Privacy Policy

Last Updated: January 2025

Important: This Privacy Policy explains how WhatSaaS Apps ("we", "us", "our") collects, uses, and protects information when you use our white-labeled food ordering platform services. By using our services, you agree to the terms outlined in this policy.

1. Introduction

WhatSaaS Apps provides a Software-as-a-Service (SaaS) platform that enables restaurants, cloud kitchens, and food businesses to operate their own white-labeled mobile applications for food ordering and delivery services.

This Privacy Policy applies to:

  • Restaurant owners and businesses using our platform
  • End customers ordering through restaurant apps
  • Delivery agents using our delivery app
  • Visitors to our website (www.whatsaas.app)

2. Information We Collect

2.1 Information from Restaurant Partners

  • Business information (name, address, GST number, business license)
  • Contact details (name, email, phone number)
  • Bank account information for payment settlements
  • Menu details, pricing, and food images
  • Order and transaction data

2.2 Information from Customers

  • Personal details (name, phone number, email address)
  • Delivery addresses and location data
  • Order history and preferences
  • Payment transaction details (excluding card/UPI details)
  • Device information (device type, OS version, app version)
  • Ratings and reviews

2.3 Information from Delivery Agents

  • Personal information (name, phone number, email)
  • Identity verification documents (Aadhaar, driving license)
  • Vehicle details
  • Real-time location data (during active deliveries only)
  • Delivery history and earnings data

2.4 Automatically Collected Information

  • IP address and browser type
  • Device identifiers and mobile network information
  • App usage analytics and crash reports
  • Location data (with user permission)
  • Cookies and similar tracking technologies

3. How We Use Your Information

Important Note: WhatSaaS provides only the technology platform (SaaS software). Restaurants using our platform are responsible for processing and fulfilling orders to their customers. We facilitate the technology that enables order management.

3.1 Technology Platform Services

  • Provide software platform for restaurants to receive and manage orders
  • Enable communication channels between customers, restaurants, and delivery agents
  • Facilitate real-time order tracking technology
  • Enable payment processing through integrated gateways and generate invoices
  • Send automated order confirmations and updates via SMS, email, and push notifications

Note: Actual order fulfillment, food preparation, and delivery are managed by the restaurant, not by WhatSaaS.

3.2 Platform Management

  • Maintain and improve our software platform
  • Provide technical support to restaurants and platform users
  • Detect and prevent fraud, security breaches, and system abuse
  • Generate analytics and business insights for restaurants using our platform
  • Ensure platform compliance with legal and regulatory obligations

3.3 Marketing Communications

  • Enable restaurants to send promotional offers to their own customers through the platform
  • Share platform updates and new features with restaurant partners
  • Send service-related announcements about the WhatSaaS platform

Note: You can opt-out of marketing communications at any time.

4. Data Ownership & Sharing

Important Clarification: Customer data collected through a restaurant's app belongs to that restaurant. WhatSaaS acts as a data processor, not a data owner. Each restaurant has access only to their own customer data.

4.1 We Share Data With:

  • Restaurant Partners: Customer order and contact information for their own customers
  • Payment Gateway Providers: Razorpay/Paytm for processing payments (they never receive complete card details)
  • SMS/Email Service Providers: For sending notifications and alerts
  • Push Notification Services: Firebase Cloud Messaging (FCM) and Apple Push Notification Service (APNS)
  • Cloud Hosting Providers: For secure data storage and server infrastructure
  • Google Maps API: For location services and navigation
  • Analytics Providers: Aggregated, anonymized data for performance analysis

4.2 We DO NOT:

  • Sell your personal data to third parties
  • Share customer data between different restaurants
  • Use restaurant customer data for WhatSaaS marketing without consent
  • Share data with advertisers

4.3 Legal Disclosure

We may disclose information when required by law, court order, or government authority, or to protect our rights, property, or safety.

