Privacy Policy

1. Introduction

goDishy (“goDishy,” “we,” “us,” or “our”), operated by Germán Andrés López Frezza ([email protected]), is committed to protecting the privacy of all individuals who interact with our platform — whether as restaurant owners, staff, or guests.

This Privacy Policy describes how we collect, use, store, share, and protect personal data in connection with the goDishy platform and services. It applies to all users of goDishy, including restaurant owners, staff members, and guests who access digital menus via QR code.

This policy is designed to comply with the Argentine Personal Data Protection Law (Ley 25.326), the European Union General Data Protection Regulation (GDPR), and the California Consumer Privacy Act (CCPA) where applicable.

2. Data Controller

• Data Controller: Germán Andrés López Frezza
• Platform: goDishy
• Contact: [email protected]
• Country: Argentina

3. Data We Collect

3.1 Restaurant Owners and Staff

When you register and use goDishy as a restaurant owner or staff member, we collect:

• Account information: name, email address, phone number, and password (hashed);
• Business information: restaurant name, address, branch details, and operational configuration;
• Subscription and billing information: processed by Lemon Squeezy — we receive subscription status and plan details, but not full payment card data;
• Menu content: items, descriptions, prices, categories, and images you upload;
• Operational data: order history, staff assignments, table configurations, and automation rules;
• Usage data: feature usage, session activity, and platform interactions;
• Device and technical data: IP address, browser type, operating system, and device identifiers.

3.2 Guests (QR Menu Users)

When you access a goDishy digital menu as a restaurant guest, we collect:

• Order data: items ordered, quantities, and special requests;
• Session data: table identifier, session ID, and order timestamps;
• Device data: IP address and browser/device type (collected automatically);
• Phone number: only if the restaurant sends you an ordering link via WhatsApp — this number is provided by the restaurant, not by you directly to goDishy.

We do not require guests to create an account or provide their name, email, or other identifying information to use the platform.

3.3 Data We Do Not Collect

goDishy does not collect sensitive personal data such as health records, financial account credentials, government identification numbers, or biometric data.

4. How We Use Your Data

We use the data we collect for the following purposes:

• Providing and operating the Service: processing orders, managing menus, enabling kitchen communication, and delivering platform features;
• Account management: creating and managing accounts, authenticating users, and managing subscriptions;
• Communications: sending order notifications, push notifications (with your consent), transactional emails, and service updates;
• Customer support: responding to inquiries and resolving issues;
• Analytics and improvement: understanding how the platform is used, identifying bugs, and improving features;
• AI feature development: using anonymized, aggregated data to improve AI assistant performance and platform intelligence — no individual user is identified in this process;
• Legal compliance: fulfilling legal obligations, responding to legal requests, and enforcing our Terms of Service;
• Fraud prevention: detecting and preventing unauthorized access or abusive behavior.

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area, our processing of personal data is based on the following legal grounds:

• Performance of a contract: processing necessary to deliver the Service to restaurant owners and staff;
• Legitimate interests: analytics, fraud prevention, and platform improvement, where these interests are not overridden by your rights;
• Consent: push notifications and marketing communications (where applicable);
• Legal obligation: compliance with applicable laws and regulations.

6. Data Sharing and Third Parties

We do not sell personal data. We share data only with the following categories of trusted third-party service providers, and only to the extent necessary to provide the Service:

• Paddle: payment processing and subscription management. Acts as Merchant of Record. Subject to its own privacy policy.
• Google Firebase: authentication services and push notification delivery (Firebase Cloud Messaging). Subject to Google's privacy policy.
• MongoDB (MongoDB Atlas): cloud database hosting for platform data.
• WhatsApp (Meta): delivery of ordering links on behalf of restaurants, when enabled by the restaurant operator. goDishy transmits messages through this channel but does not control Meta's data practices.
• Anthropic: AI chat assistant functionality for the Intelligence Plan. Message content may be processed by Anthropic to generate responses. Subject to Anthropic's usage policies.
• Cloudflare / hosting infrastructure: server infrastructure and content delivery.

We require all service providers to maintain appropriate data protection standards. We do not transfer personal data to countries that do not offer adequate protection without appropriate safeguards.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this policy:

• Active account data: retained for the duration of your subscription and for 30 days after termination, after which it is permanently deleted upon request or automatically purged;
• Order and session data: retained for up to 12 months for operational and analytics purposes;
• Billing records: retained as required by applicable tax and financial regulations;
• Anonymized data: may be retained indefinitely, as it does not identify individuals.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access: request a copy of the personal data we hold about you;
• Right to rectification: request correction of inaccurate or incomplete data;
• Right to erasure (“right to be forgotten”): request deletion of your personal data, subject to legal retention obligations;
• Right to restriction: request that we limit how we process your data;
• Right to data portability: receive your data in a structured, machine-readable format;
• Right to object: object to processing based on legitimate interests;
• Right to withdraw consent: withdraw consent for communications or notifications at any time.

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days. If you are located in the EU, you also have the right to lodge a complaint with your local data protection authority.

9. Cookies and Tracking

goDishy may use cookies and similar tracking technologies to maintain session state, improve performance, and collect usage analytics. You may control cookie behavior through your browser settings. Disabling certain cookies may affect platform functionality.

10. Children’s Privacy

The goDishy restaurant owner and staff platform is intended for users aged 18 and over. We do not knowingly collect personal data from individuals under 18 in the context of account registration.

Restaurant guests, including minors accompanying adults at restaurants, may interact with the digital menu interface. In such cases, we collect only the minimum data necessary to process the order (order details and table identifier), with no account creation required.

11. Data Security

We implement commercially reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. These measures include encrypted data transmission (HTTPS/TLS), hashed passwords, authenticated API access, and access controls.

No system is completely secure. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by applicable law.

12. International Data Transfers

goDishy is operated from Argentina, which has been recognized by the European Commission as providing adequate data protection. When data is transferred to or processed by third-party providers in other jurisdictions, we ensure appropriate safeguards are in place, such as standard contractual clauses or the provider's own adequacy mechanisms.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify users of material changes by email or via platform notice at least 14 days before the changes take effect. The current effective date is always displayed at the top of this document.

14. Contact and Data Requests

For any privacy-related questions, data access requests, or to exercise your rights, please contact:

goDishy — Germán Andrés López Frezza
Email: [email protected]

© 2026 Germán Andrés López Frezza — goDishy. All rights reserved.