Legal

Privacy Policy

This Privacy Policy explains how Outbites collects, uses, shares, and protects personal information when people use our websites, restaurant ordering experiences, apps, and related services.

Updated: April 27, 2026

Overview

Outbites ("Outbites," "we," "our," or "us") provides restaurant technology, including websites, direct online ordering, marketing, loyalty, analytics, integrations, and related services. This Privacy Policy applies to personal information we collect through our websites, applications, ordering pages, merchant tools, and any other services that link to this policy (collectively, the "Services").

By using the Services, you acknowledge that we collect and process personal information as described in this Privacy Policy. If a restaurant, merchant, or other business uses Outbites to power its ordering, marketing, or loyalty experience, that business may also have its own privacy practices.

This policy is written to cover the different people who may interact with Outbites: restaurant guests who place orders or join loyalty programs, restaurant owners and employees who use our merchant tools, prospective restaurants who ask for information, delivery or operations partners, job applicants, vendors, website visitors, and anyone who contacts us.

Quick Summary

This section is a plain-English summary of the longer policy below. It does not replace the full policy.

  • We collect the information needed to run restaurant websites, ordering, marketing, loyalty, customer support, and merchant operations.
  • We may receive information directly from you, from restaurants using Outbites, from payment or POS partners, and from analytics or fraud prevention tools.
  • We use information to provide the Services, communicate with you, process orders and payments, improve the platform, prevent abuse, and meet legal obligations.
  • We share information with restaurants, service providers, payment processors, delivery or operational partners, integration partners, and others when needed to provide the Services or comply with law.
  • We do not sell SMS opt-in information or consent records to third parties for their own marketing.
  • Depending on your location, you may have rights to access, correct, delete, or opt out of certain uses of personal information.

Information We Collect

Information you provide

We collect information you choose to provide, such as your name, email address, phone number, restaurant name, business details, contact messages, demo requests, support requests, account information, order details, delivery instructions, loyalty information, reviews, feedback, and marketing preferences.

When you place an order through an Outbites-powered restaurant experience, we may collect information such as name, email address, phone number, pickup or delivery address, selected items, order notes, delivery instructions, loyalty status, discounts, gift card details, preferred restaurant location, and any information you choose to include in special instructions.

If you create an account or sign in to a restaurant experience powered by Outbites, we may collect credentials or authentication information, account preferences, saved contact details, order history, favorite items, loyalty points, rewards, referral activity, and communication preferences.

If you are a restaurant owner, operator, employee, or other merchant user, we may collect business contact information, restaurant information, menu information, onboarding details, tax or payout information, payment processor account details, and information needed to provide integrations, support, billing, and reporting.

Merchant information may include legal business name, doing-business-as name, restaurant address, business phone number, website, social media pages, menu items, prices, taxes, service fees, hours, ordering rules, delivery zones, payout setup, staff user accounts, role permissions, campaign settings, POS connection status, online listing information, and support history.

If you participate in a sales call, onboarding session, support call, webinar, or product demo, we may collect information you provide during that session. If we record a call or meeting, we will use the recording for purposes such as training, quality review, product improvement, sales follow-up, or support documentation, subject to applicable law and any notice given at the time.

If you apply for a job, partnership, or vendor relationship with us, we may collect the information you provide in that context, including contact details, resume information, work history, and communications with us.

Information collected automatically

When you use the Services, we may collect device and usage information, including IP address, browser type, device type, operating system, pages viewed, referring URLs, links clicked, approximate location derived from IP address, dates and times of visits, and interactions with our forms, ordering flows, and product pages.

We may also collect information about session duration, errors, abandoned carts, checkout progress, campaign attribution, page performance, device identifiers, fraud signals, login events, API activity, and diagnostic information. This helps us keep restaurant ordering reliable, understand where guests get stuck, improve conversion, and investigate suspicious activity.

Location information

We may collect approximate location from an IP address. If you allow location access in a browser or app, we may collect more precise location information to help show nearby restaurants, estimate delivery eligibility, calculate delivery options, or support order fulfillment. You can usually disable precise location sharing through your device or browser settings.

Cookies and similar technologies

We and our service providers may use cookies, pixels, local storage, and similar technologies to operate the Services, remember preferences, measure performance, understand traffic, improve conversion flows, prevent fraud, and support marketing or analytics. You can control cookies through your browser settings, but some features may not work correctly without them.

Information from third parties

We may receive information from restaurants, payment processors, integration partners, analytics providers, marketing partners, fraud prevention providers, and publicly available sources. For example, a restaurant may provide menu, customer, order, loyalty, or business information so we can help operate and improve its direct ordering and marketing experience.

