We save and use your personal information only for the processing of your orders, the operation of restaurant accounts on our platform, and for contacting you. If you subscribe to our newsletter, your email address will be used solely to send that newsletter.
We do not give your personal information to third parties for marketing. Your information is provided only to parties strictly necessary to operate the service, for example:
All transfers are carried out in accordance with the General Data Protection Regulation (GDPR), and we limit shared information to the bare minimum necessary.
When restaurants enrol on Megatims we collect the business and owner information required by Stripe to open and verify merchant accounts. Typical data collected may include:
This information is transmitted securely to Stripe for onboarding and compliance (KYC/AML). We use encrypted channels (TLS/HTTPS) for transmission and require that Stripe and any partner process data under appropriate contractual and legal safeguards.
When customers place orders we collect the information necessary to fulfil the order (e.g., name, delivery address, contact number). This data is shared only with the selected restaurant and our payment processor to complete and settle the order.
We store personal information on secure systems and apply appropriate technical and organisational measures to protect it. We retain personal data only as long as necessary for the purposes described, or as required by law.
Processing is based on performance of contract (order processing, payment settlement), legal obligations (KYC/AML, tax), and, where applicable, consent (e.g., newsletter subscription).
Personal data inserted by customers and restaurants in Megatims is stored securely on our servers.
EU / EEA: All data is stored within the European Union and is not transferred outside the EU without appropriate safeguards.
United States: Personal data is stored on servers located in the US, and handling complies with applicable local regulations (e.g., CCPA/CPRA for California residents).
Japan: Personal data is handled in accordance with the Act on the Protection of Personal Information (APPI) and stored securely with encryption on servers located in Japan.
Canada: Personal data is stored on Canadian servers where possible, in compliance with PIPEDA requirements for security and consent.
Australia: Personal data is stored on servers in Australia or in jurisdictions providing equivalent protection, complying with the Privacy Act / APPs.
Brazil: Personal data is stored on servers in Brazil or with equivalent safeguards, in compliance with LGPD.
All personal and sensitive data is encrypted both in transit (TLS/HTTPS) and at rest, ensuring it cannot be accessed in clear text by unauthorized parties, including Megatims employees.
Under GDPR you have rights to access, rectify, erase, restrict processing, object, and data portability. To exercise these rights or for questions about our handling of personal information, contact us at the email address provided in your account or on our site.
EU / EEA: GDPR — strict rules for personal data protection.
https://gdpr-info.eu/
California, USA: CCPA / CPRA — consumer rights to know, access, delete, and opt-out of sale of personal information.
https://oag.ca.gov/privacy/ccpa
Canada: PIPEDA — consent required for collection/use/disclosure of personal info; necessary processing generally exempt.
https://www.priv.gc.ca/en/privacy-topics/privacy-laws-in-canada/the-personal-information-protection-and-electronic-documents-act-pipeda/
UK: UK GDPR + PECR — necessary processing exempt from consent.
https://www.gov.uk/data-protection
Australia: Privacy Act / APPs — disclosure and security obligations; no strict cookie banner required.
https://www.oaic.gov.au/privacy/the-privacy-act/
Japan: APPI — personal data protection obligations; consent recommended for non-essential processing.
https://www.ppc.go.jp/en/legal/
Brazil: LGPD — necessary processing generally exempt.
http://www.planalto.gov.br/ccivil_03/_ato2015-2018/2018/lei/L13709.htm
