UniOrder

Privacy Policy

Last updated: March 14, 2026

This Privacy Policy explains how UniOrder ("we", "us", or "our") collects, uses, discloses, and protects information when you use our online ordering platform, whether as a customer placing orders or a merchant managing your business.

1. Information We Collect

1.1 Customer Information

When you place an order, book a table, or interact with a merchant's storefront, we may collect:

  • Contact details: name, email address, phone number.
  • Delivery information: street address, suburb, and postcode.
  • Order details: items ordered, special requests, order comments, and order history.
  • Booking details: date, time, party size, and any comments.
  • Payment information: payment method selected (Stripe or cash). Card details are processed directly by Stripe and are never stored on our servers.

1.2 Merchant Information

When you sign up and onboard as a merchant, we collect:

  • Account credentials: email address and password (hashed), or Google OAuth profile.
  • Business information: company name, restaurant name, ABN/tax ID, address, phone, and email.
  • Financial information: Stripe Connect account details for payment processing.
  • Uploaded content: logos, dish photos, and menu information stored on our file storage service.

1.3 Automatically Collected Information

  • Usage data: pages visited, features used, and interactions with the platform.
  • Device information: browser type, operating system, and screen resolution.
  • Local storage: cart data is stored in your browser's localStorage to preserve your selections across page refreshes.
  • Cookies: session cookies for merchant authentication and platform functionality.

2. How We Use Your Information

We use collected information to:

  • Provide our services: process orders, facilitate payments, manage table bookings, and deliver order confirmations.
  • Communicate with you: send order confirmations, booking confirmations, cancellation notices, and signup confirmations via email.
  • Process payments: facilitate transactions between customers and merchants through Stripe Connect.
  • Improve our platform: analyse usage patterns and trends to enhance functionality and user experience.
  • Support merchants: provide sales reports, order management, and business analytics.
  • Ensure security: protect against fraud, unauthorised access, and other security threats.
  • Legal compliance: meet our legal obligations, including tax reporting requirements.

3. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

3.1 With Merchants

When you place an order or book a table, the relevant merchant receives your name, contact details, delivery address (for delivery orders), order details, and any comments you provide.

3.2 With Service Providers

We use trusted third-party services to operate our platform:

  • Stripe: payment processing and merchant payouts.
  • Resend: transactional email delivery.
  • Cloudflare R2: secure file and image storage.
  • PostgreSQL hosting provider: database storage.

These providers only access information necessary to perform their services and are bound by their own privacy policies.

3.3 For Legal Reasons

We may disclose information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of UniOrder, our users, or the public.

4. Data Security

We implement appropriate technical and organisational measures to protect your information, including:

  • Encrypted passwords using industry-standard hashing (bcrypt).
  • Secure, httpOnly session cookies for authentication.
  • Server-side validation of all data inputs.
  • Rate limiting on public endpoints to prevent abuse.
  • Stripe's PCI-compliant infrastructure for all payment processing.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure.

5. Data Retention

  • Customer data: order and booking records are retained for as long as necessary to provide our services and meet legal/tax obligations.
  • Merchant data: account and business information is retained while your account is active and for a reasonable period thereafter.
  • Cart data: stored locally in your browser and can be cleared at any time by clearing your browser's localStorage.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your personal information, subject to legal retention requirements.
  • Object to or restrict certain processing of your data.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent where processing is based on consent.

To exercise any of these rights, please contact us using the details below.

7. Children's Privacy

Our platform is not directed at children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify merchants of material changes via email or dashboard notification. The "Last updated" date at the top indicates when the policy was last revised.

9. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us at:

Email: privacy@uniorder.com.au

Privacy Policy | UniOrder