Privacy Policy

1. Privacy Overview

This Privacy Policy explains how Somdul Table ("we," "our," or "us") collects, uses, discloses, and protects your personal information when you use our website, mobile application, and meal delivery services (collectively, the "Service").

We respect your privacy and are committed to protecting your personal data in accordance with applicable privacy laws, including the California Consumer Privacy Act (CCPA) and other state privacy regulations.

1.1 Key Principles

• Transparency: We clearly explain what data we collect and why
• Control: You have choices about your personal information
• Security: We protect your data with industry-standard security measures
• Minimization: We only collect data that is necessary for our services
• Accuracy: We strive to keep your information accurate and up-to-date

2. Information We Collect

We collect several types of information to provide and improve our services:

2.1 Personal Information You Provide

Data Category	Examples	Purpose
Contact Information	Name, email, phone number	Account creation, order communication
Delivery Information	Address, delivery instructions, ZIP code	Meal delivery, service area determination
Payment Information	Credit card details, billing address	Processing payments, fraud prevention
Dietary Information	Food allergies, preferences, restrictions	Meal customization, safety recommendations
Profile Information	Date of birth, gender, preferences	Service personalization, age verification

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the service
• Device Information: IP address, browser type, device type, operating system
• Location Data: Approximate location based on IP address (for delivery zone verification)
• Cookies: Preferences, authentication tokens, analytics data
• Communication Records: Customer service interactions, chat logs

2.3 Information from Third Parties

• Payment Processors: Transaction verification and fraud prevention data
• Social Media: Profile information if you sign up through social login
• Delivery Partners: Delivery status and location updates
• Analytics Providers: Website performance and user behavior insights

3. How We Use Your Information

3.1 Primary Uses

• Service Delivery: Process orders, manage subscriptions, coordinate deliveries
• Account Management: Create and maintain your account, authenticate users
• Customer Support: Respond to inquiries, resolve issues, provide assistance
• Payment Processing: Handle transactions, manage billing, prevent fraud
• Safety & Quality: Ensure food safety based on allergies and dietary restrictions

3.2 Service Improvement

• Personalization: Recommend meals, customize experiences, improve relevance
• Analytics: Understand usage patterns, optimize performance, develop new features
• Quality Assurance: Monitor service quality, track delivery performance
• Research: Conduct surveys, gather feedback, analyze trends

3.3 Communication

• Transactional: Order confirmations, delivery updates, account notifications
• Marketing: Promotional offers, new menu items, newsletters (with consent)
• Operational: Service announcements, policy updates, system maintenance
• Safety: Food recall notices, allergy alerts, health advisories

4. Information Sharing & Disclosure

We do not sell your personal information to third parties. We share information only in limited circumstances:

4.1 Service Providers

• Payment Processors: Stripe, PayPal, Apple Pay, Google Pay
• Delivery Partners: Third-party delivery services and drivers
• Cloud Services: AWS, Google Cloud for data hosting and processing
• Analytics: Google Analytics, marketing platforms for insights
• Communication: Email service providers, SMS services, customer support tools

4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the new entity, subject to the same privacy protections.

4.3 Legal Requirements

• Law Enforcement: When required by law, court order, or government request
• Safety: To protect the safety of users, employees, or the public
• Legal Rights: To enforce our terms, protect our property, or defend legal claims
• Fraud Prevention: To investigate and prevent fraudulent activities

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your personal information:

• Encryption: All data transmitted is encrypted using TLS 1.3
• Secure Storage: Data at rest is encrypted using AES-256 encryption
• Access Controls: Role-based access with multi-factor authentication
• Regular Audits: Security assessments and penetration testing
• Employee Training: Privacy and security training for all staff
• Incident Response: Procedures for detecting and responding to breaches

5.2 Payment Security

• PCI Compliance: Our payment processors are PCI DSS Level 1 certified
• Tokenization: Credit card data is tokenized and not stored on our servers
• Fraud Detection: Real-time monitoring for suspicious transactions
• Secure Processing: End-to-end encryption for all payment data

6. Data Retention

6.1 Retention Periods

Data Type	Retention Period	Reason
Account Information	Until account deletion + 30 days	Service provision, support
Order History	7 years	Tax compliance, warranty claims
Payment Records	7 years	Financial compliance, dispute resolution
Communication Logs	3 years	Customer service, quality improvement
Analytics Data	2 years (aggregated)	Service optimization, trend analysis

7. Your Privacy Rights

7.1 Access Rights

You have the right to:

• Access: Request a copy of your personal information
• Portability: Receive your data in a machine-readable format
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal information
• Restriction: Limit how we process your data

7.2 How to Exercise Your Rights

To exercise your privacy rights:

1. Account Settings: Most data can be updated directly in your account
2. Email Request: Contact us at privacy@somdultable.com
3. Phone: Call our privacy team at +1 (555) 123-4567
4. Mail: Send written requests to our address below

8. California Privacy Rights (CCPA)

8.1 CCPA Rights Summary

California residents have additional rights under the CCPA:

• Right to Know: Categories and specific pieces of personal information collected
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: Opt-out of the sale of personal information
• Right to Non-Discrimination: Equal service regardless of privacy choices

9. Cookies & Tracking

9.1 Types of Cookies We Use

Cookie Type	Purpose	Duration
Essential	Login, security, shopping cart	Session/1 year
Analytics	Usage statistics, performance	2 years
Personalization	Preferences, recommendations	1 year
Marketing	Advertising, retargeting	30-90 days

10. Third-Party Services

10.1 Payment Providers

• Stripe: Secure payment processing
• PayPal: Alternative payment method
• Apple Pay: Mobile payment integration
• Google Pay: Mobile payment integration

11. International Users

If you access our service from outside the United States, your data may be transferred to and processed in the United States. We comply with applicable international transfer requirements.

12. Children's Privacy

Our service is not intended for children under 13 years old. We do not knowingly collect personal information from children under 13.

13. Policy Changes

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Material changes will be communicated via email with 30-day advance notice.