Privacy Policy

How Tayeb collects, uses, and protects your information.

01Scope of This Policy

This Privacy Policy applies to:

• Users of the Tayeb customer application (iOS, Android, web)
• Restaurants and merchants using the Seller App, Merchant App, or web dashboard
• Visitors to the Tayeb website and marketing pages
• Internal administrative use by Tayeb staff

If you do not agree with this policy, please do not use the Services.

02Information We Collect

a) Information You Provide Directly

Customers

• Name
• Phone number
• Email address (optional)
• Delivery addresses
• Order details and order history
• Wallet balance and transaction history
• Ratings, reviews, and support communications
• Profile preferences

Restaurants and Merchants

• Business name, brand name, and branch details
• Commercial Registration (CR) and tax information
• Signatory and contact person information
• Bank account details for settlement
• Menu, pricing, and operating hours
• Order performance and operational data

b) Information Collected Automatically (Technical and Metadata)

When you use our Services, we automatically collect technical information and metadata, including:

• Device model, manufacturer, and operating system version
• App version and build number
• Mobile network and carrier information
• Language and locale settings
• Time zone
• IP address
• Device identifiers, including IDFA (iOS, with your permission via the App Tracking Transparency prompt), IDFV (iOS), GAID / AAID (Android), Firebase Installation IDs, and similar internal identifiers
• Log files, error reports, and crash data
• Session data, screen views, taps, scrolls, and interaction events
• Referral source and install attribution data
• Cookies, web beacons, and similar technologies on our website

c) Location Data

We may access location data only while the app is actively in use in order to:

• Display nearby restaurants and merchants
• Suggest delivery addresses
• Enable real time delivery tracking for active orders
• Match drivers with delivery requests
• Detect approximate region for tax, currency, and language

We do not access location in the background when the app is not in use. You can revoke location permission at any time through your device settings, though some features such as delivery tracking will not function without it.

d) Payment Information

Tayeb supports multiple payment methods, including Cash on Delivery (COD), an in app wallet operated by Tayeb, and third party payment processors such as licensed card gateways, PayPal, and similar services.

Tayeb does not store credit or debit card numbers. Card details are entered directly into licensed third party payment processors that meet PCI DSS standards. Tayeb only stores transaction references, payment status, payment method type, and wallet balances.

03How We Use Your Information

• Facilitate ordering between customers and merchants
• Process payments and manage wallet balances
• Coordinate delivery with logistics partners
• Provide order tracking and real time updates
• Communicate with you about orders, support, and account activity
• Operate, maintain, and improve the Services
• Detect, investigate, and prevent fraud, abuse, and security incidents
• Measure marketing performance and attribute installs
• Personalize content, offers, and promotions
• Comply with legal, regulatory, and tax obligations

04Third Party Analytics, Attribution, and Marketing Tools

To operate and improve the Services, we use third party software development kits (SDKs) and tools. These tools may collect device identifiers, IP addresses, interaction events, and other metadata as described below.

a) Analytics and Performance

• Firebase Analytics and Crashlytics (Google) for usage analytics, crash reporting, and app stability monitoring.
• Session analytics and product insights tools such as UXCam, Hotjar, Mixpanel, Amplitude, or similar (if and when integrated) for understanding user flows, identifying friction points, and improving the product experience. Where supported, sensitive fields such as payment forms and personal identifiers are masked.
• Other analytics or performance monitoring tools we may adopt in the future. Any material additions will be reflected in an updated version of this policy.

b) Attribution and Marketing

• Meta SDK, including Facebook Pixel and Facebook SDK for mobile, used to measure advertising performance, build custom audiences, retarget users, and attribute installs and conversions. This may involve sharing hashed identifiers, event data, and device identifiers with Meta Platforms, Inc.
• Adjust (if and when integrated) for install attribution, deferred deep linking, and marketing campaign measurement. Adjust may receive device identifiers, IP addresses, and event data.
• Other attribution or marketing platforms we may adopt in the future. Any material additions will be reflected in an updated version of this policy.

c) Communications and Notifications

• Push notification services (APNs for iOS, FCM for Android) to deliver order status and account updates.
• Messaging services such as WhatsApp Business API and SMS providers for order related communication.

These tools do not receive payment card numbers or wallet credentials.