5. Data Security

We implement industry-standard security measures to protect your information:

  • Encryption: SSL/TLS encryption for data in transit, encrypted storage for sensitive data
  • Access Controls: Role-based access restrictions, multi-factor authentication for admin accounts
  • Infrastructure Security: Secure cloud hosting with 99.9% uptime, daily automated backups
  • Payment Security: PCI-DSS compliant payment processing through certified gateways
  • Monitoring: 24/7 system monitoring and intrusion detection
  • Regular Audits: Periodic security assessments and vulnerability testing

6. Data Retention

  • Customer Data: Retained as long as the restaurant account is active
  • Order History: Retained for 7 years for tax compliance and legal requirements
  • Financial Records: Retained for 7 years as per Indian tax laws
  • Inactive Accounts: Data deleted after 3 years of inactivity (with prior notice)
  • Marketing Data: Deleted immediately upon opt-out request

7. Your Rights

You have the following rights regarding your personal data:

7.1 Right to Access

Request a copy of your personal data we hold

7.2 Right to Rectification

Update or correct inaccurate information

7.3 Right to Deletion

Request deletion of your data (subject to legal retention requirements)

7.4 Right to Data Portability

Export your data in a machine-readable format

7.5 Right to Object

Opt-out of marketing communications and data processing for marketing purposes

7.6 Right to Withdraw Consent

Withdraw consent for optional data processing at any time

To exercise your rights, contact us at: privacy@whatsaas.app or call +91 7069555282

8. Location Data Usage

8.1 Customer Location

  • Used only for accurate delivery address and order fulfillment
  • Stored as saved delivery addresses
  • Can be deleted by the user at any time
  • Not shared with third parties except for delivery purposes

8.2 Delivery Agent Location

  • Real-time tracking ONLY during active deliveries
  • Used for order assignment and route optimization
  • Tracking stops when agent goes offline
  • Visible to customers for order tracking purposes

9. Payment Information Security

Card/UPI Details Are NOT Stored by WhatSaaS: All payment card and UPI details are processed directly by PCI-DSS compliant payment gateways (Razorpay/Paytm). We never see or store complete card numbers or CVV codes.

We Store Only:

  • Transaction ID and status
  • Order amount and payment method type
  • Transaction timestamps for invoicing and reconciliation

10. Cookies & Tracking Technologies

We use cookies and similar technologies for:

  • Essential Cookies: Session management, authentication (cannot be disabled)
  • Analytics Cookies: Understanding app usage patterns, crash reporting
  • Preference Cookies: Remembering user settings and language preferences

You can control cookies through your browser settings, though disabling essential cookies may affect functionality.

11. Children's Privacy

Important: WhatSaaS provides technology platform to restaurants. The responsibility for children's privacy in end-customer interactions lies with the restaurant using our platform, not with WhatSaaS.

11.1 For Restaurant Partners

Our SaaS platform services are intended for business users (restaurant owners, managers) who must be 18 years or older.

11.2 For End Customers (Restaurant's Responsibility)

Restaurants using our platform are responsible for:

  • Ensuring compliance with children's privacy laws for their customers
  • Obtaining parental consent if they allow orders from minors
  • Setting age restrictions in their apps as per their policies
  • Handling any children's data in accordance with applicable laws

WhatSaaS does not directly interact with end customers and is not responsible for restaurants' compliance with children's privacy regulations.

12. Data Breach Response

In the unlikely event of a data breach:

  • Affected users will be notified within 72 hours of discovery
  • Relevant authorities will be informed as required by law
  • Immediate steps will be taken to contain and mitigate the breach
  • Transparent communication about the nature and extent of the breach
  • Guidance provided on protective measures users should take

13. Third-Party Services & Links

Our platform may contain links to third-party services (payment gateways, social media). We are not responsible for the privacy practices of these third parties. Please review their privacy policies separately.

14. International Data Transfers

Your data is primarily stored on servers located in India. If we use international cloud service providers, we ensure appropriate safeguards are in place to protect your data in compliance with Indian data protection laws.

15. Business Transfers

If WhatSaaS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice in the app before your information becomes subject to a different privacy policy.

16. Legal Compliance

This Privacy Policy complies with:

  • Information Technology Act, 2000
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Digital Personal Data Protection Act, 2023 (once enacted)
  • GST regulations for financial record keeping

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Significant changes will be communicated via:

  • Email notification to registered users
  • In-app notification
  • Prominent notice on our website

Continued use of our services after changes constitutes acceptance of the updated policy.

18. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

WhatSaaS Apps

Data Protection Contact:

📧 Email: privacy@whatsaas.app

📱 Phone: +91 7069555282

📍 Address: Prahladnagar, Ahmedabad, Gujarat, India

Response Time: We will respond to your privacy requests within 30 days.

Consent & Acknowledgment

By using WhatSaaS Apps services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your information as described herein.

For Restaurant Partners: By using our platform, you acknowledge your responsibility as a data controller for your customer data and agree to comply with applicable data protection laws in your use of customer information.