Last updated: 1 July 2026

Your privacy matters. This policy explains what data EatRoot collects, why, and the choices and rights you have.

1. Introduction

This Privacy Policy explains how EatRoot ("we", "us") collects, uses and protects personal data when you use our platform, websites and apps, or when you order from a restaurant that uses EatRoot.

For restaurants, EatRoot acts as a data processor for guest data you collect, and as a data controller for your own merchant account data. See our GDPR page for more on these roles.

2. Information we collect

Account data: name, business name, email, phone and login details.

Order and booking data: items, times, amounts, delivery or table details, and preferences.

Payment data: processed by our payment providers; we store only limited details such as card type and last four digits.

Usage data: device, browser, IP address, pages viewed and actions taken, collected via cookies and similar tools.

Communications: messages, support requests and call records where you use the AI phone.

3. How we use information

We use personal data to provide and operate the Service, process orders and payments, answer calls and bookings, prevent fraud and abuse, provide support, send service and marketing communications where permitted, and improve and secure the Service.

4. Legal bases

Where required, we rely on: performance of a contract (to provide the Service), legitimate interests (to run and secure our business), consent (for certain marketing and cookies), and legal obligation (for tax and compliance).

5. How we share information

We share personal data with service providers who help us run the Service (such as hosting, payments, delivery and analytics), with restaurants for orders placed with them, and where required by law or to protect rights and safety. We do not sell your personal data.

6. Cookies and tracking

We use cookies and similar technologies for essential functions, analytics, functionality and, with consent, marketing. See our Cookie Policy for details and how to manage your choices.

7. Data retention

We keep personal data for as long as needed to provide the Service and to meet legal, tax and accounting obligations. When data is no longer needed, we delete or anonymise it. Merchants can export data before closing an account.

8. Security

We use technical and organisational measures — including encryption in transit, access controls and monitoring — to protect personal data. No system is completely secure, but we work to reduce risk and respond quickly to incidents.

9. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict or object to processing, and to data portability. You can also withdraw consent and lodge a complaint with a supervisory authority. To exercise your rights, email privacy@eatroot.com.

10. International transfers

We may process data in countries other than your own. Where we transfer personal data internationally, we use appropriate safeguards such as Standard Contractual Clauses.

11. Children

The Service is intended for businesses and adults. We do not knowingly collect personal data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Changes and contact

We may update this policy from time to time and will post the new version with an updated date. For any privacy question or request, email privacy@eatroot.com.

Questions about this policy? Email legal@eatroot.com or reach us via the contact page.