Privacy Policy — Bahiran Restaurant App

01

Introduction

This Privacy Policy applies to the Bahiran Restaurant App — the progressive web application used by restaurant partners to manage incoming orders, update their menu, control their open/closed status, track earnings, and interact with customers and drivers via the Bahiran Delivery platform.

As a restaurant, you are both a business entity and an account holder on our platform. We collect business-level and account-level data to operate the partnership. This policy explains what data we collect, how it is used, and how it is protected.

🏪 Restaurant accounts require admin approval before going live on the platform. Your location coordinates are used to match your restaurant to nearby customers and drivers.

02

Data We Collect

We collect the following data from restaurant accounts:

🏢

Business Identity

Restaurant name, phone number, email address (optional), logo image, physical address, and business description.

📍

Location

GPS coordinates of your restaurant location (2dsphere geo-indexed). Used for nearby search and delivery routing.

🍕

Menu Data

All menu items including names, descriptions, prices, categories, availability status, photos, and packaging fee flags.

📋

Order Activity

All orders received, their status, items, pricing, and order timestamps. Full order history.

💰

Earnings & Wallet

Wallet balance (ETB), total earnings, packaging fee configuration, and withdrawal history.

⭐

Ratings

Customer ratings received, cumulative rating sum, total number of ratings, and average score.

🕐

Operating Hours

Configured opening and closing times, current open/closed status, and accepting-orders flag.

📱

Device & Session

Device platform, device ID fingerprint, and FCM push tokens registered per logged-in device.

🍳

Cuisine Tags

Cuisine category labels (e.g., Ethiopian, Italian, Fast Food) used to categorize your restaurant for customers.

🔐

Authentication

Hashed password (bcrypt), JWT tokens, phone verification status, approval status, and ban status.

03

How We Use Your Data

Purpose	Data Used	Legal Basis
Displaying your restaurant to nearby customers	Name, location, cuisine, menu, logo, hours, ratings	Contract performance
Receiving and managing orders	Menu items, prices, order history, availability status	Contract performance
Coordinating driver pickup	Restaurant address, location coordinates	Contract performance
Earnings tracking and wallet management	Order totals, fees, wallet balance	Contract performance
Withdrawal processing via Chapa	Wallet balance, bank/mobile payment info	Contract performance
Restaurant approval and vetting	Identity, address, phone verification	Legal obligation / Legitimate interest
Showing customer-facing ratings	Rating average and count	Legitimate interest
Push notifications (new orders)	FCM tokens, device platform	Consent / Legitimate interest
Fraud prevention and policy enforcement	Account data, behavior, ban status	Legitimate interest

04

Location Data

Your restaurant's GPS coordinates are stored in MongoDB with a 2dsphere geo-index, enabling:

Customers to find your restaurant when searching for food near their delivery address
Drivers to navigate to your restaurant for order pickup
The platform to calculate delivery fees based on restaurant-to-customer distance
Discovery features such as "restaurants near me" in the User App

Your location is static (set during registration) and is not continuously tracked like driver locations. You may update your location by contacting support.

05

Menu & Pricing Data

Your full menu — including item names, descriptions, prices, categories, photos, availability, and packaging fee settings — is stored and displayed publicly to customers browsing the Bahiran User App. This is the nature of a marketplace listing:

Menu data is visible to all Bahiran customers and is considered public business information
Menu item photos are stored on Cloudinary and served via CDN
Packaging fees (per-item ETB charge) are configured by you and disclosed to customers at checkout
You can add, edit, or remove menu items at any time from the Restaurant App

06

Earnings, Wallet & Withdrawals

Revenue generated from orders flows into your in-app wallet (ETB balance). When you request a withdrawal:

Withdrawal requests are processed via Chapa Transfer
Your bank account or mobile money details are transmitted to Chapa to process the payout
Bahiran deducts applicable platform fees per the restaurant partner agreement before transfer
VAT (15%) is applied to applicable order components per Ethiopian tax law
All financial transactions are logged and retained for accounting and dispute resolution

07

Push Notifications

We use Firebase Cloud Messaging (FCM) to notify restaurants of:

New incoming orders requiring acceptance
Order updates and cancellations from customers
Driver arrival for pickup
Wallet credits and payment confirmations
Account status changes (approval, suspension, policy updates)

The Restaurant App supports multiple devices per account. Each device's push token is registered separately. Tokens are removed on logout.

08

Third-Party Services

Service	Purpose	Data Shared
Chapa Transfer	Revenue payout to restaurant	Wallet balance, bank/mobile details
Firebase (Google)	Push notifications	Device push tokens
Cloudinary	Logo and menu item photo storage	Restaurant and food images
AfroMessage	SMS OTP verification	Phone number, OTP
Google Maps	Map display for location and routing	Restaurant coordinates
Redis (RedisLabs)	Order queue caching, session management	Session tokens (encrypted)

We do not sell restaurant data to third parties for marketing purposes.

09

Restaurant Approval & Account Status

New restaurant accounts must be reviewed and approved by Bahiran administrators before going live. During this process:

Your business identity, contact details, location, and phone verification are reviewed
Upon approval, your restaurant becomes discoverable to customers on the platform
Restaurants may be temporarily suspended (isOpen: false / acceptingOrders: false) or banned for policy violations
You will be notified of status changes via push notification and SMS

10

Data Retention

Account & business profile — retained while account is active; deleted within 30 days of deletion request
Order history — retained for up to 3 years for dispute resolution
Financial & withdrawal records — retained for 5 years per Ethiopian financial and tax regulations
Menu data and photos — deleted when account is deleted (Cloudinary assets purged)
Push notification tokens — removed when you log out of a device
Technical logs — retained for 90 days

11

Your Rights

👁️

Access

Request a copy of your restaurant account data and order history

✏️

Correction

Update your business name, menu, hours, location, or contact info in-app

🗑️

Deletion

Request account and data deletion (subject to financial record retention requirements)

📤

Portability

Request your menu and order data in a machine-readable format

🔕

Notifications

Disable push notifications from your device settings

🚫

Object

Object to processing based on legitimate interests by contacting us

12

Security

Passwords hashed with bcrypt (12 salt rounds) — never stored in plain text
All API communication encrypted via HTTPS/TLS
JWT access tokens expire in 15 minutes; refresh tokens in 30 days
Rate limiting on authentication and sensitive endpoints
SMS OTP verification for account registration and recovery
Admin approval gating prevents unauthorized public restaurant listings

13

Changes to This Policy

We may update this Privacy Policy when our data practices change. Material changes affecting restaurant partners will be communicated via in-app notification and SMS at least 7 days in advance. Continued use of the Restaurant App after the effective date constitutes acceptance.

14

Contact Us

Questions about restaurant data?

Reach the Bahiran Delivery privacy team at Gebeta Tech.

✉️ bahiran@gebetatech.com

Bahiran Restaurant AppPrivacy Policy