05App Tracking Transparency (iOS) and Tracking Disclosure

On iOS devices, before any data is used for tracking purposes as defined by Apple, we present the App Tracking Transparency (ATT) prompt asking for your permission. If you do not grant permission:

• We do not access your IDFA.
• We do not link your data with data from other companies' apps or websites for advertising purposes.
• Attribution tools operate in a limited, privacy preserving mode (such as SKAdNetwork) where supported.

You can change your tracking preference at any time in your iOS device settings under Privacy and Security, Tracking. On Android, you can reset or limit ad personalization through your device settings under Google, Ads.

06Delivery and Order Tracking

Tayeb does not operate delivery fleets. Delivery services are provided by third party logistics partners.

To enable delivery tracking and order management, limited location, contact, and order status information may be shared with:

• The customer who placed the order
• The restaurant or merchant fulfilling the order
• The assigned delivery partner or driver
• Tayeb administrative and support teams

Tracking and sharing is limited to the duration of an active order and is used solely for service fulfillment, communication, and support. Customer and driver phone numbers may be masked through proxy numbers where supported.

07Data Sharing and Disclosure

We do not sell your personal data.

We may share limited data with the following categories of recipients, and only as needed:

• Restaurants and merchants you place orders with
• Delivery and logistics partners assigned to your order
• Payment service providers and gateways
• Cloud and infrastructure providers that host our systems (such as Amazon Web Services, Google Cloud, or similar)
• Analytics, attribution, and marketing partners listed in Section 4
• Customer support and communication tools that help us respond to you
• Professional advisors such as auditors, accountants, and lawyers, under confidentiality
• Legal or regulatory authorities when required by law, court order, or to protect our rights, users, or the public
• Acquirers or successors in the event of a merger, acquisition, financing, or sale of assets, under appropriate confidentiality

All third parties are required to process data only for specified purposes and to maintain appropriate confidentiality and security standards.

08International Data Transfers

Tayeb is based in Amman, Jordan. Some of our service providers (such as Meta, Google, Adjust, and cloud hosts) operate servers outside Jordan, including in the United States, the European Union, and other jurisdictions. By using the Services, you understand that your information may be transferred to and processed in countries with data protection laws that differ from those in your country.

Where required, we put appropriate safeguards in place such as standard contractual clauses or equivalent mechanisms.

09Communication

Order related communication may occur through third party services including phone calls, SMS, WhatsApp, and email. Such communications are also governed by the privacy policies of those third party services.

If in app messaging features are introduced in the future, this Privacy Policy will be updated accordingly.

10Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure. These include encryption in transit, access controls, audit logging, and secure development practices. No system is completely secure, and we cannot guarantee absolute security.

If we become aware of a personal data breach that is likely to result in a high risk to you, we will notify you and the relevant authorities as required by applicable law.

11Data Retention

We retain personal data only for as long as necessary to:

• Provide the Services to you
• Comply with legal, tax, accounting, and regulatory requirements
• Resolve disputes and enforce our agreements
• Maintain reasonable business records

When personal data is no longer needed, we delete or anonymize it. Specific retention periods depend on the nature of the data and applicable legal requirements.

12Children's Privacy

The Services are not intended for children under the age of 13. We do not knowingly collect personal data from children under 13 without parental or legal guardian consent. If you believe we have collected such information, please contact us so we can delete it.

13Your Rights

Subject to applicable law (including Jordan's Personal Data Protection Law, the EU General Data Protection Regulation where it applies, and other relevant frameworks), you may request to:

• Access the personal data we hold about you
• Correct or update inaccurate or incomplete information
• Delete your account or personal data, where legally permitted
• Restrict or object to certain processing activities
• Withdraw consent you have previously given
• Receive a copy of your data in a portable format
• Lodge a complaint with the relevant data protection authority

To exercise any of these rights, contact us at [email protected]. We may need to verify your identity before processing your request. We aim to respond within 30 days.

14Cookies and Website Tracking

Our website uses cookies and similar technologies for essential functionality, analytics, and marketing. You can manage cookie preferences through your browser settings or any cookie banner we provide. Disabling certain cookies may affect website functionality.

15Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Material changes will be communicated through the app, by email, or by a notice on our website, along with a revised effective date. Continued use of the Services after the update takes effect constitutes acceptance of the revised policy.

16Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at: