Skip to content
NNoqta
The problem How it works What you get The offer
ENع
Sign in Start with Noqta
The problemHow it worksWhat you getThe offerالعربيةSign inStart with Noqta
OverviewPrivacy Policy
Legal

Privacy Policy

Effective 8 July 2026 · Last updated 8 July 2026

On this page
1 · Introduction 2 · Who we are 3 · What we collect 4 · How we use it 5 · Legal bases 6 · How we share 7 · Retention 8 · Security 9 · Your rights 10 · International transfers 11 · Cookies 12 · Children 13 · Changes 14 · Contact

1 Introduction

This Privacy Policy explains what personal data Noqta — the software, websites, dashboards, briefings and related services (together, the "Service") — collects about you and your restaurant, how that data is used, and the choices and rights you have. It applies whenever you visit this website, create an account, or use the Service.

To run your restaurant and understand it, the Service must process your restaurant's data. This policy sets out exactly what that involves, so you always know what happens to your data and why.

2 Who we are

The Service is operated by AtharCo ("AtharCo", "we", "us"), registered in Ramallah, Palestine, which provides the Service under the name Noqta. "You" means the restaurant, owner or operator using the Service, or a visitor to this website; a restaurant or other business using the Service is a "venue". For any privacy question, contact us at ehab@noqtaplatform.com.

We act in two distinct roles. For operator accounts and for visitors to this website, AtharCo is the data controller. For diner and customer data captured through a venue's menu, ordering or loyalty features, the venue is the data controller, and Noqta processes that data only on the venue's instructions.

3 What we collect

We collect only what is needed to operate the Service and respond to you:

Account information

  • Your name, business name, email address, phone number and the details you provide at sign-up.
  • Your restaurant's profile — branches, currency, and the settings you configure.
  • Billing details needed to manage your subscription, handled through our payment processor.

Your restaurant's operational data

  • Orders, sales and transaction records, including the details your diners submit when ordering — such as name, phone number and order contents — which we process on the venue's behalf as described in section 2.
  • Payments and channel breakdowns, including delivery-platform activity.
  • Your menu, items and pricing.
  • Branch activity across your locations.

Usage & device data

  • How you use the Service — pages viewed, features used, and the questions you ask — recorded by our own systems, not by third-party analytics tools.
  • Technical data such as device type, browser, and approximate location derived from your IP address, used to keep the Service secure and functioning.

4 How we use it

We use the data described above to:

  • Operate the Service — run your restaurant's daily operations, sign-in, billing and support.
  • Build your restaurant's memory — organise your operational data over time so the Service understands how your restaurant works.
  • Generate briefings, reports, comparisons and plain-language answers about your own restaurant's performance.
  • Deliver the daily summary to you over WhatsApp, where you choose to receive it.
  • Maintain and improve the Service — keep it reliable, secure and useful, relying on our own records rather than third-party analytics.

We do not use your restaurant's operational data to advertise to you, and we never sell it. See How we share.

5 Legal bases

Where data-protection law applies, we process personal data on the following grounds:

  • Contract — to provide the Service you signed up for and to manage your account and billing.
  • Legitimate interests — to keep the Service secure, prevent misuse and improve how it works, balanced against your rights and interests.
  • Consent — where we ask for it, such as the WhatsApp daily summary or optional communications; you may withdraw consent at any time.
  • Legal obligation — where we must retain or disclose data to comply with applicable law.

Where a venue is the controller of diner data, the venue determines its own legal bases and we process that data on its instructions.

6 How we share

We share personal data with two kinds of recipients, and with no one else. First, the processors that make the Service work — each bound by a data-processing agreement and receiving only what is necessary:

  • Supabase — our database infrastructure, hosted in the European Union.
  • Vercel — our web hosting, operated in the European Union and North America.
  • Clerk — operator authentication, to sign you in and keep your account secure.
  • Resend — transactional email, to deliver operator-side notifications.

