Privacy
Policy

At EasyMenus, privacy is a fundamental right, not an afterthought. This policy explains what data we collect, how we use it, and the controls you have. We never sell your personal information to third parties.

We are equally committed to fee transparency. Any charge applied to a transaction: including the Service Fee added to Customer orders at checkout: is disclosed before payment is confirmed, not embedded in food prices or revealed after the fact.

By using EasyMenus you agree to the practices described here. If you have questions, our Privacy Team responds within 48 hours.

We collect only what is necessary to provide, operate, and improve our services. This includes data from both Business Users and Customers:

• Personal Information: Name, email address, phone number. For Business User accounts: business name, business contact details, and billing plan selection.
• Order & Transaction Data: Order history, items purchased, order totals, Service Fee amounts charged at checkout, payment method type, and delivery addresses. This data is necessary to process orders and administer billing under both the Subscription Plan and the Per Order Plan.
• Billing & Plan Data: Your chosen billing plan (Subscription or Per Order), subscription renewal dates, and payment status. We do not store complete card numbers; payment card data is handled exclusively by PayFast.
• Business User Payment Credentials: PayFast Merchant ID, Merchant Key, and Passphrase provided by Business Users to enable order payment processing. These are encrypted before storage. We do not store them in plain text and they are never accessible to EasyMenus staff in decrypted form.
• Device & Technical Information: IP address, browser type, operating system. Used to optimise performance and detect security threats.
• Location Data: GPS or approximate location, only with your permission. Used to help Customers find nearby stores and to apply delivery radius settings configured by Business Users.
• Usage Analytics: Pages visited, features used, QR code scan events. Helps us understand platform usage and improve features for all users.

We use your information responsibly for the following purposes:

• Order Processing: To receive, route, and facilitate the fulfillment of orders placed through the Platform, including transmitting order details to the relevant Business User.
• Billing & Fee Administration: To administer Business User billing under the Subscription Plan or Per Order Plan, and to apply and disclose the Service Fee to Customers at checkout.
• Payment Facilitation: To initiate PayFast payment requests on behalf of Business Users using their stored, encrypted PayFast credentials.
• Account Management: To create and maintain your account and provide customer support.
• Personalisation: To surface relevant stores and items based on your preferences and order history, where you have consented to this.
• Platform Improvement: To analyse usage patterns, identify issues, and improve features and performance.
• Security & Fraud Prevention: To detect and prevent unauthorised access, account fraud, and fraudulent transactions.
• Communication: Order confirmations, delivery status updates, billing notifications, and promotional offers (with your consent). You may opt out of marketing communications at any time.
• Legal Compliance: To comply with applicable South African laws, regulations, and enforceable government requests, including obligations under POPIA, the ECT Act, and the CPA.

You have full control over your personal information at any time:

• Access: Request a copy of all personal information we hold in a portable format.
• Update: Correct or update your personal details and account settings at any time.
• Delete: Request permanent deletion of your account and associated data, subject to legal retention requirements (for example, transaction records required for tax compliance).
• Opt Out of Marketing: Unsubscribe from promotional communications at any time. Essential service and billing notifications will continue regardless.
• Location Control: Manage location permissions through your device settings at any time.
• Data Portability: Request your data in machine-readable format to transfer to another service.
• Object to Processing: Object to specific uses of your data while continuing to use core Platform services.

We never sell your personal data. We only share information in the following limited and specific circumstances:

• With Business Users: When you place an order, we share necessary details (name, contact, delivery address, order contents) with the relevant Business User to fulfill your order. Guest Customer emails are shared for order communication purposes only.
• With PayFast: Order payment data is transmitted to PayFast to process card transactions. This includes transaction amount (inclusive of any applicable Service Fee), order reference, and Customer contact details required by PayFast. EasyMenus does not store complete card numbers; card data is handled entirely by PayFast under their own privacy and security obligations.
• Subscription Billing: Business User billing for the Subscription Plan or Per Order Plan is administered within the Platform. Relevant billing data may be shared with our payment processing infrastructure solely for the purpose of collecting plan fees. This is separate from the Customer order payment flow.
• Service Providers: Trusted partners for hosting, analytics, and support who are bound by strict confidentiality agreements and may not use your data for any purpose other than providing services to EasyMenus.
• Legal Requirements: When required by law, court order, or regulatory authority, or where necessary to protect the rights, property, or safety of EasyMenus, its users, or the public.

• Encryption in Transit: All data transmitted between your device and our servers is encrypted using industry-standard TLS/HTTPS protocols.
• Encrypted Storage: Sensitive data, including Business User PayFast credentials, is encrypted before being stored. Credentials are never stored in plain text and are inaccessible to EasyMenus staff in decrypted form.
• Access Controls: Strict role-based permissions ensure only authorised personnel and system processes can access specific categories of data.
• Regular Audits: We conduct periodic internal security reviews and apply patches and updates promptly to address identified vulnerabilities.
• Breach Notification: In the event of a confirmed data breach, we will notify affected users and the Information Regulator as required under POPIA, and take all reasonable steps to mitigate harm.

We only keep your data as long as necessary to provide our services and comply with legal obligations:

• Active Accounts: Retained while your account is active and for a reasonable period thereafter to support account recovery and dispute resolution.
• Transaction Records: Order history, billing records, and Service Fee data are retained for 7 years to comply with South African tax and financial record-keeping regulations.
• Support Interactions: Customer support logs retained for 2 years for quality assurance and dispute reference purposes.
• Deleted Accounts: Personal data is removed within 30 days of account deletion, except where legal retention obligations require us to keep specific records (such as transaction history for tax compliance).

• POPIA Compliant: We fully comply with South Africa's Protection of Personal Information Act, ensuring your data is processed lawfully, transparently, and with appropriate safeguards.
• International Standards: Our practices align with GDPR principles where applicable, particularly with respect to data minimisation, purpose limitation, and data subject rights.
• Lawful Basis for Processing: We process your data on legitimate legal grounds: consent, contractual necessity, legal obligation, or legitimate business interest, as appropriate in each context.
• Information Regulator: You have the right to lodge a complaint with the South African Information Regulator if you believe your privacy rights have been violated.
• Consumer Protection Act Alignment: All fees charged through the Platform, including the Service Fee applied to Customer orders at checkout, are disclosed before the Customer confirms payment, in alignment with the CPA's requirements for transparent pricing.

• Age Restriction: Users must be 18 or older to create an account on EasyMenus. We do not knowingly collect personal information from minors.
• Data Removal: If we discover that personal data has been collected from a minor without parental or guardian consent, we will take immediate steps to delete that data.
• Parent or Guardian Contact: If you believe your child has provided personal information to EasyMenus, please contact us immediately at privacy@easymenus.co.za.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business model.

• Notification: We will notify you via email or in-app notice when we make material changes to this Policy.
• Review Period: You will have at least 30 days to review significant changes before they take effect.
• Continued Use: Your continued use of EasyMenus after the effective date of an updated Policy constitutes your acceptance of the revised terms.
• Version Dating: The "Last Updated" date at the top of this page reflects the most recent revision. You can contact us to request previous versions.

Our Privacy Team responds to all requests within 48 hours.

• Email: privacy@easymenus.co.za
• Call or WhatsApp: +27 66 267 1723
• General: info@easymenus.co.za