We may also receive information from POS systems, delivery providers, email and SMS vendors, website analytics providers, online business directories, review platforms, advertising platforms, and identity or authentication providers. When a restaurant asks us to migrate data from another system, we may process imported customer lists, order history, menu content, loyalty records, and related operational data on the restaurant's behalf.

Categories of Information

The categories below describe the types of personal information we may process, depending on how you use the Services.

  • Identifiers: name, email address, phone number, account identifiers, IP address, device identifiers, and similar contact or account information.
  • Commercial information: order history, selected items, restaurant preferences, loyalty activity, rewards, discounts, payment status, invoices, subscriptions, and service usage.
  • Internet or network activity: pages visited, clicks, referring pages, session activity, form interactions, checkout events, and technical logs.
  • Geolocation information: approximate location from IP address and, with permission where required, precise location for nearby restaurant or delivery-related features.
  • Professional or business information: restaurant role, employer, business contact details, merchant account details, and information used to manage restaurant services.
  • Audio, visual, or similar information: call recordings, voicemail, video meeting recordings, screenshots, or support materials when collected with appropriate notice.
  • Sensitive information: precise geolocation, food allergy notes, payment-related data, government or tax identifiers, account credentials, or similar information when needed for the Services.
  • Inferences: preferences, likely interests, marketing segments, or product recommendations derived from the information above.

Payments

Payments may be processed by third-party payment processors such as Stripe, Square, or another provider selected by Outbites or the restaurant. These processors may collect payment card details, billing information, transaction information, and fraud signals. Outbites does not need to store full payment card numbers to operate the Services. Payment processor privacy practices are governed by their own policies.

Sensitive Information

Some information may be considered sensitive under certain laws, such as precise location information, food allergy notes, dietary instructions, government or tax identifiers, biometric information from recorded calls or video meetings, or payment-related information. We use sensitive information only as reasonably necessary to provide the Services, comply with law, secure our platform, process payments, or as otherwise disclosed when collected.

Please do not provide sensitive information unless it is necessary for the transaction, service request, or restaurant interaction.

We do not use sensitive information to infer characteristics about you unless permitted by law and necessary for the Services. For example, if you include food allergy information in an order note, we use it to help communicate your request to the restaurant; we do not use it to build unrelated marketing profiles.

How We Use Information

  • Provide, operate, maintain, troubleshoot, and improve the Services.
  • Process orders, loyalty activity, restaurant onboarding, payments, and support requests.
  • Communicate with consumers, restaurants, prospects, applicants, vendors, and partners.
  • Personalize restaurant experiences, product recommendations, promotions, and content.
  • Send service messages, transactional notices, marketing emails, SMS messages, and updates.
  • Analyze usage, conversion, performance, reliability, and product quality.
  • Detect, investigate, and prevent fraud, spam, security incidents, and abuse.
  • Comply with legal obligations and enforce contracts, policies, and rights.
  • Carry out any other purpose disclosed when information is collected.

Legal bases where required

Where laws require a legal basis for processing, we process personal information based on one or more of the following: providing the Services or performing a contract, our legitimate interests in operating and improving a restaurant technology platform, compliance with legal obligations, consent where required, and protecting the rights, safety, and security of Outbites, restaurants, guests, and others.

How We Share Information

We do not sell personal information for money. We may share personal information in the following situations:

  • Restaurants and merchants: to fulfill orders, support loyalty programs, resolve disputes, provide reporting, and operate restaurant services.
  • Delivery providers and operational partners: to coordinate delivery, pickup, customer support, and order updates.
  • Vendors and service providers: for hosting, analytics, payment processing, communications, email, SMS, support, security, fraud prevention, and business operations.
  • Integration partners: such as POS, payment, marketing, analytics, or restaurant technology providers when needed to provide requested features.
  • Legal, safety, and compliance: when we believe disclosure is required by law, legal process, security needs, fraud prevention, or to protect rights, safety, and property.
  • Business transfers: in connection with a merger, financing, acquisition, reorganization, sale of assets, or similar transaction.
  • With consent or direction: when you ask us to share information or otherwise authorize the sharing.

SMS opt-in information is not sold, rented, or shared with unaffiliated third parties for their own direct marketing purposes.

When we process information for a restaurant, the restaurant may be the business or controller of that information and Outbites may act as a service provider, processor, or vendor. In those cases, we process the information according to our agreement with the restaurant and applicable law.

Restaurant Guest Information

If you place an order, join a loyalty program, redeem a reward, submit feedback, or otherwise interact with a restaurant through Outbites, information about that interaction may be available to the restaurant. This can include your contact details, order details, delivery or pickup instructions, loyalty activity, support requests, marketing preferences, and feedback.

Restaurants may use this information for their own operations, such as preparing orders, providing customer service, sending offers, analyzing sales, improving menus, and managing loyalty programs. Their handling of information may also be governed by their own privacy policies and practices.

Restaurant and Merchant Users

Restaurant owners, managers, staff, and other merchant users may use dashboards, apps, reports, ordering tools, website tools, marketing tools, loyalty tools, and integrations provided by Outbites. We may process account credentials, role permissions, activity logs, device information, support messages, billing information, tax or payout setup information, and settings configured by those users.

Merchant users are responsible for using the Services lawfully, including when uploading customer lists, sending marketing messages, connecting integrations, or giving staff access to customer or order information.

Marketing and Communications Choices

You may unsubscribe from promotional emails by using the unsubscribe link in those emails. You may opt out of SMS messages by following the instructions in the message, such as replying STOP where supported. Even after opting out of marketing messages, you may still receive transactional or service-related communications.

If you receive communications from a restaurant that uses Outbites, the restaurant may control certain communication preferences. You may need to contact that restaurant or follow the unsubscribe instructions in its messages.

Message and data rates may apply to SMS or mobile communications. Consent to marketing messages is not required as a condition of purchase. Transactional messages, such as order confirmations, account alerts, password resets, support replies, and important service notices, may still be sent when necessary even if you opt out of marketing.

Data Retention

We retain personal information for as long as reasonably necessary for the purposes described in this policy, including to provide the Services, maintain records, resolve disputes, prevent fraud, comply with legal obligations, enforce agreements, and support legitimate business needs. Retention periods vary based on the type of information, context, and applicable legal requirements.

For example, transaction and payment-related records may be retained for tax, accounting, chargeback, fraud prevention, or legal compliance purposes after an account or relationship ends.

If you request deletion, we will delete or deidentify information where required, but we may retain information when necessary for fraud prevention, security, legal compliance, tax or accounting records, unresolved disputes, chargebacks, backups, enforcing agreements, or completing transactions you requested. Backup copies may persist for a limited period before they are overwritten or deleted in the ordinary course.

Security

We use reasonable administrative, technical, and physical safeguards designed to protect personal information. However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

Third-Party Links and Services

The Services may link to third-party websites, apps, payment processors, delivery providers, POS systems, and other services. We are not responsible for the privacy practices of third parties. Please review their privacy policies before providing information to them.

Analytics and Advertising

We may use analytics and advertising tools to understand how people find and use Outbites, measure campaign performance, improve landing pages, and show relevant information about our products. These tools may collect information such as IP address, device identifiers, browser information, pages viewed, interactions, referring pages, and approximate location.

Some advertising or analytics activities may be considered "targeted advertising," "sharing," or similar concepts under certain privacy laws. Where required, you may have the right to opt out of those activities. Browser or device settings may also allow you to limit cookies, reset advertising identifiers, or restrict tracking.

User-Generated Content and Feedback

If you submit reviews, feedback, support messages, survey responses, testimonials, photos, or other content, we may process that content to provide support, improve the Services, investigate issues, and communicate with restaurants. Do not include sensitive personal information in reviews, public feedback, or optional form fields unless you intentionally want to provide it for the relevant purpose.

Fraud Prevention and Platform Safety

We may use personal information and technical signals to detect spam, fake orders, payment abuse, account compromise, scraping, credential attacks, fraudulent chargebacks, misuse of promotions, and other activity that could harm restaurants, guests, partners, or Outbites. These signals may include IP address, device information, order patterns, account activity, checkout behavior, failed login attempts, payment processor signals, and similar information.

We may restrict access, block transactions, require additional verification, preserve information, or share information with service providers, restaurants, payment processors, or law enforcement where appropriate to prevent or respond to fraud, security incidents, or abuse.

Children's Privacy

The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact us at support@outbites.com.

International Visitors

Outbites is intended primarily for users in the United States. If you access the Services from outside the United States, your information may be transferred to, stored in, or processed in the United States or other locations where we or our service providers operate.

Your Privacy Rights

Depending on where you live, you may have rights to request access to, correction of, deletion of, or portability of certain personal information. You may also have the right to opt out of certain uses, such as targeted advertising, sale or sharing as defined by applicable law, or certain profiling.

