Last updated: April 1, 2026
Ordegate ("we," "our," or "us") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, store, share, and protect information when you access or use the Ordegate platform, website, merchant dashboard, POS systems, storefronts, APIs, and any related services (collectively, the "Platform"). By using the Platform, you agree to the practices described in this Privacy Policy.
When you register for an Ordegate account, we collect business name, trading name, and business type; contact name, email address, and phone number; business address and operational locations; billing information for Subscription processing; employee names, roles, and PIN credentials (stored encrypted) for Merchants using the POS system; and tax identification numbers when required for compliance.
We process and store data related to orders placed through your Ordegate-powered Storefront, including customer names, email addresses, phone numbers, and delivery addresses; order contents, quantities, special instructions, and modifications; payment method types and transaction amounts; order timestamps, statuses, and fulfillment records; and refund and cancellation records.
We automatically collect technical information including IP addresses and approximate geographic location; browser type, version, and language preferences; device identifiers, operating system, and screen resolution; referring URLs and pages visited; session duration, click patterns, and interaction data; and error logs and performance metrics.
We retain records of communications between you and Ordegate, including emails sent to and received from support@ordegate.com, in-dashboard support tickets and chat messages, and feedback submitted through surveys or other channels.
We use cookies, local storage, and similar technologies to maintain your login session, remember your Dashboard preferences, analyze Platform usage patterns, and detect and prevent fraudulent or suspicious activity. For detailed information, refer to our separate Cookie Policy.
We do not sell or rent your personal information to third parties for marketing purposes. We may share information with payment processors (PayPal, Paymob), cloud infrastructure providers (Firebase/Google, Cloudflare, AWS), communication service providers (WhatsApp Business API for WhatsApp ordering), and legal authorities when required by law or to protect safety. In the event of a merger or acquisition, your personal data may be transferred as part of that transaction.
Account information and Storefront settings are retained while your account is active and for 30 days after termination. Transaction records and payment logs are retained for 7 years for tax and regulatory compliance. Support communications are retained for 2 years after the issue is resolved. Technical logs are retained for up to 12 months.
We implement industry-standard security measures including TLS/SSL encryption for all data in transit, encryption of sensitive data at rest, Firestore security rules ensuring only authenticated users can access their own data, Cloudflare DDoS protection and WAF, and regular security audits and vulnerability assessments. While we take reasonable precautions, no system is completely secure. You are responsible for maintaining the security of your account credentials and reporting any suspected security breaches to support@ordegate.com.
Depending on your jurisdiction, you may have rights to access, correct, delete, port, or restrict the processing of your personal data. You may also object to processing based on legitimate interests and withdraw consent at any time. To exercise any of these rights, contact support@ordegate.com with your account email, business name, and a clear description of the right you wish to exercise. We will acknowledge your request within 48 hours and process it within 30 days.
Ordegate operates globally, and your data may be transferred to and processed in countries outside your country of residence. Our infrastructure providers (Firebase/Google, Cloudflare, AWS) operate data centers in multiple jurisdictions. We ensure all international transfers comply with applicable data protection laws through adequacy decisions, Standard Contractual Clauses, and our providers' certifications (SOC 2, ISO 27001).
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact support@ordegate.com.
As a Merchant using Ordegate, you collect and process personal data of your Customers through your Storefront. You are independently responsible for complying with all applicable data protection laws (GDPR, CCPA, and equivalent regulations), implementing a privacy policy on your Storefront, obtaining appropriate consent from Customers, and not sharing or selling Customer data to third parties without proper consent. Ordegate provides the technical infrastructure but does not control how Merchants use Customer data. Merchants are the data controllers; Ordegate acts as a data processor on your behalf.
We may update this Privacy Policy periodically. When significant updates are made, we will notify you via email and through a Dashboard notice at least 14 days in advance. Continued use of the Platform after changes become effective constitutes acceptance.
For privacy-related inquiries, data requests, complaints, or to exercise your rights: Email: support@ordegate.com — Website: ordegate.com