← Back

Privacy Policy

Effective April 28, 2026

Who we are

Domaci ("we", "us") is a hospitality platform that lets cafes and restaurants ("cafes") accept orders and table bookings online and through a mobile app. This policy explains what personal data we collect when you use the platform, how we use it, and your rights.

TODO: legal entity name, registered address, and company number must be filled in before this page goes live.

What we collect

  • Account information — name, email, phone (if you provide one), and password hash.
  • Order information — items ordered, delivery address (if delivery), order notes, total price, payment status.
  • Booking information — date, time, party size, location, any notes you add.
  • Payment information — handled directly by our payment processor (Monri); we never see or store your full card number. We retain a transaction id and status.
  • Device and usage data — push notification token (mobile), basic session cookies on the web, and standard server logs (IP, user agent, request paths).

How we use it

  • To create and authenticate your account.
  • To place, fulfill, and update you about orders and bookings.
  • To send transactional email (order receipts, status updates) and push notifications.
  • To prevent fraud, abuse, and to comply with legal obligations.
  • To improve the platform — aggregated, non-identifying analytics only. We don't sell your personal data.

Cafes you order from

When you order from a cafe through Domaci, that cafe receives the information needed to prepare and fulfill your order: your name, contact details, the items you ordered, any notes, and (for delivery) your delivery address. Each cafe is an independent business and uses your information to serve you. Cafes may also have their own privacy practices.

Service providers we share data with

  • Supabase — database and authentication. EU/US regions; data processing agreement in place.
  • Vercel — application hosting and edge infrastructure.
  • Resend — transactional email delivery.
  • Monri — payment processing. Card data flows directly between you and Monri; we receive only the transaction outcome.
  • Expo Push — mobile push notification delivery.

We don't share your data with anyone else without your consent, except where required by law.

How long we keep it

We keep account and order records for as long as your account is active and for a reasonable period afterwards to satisfy tax, accounting, and dispute-resolution obligations (typically up to 7 years for financial records). You can request deletion of your account at any time.

Your rights

Depending on where you live (notably under GDPR in the EU/EEA and equivalent laws elsewhere), you have the right to access, correct, delete, or export your personal data, and to object to or restrict certain processing. To exercise any of these rights, email us at privacy@domaci.me.

You can also delete your account directly from the mobile app under Settings → Delete Account.

Cookies

We use a small number of essential cookies to keep you signed in and to remember your cart between visits. We don't use advertising or cross-site tracking cookies.

Children

Domaci is not intended for children under 13 (or the equivalent minimum age in your country). We don't knowingly collect personal data from children. If you believe a child has provided us with personal data, contact us and we'll remove it.

Changes to this policy

If we make material changes we'll update the effective date above and, where appropriate, notify you by email or in-app.

Contact

Questions or requests: privacy@domaci.me.