To make a privacy request, contact us at support@outbites.com. We may need to verify your identity before fulfilling a request. If we deny a request, you may appeal by replying to our decision email and asking us to reconsider.

How requests are verified

We may ask for information that allows us to reasonably verify your identity, account, email address, phone number, restaurant relationship, or state of residence. If you submit a request on behalf of someone else, we may ask for proof that you are authorized to act for that person.

Requests involving restaurant-controlled data

Some information is processed by Outbites on behalf of a restaurant. If your request relates to information controlled by a restaurant, we may direct you to that restaurant, notify the restaurant, or assist the restaurant in responding as required by applicable law and our agreements.

California Privacy Notice

If the California Consumer Privacy Act, as amended by the California Privacy Rights Act, applies to your information, this section provides additional disclosures. In the preceding 12 months, we may have collected identifiers, commercial information, internet or other electronic network activity, geolocation data, professional or employment-related information, sensitive personal information where necessary, and inferences drawn from those categories.

We may disclose these categories to service providers, restaurants, payment processors, analytics providers, marketing providers, integration partners, and other parties described in this Privacy Policy. We do not sell personal information for money. We may use advertising or analytics tools that could be considered "sharing" for cross-context behavioral advertising under California law. You may contact us to exercise applicable opt-out rights.

California residents have the right not to be discriminated against for exercising privacy rights. If you are an authorized agent, we may require proof of authorization and verification of the consumer's identity.

California categories disclosed for business purposes

Depending on your relationship with Outbites, we may disclose the following categories for business purposes: identifiers, commercial information, internet or network activity, geolocation information, professional or business information, audio or visual information, sensitive personal information where necessary, and inferences. The recipients may include restaurants, payment processors, hosting providers, communications vendors, analytics providers, customer support tools, security providers, fraud prevention vendors, integration partners, and professional advisors.

California sensitive personal information

We do not use or disclose sensitive personal information for purposes that would require a separate right to limit use under California law unless we provide a specific notice and choice. Sensitive information is used for purposes such as providing requested services, processing payments, maintaining security, preventing fraud, complying with law, and fulfilling restaurant or guest requests.

California minor content removal

If you are a California resident under 18 and have an account with us, you may request removal of content you posted to the Services by contacting us. Removal is not guaranteed when the law allows or requires us to retain the content, when the content has been copied or reposted by someone else, or when the content is not associated with your account.

Additional State Privacy Disclosures

Residents of states with comprehensive privacy laws, which may include California, Colorado, Connecticut, Delaware, Florida, Iowa, Indiana, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and other states, may have additional rights depending on the effective law and our relationship to the relevant information.

  • Right to know or access: you may ask whether we process personal information about you and request access to certain information.
  • Right to correct: you may ask us to correct inaccurate personal information, subject to verification and legal limitations.
  • Right to delete: you may ask us to delete personal information, subject to exceptions such as fraud prevention, security, legal compliance, and transaction records.
  • Right to portability: you may request a copy of certain personal information in a portable format.
  • Right to opt out: you may be able to opt out of sale, sharing, targeted advertising, or certain profiling where those rights apply.
  • Right to appeal: if we deny a request, you may appeal by replying to our decision or contacting us again with the word "Appeal" in the subject line.

We will not discriminate against you for exercising privacy rights. However, some Services may require certain information to function. For example, we cannot complete a delivery order without information needed to process and fulfill that order.

Nevada Privacy Notice

Nevada law allows Nevada residents to opt out of certain sales of covered information. Outbites does not currently sell covered information as defined by Nevada law. Nevada residents may still contact us at support@outbites.com with privacy questions or requests.

Privacy Request Metrics

Some laws require covered businesses to publish annual metrics about privacy requests. If Outbites becomes subject to those reporting requirements, we may publish metrics such as the number of access, deletion, correction, opt-out, and appeal requests received, fulfilled, denied, and the average response time.

Request type Requests received Requests fulfilled Average completion time
Access / know Not yet reported Not yet reported Not yet reported
Deletion Not yet reported Not yet reported Not yet reported
Correction Not yet reported Not yet reported Not yet reported
Opt-out / objection Not yet reported Not yet reported Not yet reported

Do Not Track

Some browsers offer "Do Not Track" signals. There is no consistent industry standard for responding to these signals, and we do not currently respond to them.

Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be posted on this page with a new updated date. If changes are material, we may provide additional notice as appropriate.

Contact Us

If you have questions about this Privacy Policy or want to exercise privacy rights, contact Outbites at support@outbites.com.