Privacy Policy

Last Updated: August 8, 2025

1. INTRODUCTION

Bayjo ("we," "our," or "us") is committed to protecting your privacy and ensuring transparency about how we collect, use, and protect your personal information. This Privacy Policy explains our data practices for the Bayjo platform, which connects college students with local home cooks for food ordering and delivery services.

This policy applies to all users of the Bayjo platform, including customers and chefs (home cooks), whether accessing our service through mobile applications or web interfaces.

2. INFORMATION WE COLLECT

2.1 Account Information

When you create an account, we collect:

• Full name and display name
• Email address
• Phone number
• Password (encrypted and stored securely through Firebase Authentication)
• Profile verification status
• Account creation and last login timestamps

2.2 Chef-Specific Information

For home cook vendors, we additionally collect:

• Business/cooking experience details
• Food safety certifications and permits
• Kitchen location and service areas
• Banking and payout information for payments
• Menu items, descriptions, pricing, and food photography
• Cooking specialties and dietary accommodation capabilities

2.3 Customer Information

For customers, we collect:

• Delivery addresses and location preferences
• Dietary restrictions and allergies
• Order history and food preferences
• Contact preferences for order updates

2.4 Order and Transaction Data

For all platform transactions, we collect:

• Order details including items, quantities, and special instructions
• Payment information (processed securely through integrated payment providers)
• Delivery addresses and contact information
• Order timestamps and fulfillment status
• Communication between customers and chefs
• Order ratings and reviews

2.5 Usage and Analytics Data

Through Firebase Analytics and our platform, we collect:

• App usage patterns and feature interactions
• Device information (type, operating system, unique identifiers)
• IP addresses and general location data
• Performance metrics and crash reports
• Time spent on different platform sections
• Search queries and browsing behavior

2.6 Communication Data

We store communications made through our platform:

• In-app messages between customers and chefs
• Customer service interactions
• Order-related communications and updates
• Feedback and support requests

3. HOW WE USE YOUR INFORMATION

3.1 Core Platform Services

• Order Processing: Facilitating food orders between customers and chefs
• Payment Processing: Handling secure transactions and chef payouts
• Communication: Enabling customer-chef communication for orders
• Delivery Coordination: Managing pickup and delivery logistics
• Account Management: Maintaining user profiles and preferences

3.2 Chef Business Tools

• Analytics Dashboard: Providing performance metrics and revenue tracking
• Menu Management: Supporting menu item creation and availability updates
• Order Management: Real-time order tracking and status updates
• Financial Reporting: Revenue analytics and payout management

3.3 Platform Improvement

• Service Enhancement: Analyzing usage patterns to improve functionality
• Quality Assurance: Monitoring service quality and user satisfaction
• Security Monitoring: Detecting and preventing fraudulent activity
• Technical Support: Troubleshooting and resolving user issues

3.4 Marketing and Communications

• Order Updates: SMS and email notifications about order status
• Promotional Content: Marketing communications (with consent)
• Platform Updates: Important service announcements and changes
• Customer Support: Responding to inquiries and providing assistance

4. LEGAL BASIS FOR DATA PROCESSING

We process your personal information based on:

• Contract Performance: To provide services you've requested
• Legitimate Interests: To improve our platform and prevent fraud
• Legal Compliance: To meet regulatory and tax obligations
• Consent: For marketing communications and optional features

5. DATA SHARING AND DISCLOSURE

5.1 Information Shared with Other Users

Customers can see:

• Chef profiles, names, and cooking specialties
• Menu items, descriptions, and pricing
• Chef ratings and reviews from other customers
• General location/service area information

Chefs can see:

• Customer names and contact information for orders
• Delivery addresses for confirmed orders
• Order details and special instructions
• Customer ratings and feedback

5.2 Third-Party Service Providers

We share data with trusted partners who help operate our platform:

5.3 Legal Requirements

We may disclose information when required by law:

• Court orders, subpoenas, or legal processes
• Government investigations or regulatory requests
• Emergency situations involving safety threats
• Compliance with tax and financial regulations

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of the business transaction, subject to the same privacy protections.

