1 Introduction
This Privacy Policy explains what personal data Noqta — the software, websites, dashboards, briefings and related services (together, the "Service") — collects about you and your restaurant, how that data is used, and the choices and rights you have. It applies whenever you visit this website, create an account, or use the Service.
To run your restaurant and understand it, the Service must process your restaurant's data. This policy sets out exactly what that involves, so you always know what happens to your data and why.
2 Who we are
The Service is operated by AtharCo ("AtharCo", "we", "us"), registered in Ramallah, Palestine, which provides the Service under the name Noqta. "You" means the restaurant, owner or operator using the Service, or a visitor to this website; a restaurant or other business using the Service is a "venue". For any privacy question, contact us at ehab@noqtaplatform.com.
We act in two distinct roles. For operator accounts and for visitors to this website, AtharCo is the data controller. For diner and customer data captured through a venue's menu, ordering or loyalty features, the venue is the data controller, and Noqta processes that data only on the venue's instructions.
3 What we collect
We collect only what is needed to operate the Service and respond to you:
Account information
- Your name, business name, email address, phone number and the details you provide at sign-up.
- Your restaurant's profile — branches, currency, and the settings you configure.
- Billing details needed to manage your subscription, handled through our payment processor.
Your restaurant's operational data
- Orders, sales and transaction records, including the details your diners submit when ordering — such as name, phone number and order contents — which we process on the venue's behalf as described in section 2.
- Payments and channel breakdowns, including delivery-platform activity.
- Your menu, items and pricing.
- Branch activity across your locations.
Usage & device data
- How you use the Service — pages viewed, features used, and the questions you ask — recorded by our own systems, not by third-party analytics tools.
- Technical data such as device type, browser, and approximate location derived from your IP address, used to keep the Service secure and functioning.
4 How we use it
We use the data described above to:
- Operate the Service — run your restaurant's daily operations, sign-in, billing and support.
- Build your restaurant's memory — organise your operational data over time so the Service understands how your restaurant works.
- Generate briefings, reports, comparisons and plain-language answers about your own restaurant's performance.
- Deliver the daily summary to you over WhatsApp, where you choose to receive it.
- Maintain and improve the Service — keep it reliable, secure and useful, relying on our own records rather than third-party analytics.
We do not use your restaurant's operational data to advertise to you, and we never sell it. See How we share.
5 Legal bases
Where data-protection law applies, we process personal data on the following grounds:
- Contract — to provide the Service you signed up for and to manage your account and billing.
- Legitimate interests — to keep the Service secure, prevent misuse and improve how it works, balanced against your rights and interests.
- Consent — where we ask for it, such as the WhatsApp daily summary or optional communications; you may withdraw consent at any time.
- Legal obligation — where we must retain or disclose data to comply with applicable law.
Where a venue is the controller of diner data, the venue determines its own legal bases and we process that data on its instructions.
7 Retention
We keep your data for as long as your account is active, so your restaurant's memory remains intact and useful. When you cancel or close your account, your data remains available for export for 30 days, is then retained for a further 30 days for recovery, and is permanently deleted 60 days after cancellation — except for records we must retain to meet a legal, tax or accounting obligation, which we keep only for the period the law requires, and security and audit logs retained in accordance with our Data Processing Addendum. Where a venue is the controller of diner data, the venue determines the retention period for that data.
8 Security
We protect your data with technical and organisational measures appropriate to its sensitivity — including encryption in transit, access controls, and restricting access to those who need it to operate the Service. No system is perfectly secure, but we work to keep your data safe and will notify you promptly of any incident that affects you.
9 Your rights
Your data is yours. Subject to applicable law, you may:
- Access — request a copy of the personal data we hold about you.
- Export — receive your restaurant's data in a portable format.
- Correct — have inaccurate or outdated data rectified.
- Delete — have your data erased, subject to records we must keep by law.
To exercise any of these rights, contact ehab@noqtaplatform.com. If your request concerns diner data controlled by a venue, please contact that venue first; we will refer any such request we receive to the venue and assist it in responding. If the venue does not respond to your request within 30 days, you may contact us at ehab@noqtaplatform.com and we will act on the request on the venue's behalf. You also have the right to lodge a complaint with your local data-protection authority.
10 International transfers
Our database is hosted in Supabase's European Union region, and our hosting infrastructure runs on Vercel in the European Union and North America. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards — including the European Commission's Standard Contractual Clauses where applicable — so that your data remains protected to the standard described in this policy.
12 Children
The Service is built for restaurant owners and operators and is not directed at children under 13. We do not knowingly collect personal data from anyone under 13. If you believe a child has provided us with personal data, contact us and we will delete it.
13 Changes
We may update this policy as the Service evolves. The current version is always published at noqtaplatform.com/privacy (Arabic) and noqtaplatform.com/en/privacy (English), and the effective date at the top of this page identifies the version in force. If a change is material, we will give reasonable advance notice — by email or within the Service. Continued use of the Service after a change takes effect constitutes acceptance of the updated policy.
14 Contact
Questions about your privacy or this policy? Reach us at ehab@noqtaplatform.com or through the contact page. The Service is built by AtharCo, registered in Ramallah, Palestine.