Second, some recipients are not our processors: they act as independent controllers of the data they process on their own services, under their own terms and privacy policies:

  • Payment processors — to collect payment and manage your subscription.
  • WhatsApp (operated by Meta) — when you opt in to WhatsApp messages, such as your daily summary.
  • Delivery platforms — the platforms whose orders a venue connects to the Service.
  • Google Fonts — content delivery: our web pages load fonts from Google Fonts, so Google receives your IP address as a technical necessity of serving the font files. Google sets no cookies through this, and we build no profile from it.

We may also disclose personal data where the law requires it, or where necessary to protect the Service, our users or our legal rights. If our business is transferred, your data will remain subject to protections no less stringent than those described in this policy.

We do not sell your data — not to advertisers, not to data brokers, not to anyone — and we do not share it with advertising networks or third-party analytics providers.

7 Retention

We keep your data for as long as your account is active, so your restaurant's memory remains intact and useful. When you cancel or close your account, your data remains available for export for 30 days, is then retained for a further 30 days for recovery, and is permanently deleted 60 days after cancellation — except for records we must retain to meet a legal, tax or accounting obligation, which we keep only for the period the law requires, and security and audit logs retained in accordance with our Data Processing Addendum. Where a venue is the controller of diner data, the venue determines the retention period for that data.

8 Security

We protect your data with technical and organisational measures appropriate to its sensitivity — including encryption in transit, access controls, and restricting access to those who need it to operate the Service. No system is perfectly secure, but we work to keep your data safe and will notify you promptly of any incident that affects you.

9 Your rights

Your data is yours. Subject to applicable law, you may:

  • Access — request a copy of the personal data we hold about you.
  • Export — receive your restaurant's data in a portable format.
  • Correct — have inaccurate or outdated data rectified.
  • Delete — have your data erased, subject to records we must keep by law.

To exercise any of these rights, contact ehab@noqtaplatform.com. If your request concerns diner data controlled by a venue, please contact that venue first; we will refer any such request we receive to the venue and assist it in responding. If the venue does not respond to your request within 30 days, you may contact us at ehab@noqtaplatform.com and we will act on the request on the venue's behalf. You also have the right to lodge a complaint with your local data-protection authority.

10 International transfers

Our database is hosted in Supabase's European Union region, and our hosting infrastructure runs on Vercel in the European Union and North America. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards — including the European Commission's Standard Contractual Clauses where applicable — so that your data remains protected to the standard described in this policy.

11 Cookies

This website stores only what it needs: essential cookies required for it to function, a record of your cookie-consent choice, and browser localStorage entries for your theme and language preferences. Clerk, our authentication provider, sets cookies when you sign in and on signed-in surfaces. We set no third-party analytics or advertising cookies and embed no trackers. You can control cookies through your browser settings and, where shown, the consent banner. For details of what we set and why, see our Cookie Policy.

12 Children

The Service is built for restaurant owners and operators and is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it.

13 Changes

We may update this policy as the Service evolves. The current version is always published at noqtaplatform.com/privacy (Arabic) and noqtaplatform.com/en/privacy (English), and the effective date at the top of this page identifies the version in force. If a change is material, we will give reasonable advance notice — by email or within the Service. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy.

14 Contact

Questions about your privacy or this policy? Reach us at ehab@noqtaplatform.com or through the contact page. The Service is built by AtharCo, registered in Ramallah, Palestine.

NNoqta

Noqta — your restaurant's operating intelligence system. It runs your restaurant, learns how it works, and turns every day into clear answers and better decisions. In Arabic and English. Built by AtharCo in Ramallah, Palestine.

What you get

Ask Your RestaurantBriefs · Sales, Channels, Menu, CustomersPlans & pricing

Company

What it isThe offerContactالعربية

Legal

Terms of ServicePrivacy PolicyCookie Policy
Built by AtharCo · Ramallah, Palestine© 2026 Noqta — understanding, not just data.