Privacy Policy

We collect information you provide when creating an account, including your name, email address, phone number, restaurant name, and billing details.

When you use our platform, we automatically collect usage data such as pages visited, features used, device type, browser version, IP address, and referral URLs.

If you integrate third-party services (e.g., WhatsApp Business API, payment processors), we may receive limited data from those services as described in their respective privacy policies.

To provide, maintain, and improve Kitsho's services, including OCR menu digitization, WhatsApp commerce automation, and analytics dashboards.

To process transactions, send service-related notifications, and provide customer support.

To personalize your experience, including AI-driven recommendations for menu optimization and operational insights.

To detect, prevent, and address fraud, abuse, and technical issues.

To comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data to third parties. We may share information with trusted service providers who perform services on our behalf (hosting, analytics, payment processing) under strict data processing agreements.

We may disclose information when required by law, to protect our rights, or in connection with a merger, acquisition, or sale of assets.

Aggregated, anonymized data that cannot identify you may be used for research, benchmarking, and industry reports.

We retain your account data for as long as your account is active or as needed to provide services. After account deletion, we retain certain records for up to 90 days for legal and audit purposes, after which data is permanently purged.

Transaction and order data may be retained for up to 7 years to comply with financial reporting regulations in your operating jurisdiction.

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. We deploy infrastructure on SOC 2 Type II compliant cloud providers.

Access to production data is restricted to authorized personnel through role-based access control (RBAC) with mandatory multi-factor authentication.

We conduct regular security audits, penetration testing, and vulnerability assessments.

You have the right to access, correct, or delete your personal data at any time from your account settings or by contacting our support team.

You may request a portable copy of your data in a machine-readable format.

You can opt out of non-essential communications at any time by updating your notification preferences.

If you are located in the European Economic Area, you have additional rights under GDPR, including the right to object to processing and the right to lodge a complaint with a supervisory authority.

We use essential cookies to maintain your session and preferences. We also use analytics cookies (e.g., PostHog, Google Analytics) to understand usage patterns and improve our services.

You can manage cookie preferences through your browser settings. Disabling essential cookies may affect platform functionality.

Kitsho is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware of such collection, we will promptly delete the data.

We may update this Privacy Policy from time to time. We will notify you of material changes via email or a prominent notice on our platform at least 30 days before changes take effect.

If you have questions about this Privacy Policy or your data, contact our Data Protection Officer at privacy@kitsho.com or write to: Kitsho Technologies Inc., Cairo, Egypt.