Privacy Policy

Cravit is operated by [CRAVIT_LEGAL_ENTITY], a company registered in [CRAVIT_JURISDICTION] with its registered office at [CRAVIT_REGISTERED_ADDRESS]. We provide a restaurant operating platform that includes ordering, customer relationship management, loyalty programs, analytics, and third-party marketing integrations.

For privacy questions or to exercise your rights under this policy, contact us at [CRAVIT_PRIVACY_EMAIL].

We collect data in three contexts: (a) as a diner ordering from a Cravit-powered restaurant, (b) as a restaurant operator using the Cravit dashboard, and (c) when restaurant operators connect third-party services such as Meta.

As a diner, we collect: your name, phone number, email address (optional), delivery addresses, order history, payment metadata (Cravit never stores raw card numbers — these are tokenized by our payment processors), wallet and loyalty point balances, your communication preferences, and behavioral telemetry such as session activity and click events recorded via Microsoft Clarity. If you order via WhatsApp, we store the conversation transcript and the AI chatbot's responses.

As a restaurant operator, we collect: your business name, contact details, branch locations, menu and product catalog, employee accounts and role assignments, operational metrics, and content you publish on the platform.

From connected third-party services, we collect only what those services expose to us with your explicit authorization. See "Data shared with Meta" below for the Meta-specific list, and "Third-party processors" for the others.

Diner data is used to fulfill your orders, run loyalty and credit programs, personalize recommendations, send transactional and marketing messages on behalf of restaurants you have ordered from, and analyze platform performance. We never sell your personal data.

Operator data is used to operate the dashboard, surface analytics, run AI-powered features such as churn prediction and demand forecasting, and provide customer support.

We process data on the lawful bases of contract performance (fulfilling your order or the operator's subscription), legitimate interest (security, analytics, fraud prevention), and consent (marketing communications and optional integrations such as Meta).

When a restaurant operator connects their Meta Business Account to Cravit, the operator authorizes Cravit (via Meta's standard OAuth Login dialog) to access a specific subset of Meta data on their behalf.

Cravit reads the following data from Meta with the operator's authorization: • The operator's Meta user identifier, name, and email address (the OAuth grantor's profile). • The list of Business Manager accounts, Facebook Pages, Ad Accounts, Product Catalogs, and Pixels that the operator administers. • The chosen Page's metadata — name, follower count, and recent post engagement counts — for the dashboard's Page engagement panel. • Ad insights metrics for the chosen Ad Account: spend, impressions, clicks, reach, conversions, and conversion value, broken down by campaign and date.

Cravit also writes data to Meta on the operator's behalf. Specifically: • Server-side conversion events sent to the chosen Pixel via Meta's Conversions API (CAPI) — typically Purchase events triggered when a diner completes an order. These events include hashed (SHA-256) customer email and phone, the order value and currency, and content identifiers. Raw email and phone are never transmitted to Meta — only their cryptographic hashes. • Custom Audiences created in the chosen Ad Account, into which Cravit pushes hashed customer email and phone for retargeting and exclusion. Audience membership changes are driven by the operator's CRM journey configuration. • Product catalog items synced to the chosen Catalog: menu item id, name, description, price, image URL, product URL, brand, and availability.

Cravit only shares data with Meta when (a) the operator has actively connected their Meta account, and (b) the operator has not disabled Conversions API or audience sync from the Cravit dashboard. Disconnecting the Meta account in Settings → Integrations halts all data flows and purges cached Meta-side identifiers.

We send hashed (irreversibly one-way encrypted) personal data — never raw email or phone numbers — when sharing customer-level signals with Meta. Meta uses these hashes to match against its own user records for audience targeting and conversion attribution.

Cravit uses the following third-party services to operate the platform. Each is bound by a Data Processing Agreement and processes data only on our instructions:

• Supabase — PostgreSQL database hosting and file storage. • Redis — in-memory cache and queue. • Anthropic — Claude language model for AI features (operator and aggregated anonymous data only). • Voyage AI — embeddings for the recommendation engine. • Microsoft Clarity — web session recording (used by Cravit only, restaurant-side only). • Paymob — payment processing (handles raw card data on our behalf; Cravit never stores card numbers). • OneSignal — push notifications. • SendGrid — transactional and marketing email. • Whatsable — WhatsApp Business API integration. • Google reCAPTCHA — bot protection. • Foodics — Point-of-Sale integration (when the restaurant operator opts in). • Meta (Facebook, Instagram) — when the restaurant operator opts in; see the section above.

We retain personal data for as long as is necessary to provide the service and to satisfy legal, accounting, or reporting requirements. Concretely:

• Diner profiles, order history, and wallet balances are retained while you remain an active customer of any Cravit-powered restaurant. After 24 months of inactivity, profiles are anonymized and order history is aggregated. • Operator dashboard accounts are retained while the operator's subscription is active and for 90 days after termination, after which they are deleted. • Aggregated, anonymized analytics data (counts, charts, trends with no personally identifiable fields) may be retained indefinitely. • Meta-derived data cached on Cravit (page id, ad account id, ad insights, audience mappings, catalog item ids) is purged when the operator disconnects their Meta account.

Depending on your jurisdiction, you have the right to access the personal data we hold about you, correct inaccurate data, request deletion, restrict or object to certain processing, request portability of your data in a machine-readable format, and withdraw consent for processing based on consent.

To exercise any of these rights, email us at [CRAVIT_PRIVACY_EMAIL]. We will respond within 30 days. For data deletion specifically related to Meta-connected accounts, see the Data Deletion Instructions page.

Cravit is not directed at children under 13 (or the equivalent age in your jurisdiction). We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us at [CRAVIT_PRIVACY_EMAIL] and we will delete it.

Cravit may transfer your data outside [CRAVIT_JURISDICTION] to our service providers (for example, to data centers operated by Supabase, Anthropic, Meta, and others). We use standard contractual clauses or equivalent legal mechanisms to ensure your data continues to be protected to the standard required in your jurisdiction.

We may update this policy from time to time. Material changes will be communicated via the platform or by email. The "Last updated" date at the top of this page reflects when the current version became effective.

For privacy questions, data subject rights requests, or concerns about how we handle your data, contact us at [CRAVIT_PRIVACY_EMAIL]. For Meta-specific data deletion, see the Data Deletion Instructions page.