سياسة الخصوصية

This Privacy Notice for DineTalk ("we," "us," or "our") describes how and why we might access, collect, store, use, and/or share ("process") your personal information when you use our services ("Services"), including when you:

• Visit our website at https://www.dinetalkapp.com.
• Use our voice-first ordering platform for restaurants and cafes.
• Engage with us in other related ways, including any sales, marketing, or events.

Questions or concerns? Reading this Privacy Notice will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at omar@dinetalkapp.com.

1. What information do we collect?

Personal information you disclose to us

We collect personal information that you voluntarily provide to us when you register on the Services, express interest in obtaining information about us or our products, or otherwise contact us. The personal information we collect may include the following:

• Names
• Email addresses
• Passwords (stored as one-way cryptographic hashes)
• Phone numbers
• Billing addresses and payment data (processed by our payment provider; we do not store full card numbers)
• Restaurant and business details (name, menu, operating details)
• Voice recordings and transcripts generated while using the ordering assistant

Sensitive information. We do not process sensitive personal information (such as racial or ethnic origin, religious beliefs, health data, biometric identifiers, or precise geolocation).

Information automatically collected

We automatically collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, and for our internal analytics and reporting purposes.

Like many businesses, we also collect information through cookies and similar technologies. See the Cookies section below.

2. How do we process your information?

We process your personal information for a variety of reasons, depending on how you interact with our Services, including:

• To facilitate account creation, authentication, and otherwise manage user accounts.
• To deliver and facilitate delivery of the voice ordering platform to restaurants and their guests.
• To respond to user inquiries and offer support.
• To send administrative information, such as product, service, and security updates.
• To protect the Services, prevent fraud, and enforce our Terms of Use.
• To comply with our legal obligations and defend legal claims.
• To process voice input through our AI partner to return a real-time ordering response.

3. What legal bases do we rely on to process your information?

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal information under one of the following lawful bases:

• Consent. Where you have given us specific permission to use your personal information for a specific purpose.
• Performance of a contract. Where processing is necessary to provide the Services you have agreed to.
• Legal obligations. Where processing is required to comply with applicable law.
• Legitimate interests. Where processing is necessary to pursue our legitimate business interests in a way that is not overridden by your rights.

4. When and with whom do we share personal information?

We may share your personal information with the following categories of third parties (subprocessors), under appropriate contractual safeguards:

• Google LLC — Gemini Live API for voice-to-order processing.
• Fly.io, Inc. — application hosting.
• Amazon Web Services, Inc. — object storage for recordings and backups.
• Resend — transactional email delivery.
• Paymob — payment processing for subscription and in-app payments.
• Sentry — error monitoring and performance telemetry.

We do not sell your personal information. We may also disclose information when required by law, to enforce our Terms of Use, to protect the rights, property, or safety of DineTalk or others, or in connection with a business transfer (merger, acquisition, or asset sale).

5. Do we use artificial intelligence?

Yes. DineTalk uses Google's Gemini 2.5 Flash Live API to power a real-time, voice-first ordering assistant. When a customer speaks to the assistant, the audio stream is forwarded to Google for speech recognition, language understanding, and generation of the assistant's reply. We use the audio, transcript, and order metadata to:

• Return the assistant's spoken and structured response.
• Create an order record, which the restaurant sees in real time.
• Maintain a session record for dispute resolution, quality assurance, and billing.

Google processes this data as our subprocessor under its Gemini API terms. Voice transcripts and session records are stored in our database and on our object storage provider. We do not use customer voice data to train our own models, and we configure Google's API to disable use of content for model training wherever that option is available.

6. Do we use cookies and tracking technologies?

We use strictly necessary cookies and similar technologies (such as local storage) to keep you signed in, remember your language preference, and secure the Services against cross-site request forgery. We may also use a limited set of analytics cookies to understand aggregate usage and improve the product. Where required by law, we will request your consent before placing non-essential cookies. You can control cookies through your browser settings, though disabling strictly necessary cookies may break core functionality.

7. Is your information transferred internationally?

DineTalk is operated from Egypt and relies on cloud providers (including Google, AWS, and Fly.io) that may process data in the United States and other jurisdictions. Where personal information is transferred out of the EEA, United Kingdom, or Switzerland, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses and provider-specific data processing addenda.

8. How long do we keep your information?

We keep personal information for as long as necessary to fulfil the purposes described in this Privacy Notice, unless a longer retention period is required or permitted by law (for example, for tax, accounting, or other legal requirements). When we no longer have a legitimate business need to process your personal information, we will either delete or anonymize it. Voice recordings and transcripts are retained for up to 12 months by default, and restaurant owners may request earlier deletion.

9. How do we keep your information safe?

We implement appropriate technical and organizational measures designed to protect the security of the personal information we process, including encryption in transit (TLS), encryption at rest for backups, role-based access controls, and continuous security monitoring. Despite our safeguards, no electronic transmission or storage can be guaranteed to be 100% secure.

10. Do we collect information from minors?

We do not knowingly collect, solicit, or market to individuals under 18 years of age. By using the Services, you represent that you are at least 18. If we learn that personal information from a user under 18 has been collected, we will deactivate the account and take reasonable steps to promptly delete such data. If you believe we may have information from a minor, please contact omar@dinetalkapp.com.

11. What are your privacy rights?

Depending on your location, you may have the following rights under applicable data protection law, including the EU and UK GDPR:

• Access — request a copy of the personal information we hold about you.
• Rectification — request correction of inaccurate or incomplete data.
• Erasure — request deletion of your personal information, subject to limited exceptions.
• Restriction — request that we limit the processing of your information.
• Portability — receive your personal information in a structured, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time.
• Complaint — lodge a complaint with your local data protection authority.

To exercise any of these rights, email us at omar@dinetalkapp.com. We will respond within the timeframes required by applicable law.

12. Controls for Do-Not-Track features

Most web browsers and some mobile operating systems include a Do-Not-Track ("DNT") feature. Because no uniform technology standard for recognizing DNT signals has been finalized, we do not currently respond to DNT browser signals. If a standard is adopted, we will update this notice accordingly.

13. Do we make updates to this notice?

Yes. We may update this Privacy Notice from time to time. The updated version will be indicated by an updated "Last updated" date at the top of this page. We encourage you to review this Privacy Notice frequently to stay informed of how we protect your information.

14. How can you contact us about this notice?

If you have questions or comments about this notice, you may email us at omar@dinetalkapp.com, or write to us at:

15. How can you review, update, or delete the data we collect from you?

Based on the applicable laws of your country, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. To request to review, update, or delete your personal information, contact omar@dinetalkapp.com.