Privacy

Privacy Policy

How we collect, use, and protect your information — written to be readable, not just legally defensible.

Effective date: May 1, 2026 · Last updated: May 1, 2026

1. Who we are

"BiryaniHub" ("we", "us", "our") refers to BiryaniHub Inc., a [STATE OF INCORPORATION] corporation operating the website biryanihub.co and related services. We are the data controller for personal information collected through our services.

2. What we collect

You give us

Account info: name, phone, email, password (hashed), role (customer / vendor / admin)
Customer info: delivery addresses, dietary preferences, favorited vendors
Order info: items, prices, delivery instructions, special requests
Vendor info: business name, address, hours, menu, uploaded compliance documents
Communications: emails, support tickets, review text

We collect automatically

Device + browser type, operating system, IP address
Pages viewed, search queries, timestamps
Cookies and similar technologies (see Cookie Policy)

From third parties

Google Places API — public business data when vendors register or admins re-verify
Payment processors (Stripe, when enabled) — last 4 digits of card, transaction confirmation; full card data is never stored on our servers
Email/SMS providers (SendGrid, Twilio) — delivery status of transactional messages we send you

3. How we use it

To provide the service: match orders to vendors, process payments, deliver food, handle support
To improve the service: analyze aggregate usage to understand which features matter, fix bugs
To keep things safe: detect fraud, enforce our terms, comply with legal requests
To communicate: transactional messages (order confirmations), service updates, optional marketing (you can opt out)

4. Who we share it with

Vendors — receive only the info needed to fulfill orders (name, phone, delivery address, items, special instructions)
Service providers — payment processors, hosting (Hostinger), email/SMS providers, analytics
Legal — when compelled by court order or to protect our rights, our users, or the public

We do not sell personal information. We do not share data with third-party advertisers for cross-site targeting.

5. How long we keep it

Active account data: as long as your account exists
Order history: 7 years for tax + accounting compliance
Reviews + public content: indefinitely (you can request deletion of your specific reviews)
Marketing emails: until you unsubscribe
Server logs: 90 days

6. Your rights

If you're in the EU/UK (GDPR)

Access — request a copy of your data
Rectification — correct inaccurate data
Erasure — request deletion ("right to be forgotten")
Restriction — pause processing
Portability — receive your data in a machine-readable format
Object — to processing based on legitimate interests
Withdraw consent — for anything you opted in to

If you're in California (CCPA / CPRA)

Right to know what personal information we collect, use, disclose
Right to delete personal information
Right to correct inaccurate personal information
Right to opt out of "sale" or "sharing" (we don't sell — but you can still submit the request)
Right to non-discrimination for exercising your rights

To exercise any of these rights, send us a message via the contact form from the email associated with your account. We respond within 30 days (45 for complex requests).

7. Security

We use industry-standard technical safeguards: HTTPS/TLS for all data in transit, encryption at rest for sensitive fields (passwords, identity documents), role-based access for our team, audit logs for admin actions. No system is impenetrable; we will notify affected users of any breach involving their data within 72 hours of confirmation.

8. Children

BiryaniHub is not intended for children under 13. We do not knowingly collect data from children under 13. If you believe we have, contact us via the contact form and we will delete it.

9. International transfers

BiryaniHub is operated from the United States. If you access from outside the US, your data is transferred to and processed in the US. [LEGAL REVIEW: confirm SCC/GDPR transfer mechanism applies for EU users]

10. Changes to this policy

If we make material changes, we'll notify active users by email at least 30 days before the change takes effect. Non-material updates (typo fixes, clarifications) take effect immediately and are reflected in the "Last updated" date above.

11. Contact

Questions about privacy? Use our contact form and select Legal / privacy.