Privacy Policy

We collect information you provide when creating an account, including your name, email address, phone number, restaurant name, and billing details.

When you use our platform, we automatically collect usage data such as pages visited, features used, device type, browser version, IP address, and referral URLs.

If you integrate third-party services (e.g., WhatsApp Business API, payment processors), we may receive limited data from those services as described in their respective privacy policies.

To provide, maintain, and improve Kitsho's services, including OCR menu digitization, WhatsApp commerce automation, and analytics dashboards.

To process transactions, send service-related notifications, and provide customer support.

To personalize your experience, including AI-driven recommendations for menu optimization and operational insights.

To detect, prevent, and address fraud, abuse, and technical issues.

To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data to third parties. We may share information with trusted service providers who perform services on our behalf (hosting, analytics, payment processing) under strict data processing agreements.

We may disclose information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

Aggregated, anonymized data that cannot identify you may be used for research, benchmarking, and industry reports.

We retain your account data for as long as your account is active or as needed to provide services. After account deletion, we retain certain records for up to 30 days for legal and audit purposes unless a longer hold applies, after which data is permanently purged.

Operational logs used for security and rate limiting are typically retained for 30 days.

Source files uploaded for OCR are retained up to 90 days unless you pin or re-import them, after which they may be purged according to storage policies.

Transaction and order data may be retained for the full lifecycle of your business relationship and up to 7 years where required for financial reporting regulations in your operating jurisdiction.

A list of core subprocessors is maintained for transparency (hosting, auth, AI, messaging, billing, and email).

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We deploy infrastructure on SOC 2 Type II compliant cloud providers.

Access to production data is restricted to authorized personnel through role-based access control (RBAC) with mandatory multi-factor authentication.

We conduct regular security audits, penetration testing, and vulnerability assessments.

You have the right to access, correct, or delete your personal data at any time from your account settings or by contacting our support team.

You may request a portable copy of your data in a machine-readable format.

You can opt out of non-essential communications at any time by updating your notification preferences.

If you are located in the European Economic Area, you have additional rights under GDPR, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

We use essential cookies to maintain your session and preferences. Non-essential analytics (e.g., Google Analytics) loads only after you accept cookies via the on-site banner where applicable.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Kitsho is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will promptly delete the data.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before changes take effect.

If you have questions about this Privacy Policy or your data, contact our Data Protection Officer at privacy@kitsho.com or write to: Kitsho Technologies Inc., Cairo, Egypt.