6. DATA SECURITY MEASURES

6.1 Technical Safeguards

• Encryption: Data encrypted in transit and at rest using industry standards
• Firebase Security: Leveraging Google's enterprise-grade security infrastructure
• Access Controls: Role-based access restrictions and authentication requirements
• Regular Updates: Keeping security systems and software current

6.2 Operational Security

• Employee Training: Staff educated on privacy and security best practices
• Access Monitoring: Logging and monitoring of data access activities
• Incident Response: Procedures for addressing security breaches
• Vendor Management: Security requirements for third-party providers

6.3 Payment Security

• PCI Compliance: Following Payment Card Industry security standards
• Tokenization: Sensitive payment data replaced with secure tokens
• Fraud Detection: Monitoring for suspicious transaction patterns
• Secure Transmission: Encrypted payment processing channels

7. DATA RETENTION

7.1 Active Accounts

• Account information retained while accounts remain active
• Order history maintained for business and tax purposes
• Communication logs stored for customer service needs
• Analytics data aggregated and anonymized over time

7.2 Inactive Accounts

• Account data retained for 3 years after last activity
• Financial records maintained per legal requirements (typically 7 years)
• Marketing data deleted after 2 years of inactivity
• Anonymized analytics data may be retained indefinitely

7.3 Deletion Requests

• Users may request account deletion at any time
• Personal data removed within 30 days of verified requests
• Some data may be retained for legal compliance
• Anonymized data may remain in aggregated analytics

8. YOUR PRIVACY RIGHTS

8.1 Access and Portability

• Request copies of your personal information
• Download your order history and account data
• Receive data in commonly used digital formats

8.2 Correction and Updates

• Update your profile information at any time
• Correct inaccurate personal data
• Request correction of order or payment information

8.3 Deletion and Restriction

• Delete your account and associated data
• Request restriction of certain data processing
• Opt out of marketing communications

8.4 Objection Rights

• Object to data processing for marketing purposes
• Withdraw consent for optional data uses
• Opt out of automated decision-making where applicable

9. CHILDREN'S PRIVACY

Bayjo is intended for users 18 years and older. We do not knowingly collect personal information from children under 13. If we discover we have collected information from a child under 13, we will delete it immediately. Users between 13-17 require parental consent to use our service.

10. INTERNATIONAL DATA TRANSFERS

Your information may be processed and stored in countries other than your own, including the United States where our cloud infrastructure providers operate. We ensure appropriate safeguards are in place for international transfers, including:

• Adequacy decisions by relevant authorities
• Standard contractual clauses
• Provider certifications (such as Privacy Shield successors)

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies Used

• Essential Cookies: Required for platform functionality
• Analytics Cookies: To understand usage patterns and improve service
• Preference Cookies: To remember your settings and preferences
• Marketing Cookies: For targeted advertising (with consent)

11.2 Managing Cookies

• Browser settings allow cookie management
• Opt-out options available for non-essential cookies
• Mobile app settings for tracking preferences
• Third-party opt-out tools where applicable

12. THIRD-PARTY LINKS AND INTEGRATIONS

Our platform may contain links to external websites or integrate with third-party services. This Privacy Policy does not cover third-party practices. We encourage users to review the privacy policies of any external sites or services they access.

13. PRIVACY POLICY UPDATES

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will:

• Notify users of material changes via email or platform notices
• Post updated policies with clear version dates
• Provide transition periods for significant changes
• Maintain archives of previous policy versions

14. REGIONAL PRIVACY CONSIDERATIONS

14.1 California Residents (CCPA)

California residents have additional rights including:

• Right to know what personal information is collected
• Right to delete personal information
• Right to opt out of sale of personal information
• Right to non-discrimination for exercising privacy rights

15. CONTACT INFORMATION

15.1 General Privacy Inquiries

16. EFFECTIVE DATE

This Privacy Policy is effective as of August 8, 2025, and applies to all information collected by Bayjo from that date forward.

By using the Bayjo platform, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and sharing of your information as described herein.