Privacy Policy

This Privacy Policy describes how Tabeyoyo handles personal information when you use our websites, apps, APIs, and related services for customer ordering, merchant operations, and platform administration.

Tabeyoyo operates a multi-tenant platform. Access to merchant data is scoped by business membership and role, and customers may interact with multiple businesses through separate contracts.

Service availability, features, and regulatory obligations may vary by jurisdiction. Additional regional notices may apply as Tabeyoyo expands into new markets.

We collect information you provide directly, including name, email, phone number, account credentials, profile details, business details, support messages, and other content you submit.

We collect transaction and operations data, including orders, subscriptions, invoices, payment metadata, delivery preferences, contact records, and account or tenant identifiers needed to operate the platform.

We collect technical and security data such as device/browser details, IP address, precise geolocation data when device permissions are granted, log events, session telemetry, and fraud or abuse signals.

If you grant device permissions, we may collect precise geolocation to support delivery or pickup coordination, localization, fraud prevention, and security operations.

You can disable location permissions through your device or browser settings. If precise location is not available, we may still use approximate location signals such as IP-derived region data for security and service operation.

Some meal preferences or order details may reveal sensitive information, including dietary restrictions, allergies, or other health-related inferences. Precise geolocation may also be treated as sensitive data in certain jurisdictions. Please avoid sharing unnecessary sensitive data.

By voluntarily submitting dietary, allergy, or other health-related information through the services, you provide consent for our processing of that information for order facilitation, safety handling, and related operational purposes, subject to applicable law. Where law requires express affirmative consent for specific processing, we rely on that consent flow before processing. You may withdraw consent where legally available; withdrawal applies prospectively and may limit features that rely on this information.

If we publish a separate Consumer Health Data notice for jurisdictions that require a distinct notice format, that notice supplements this policy and governs covered data processing for those users.

We do not use geofencing technology within 2,000 feet of healthcare facilities to identify consumers for targeted health-data collection or advertising purposes.

We do not intentionally collect biometric identifiers or biometric information (for example, face geometry templates) unless explicitly disclosed for a specific feature and processed under legally required notice and consent controls.

If data we process is classified as consumer health data under applicable law, including Washington My Health My Data Act scenarios, we process it according to applicable consent, access, deletion, and disclosure requirements, and do not sell consumer health data for monetary consideration.

We use personal information to provide and improve services, authenticate users, authorize role-based access, process orders and payments, manage subscriptions, provide support, and communicate service updates.

We use data to secure the platform, detect and prevent fraud, policy abuse, and unauthorized access, enforce our Terms of Service, and maintain service reliability and auditability.

We may use aggregated or de-identified data for analytics, capacity planning, and product improvement where permitted by law.

We share information with service providers that support hosting, authentication, storage, payments, messaging, analytics, customer support, and security operations under contractual restrictions.

We share necessary order and customer data with the specific merchant business involved in a transaction so that the business can prepare, fulfill, and support that order. Merchants may only use data for authorized business purposes.

Text messaging originator opt-in data and consent records are not shared with third parties for their independent marketing or promotional use.

We may disclose information when required by law, legal process, safety obligations, or to protect rights, security, and operations of Tabeyoyo, users, merchants, or the public.

We may disclose information in connection with a merger, financing, acquisition, bankruptcy, or similar transaction, subject to legal safeguards.

We and our service providers use cookies and similar technologies for authentication, security, fraud prevention, analytics, and service performance.

We do not sell personal information for money. Some data disclosures for analytics or ad measurement may be treated as sharing or cross-context behavioral advertising under certain state privacy laws. Where required, we provide opt-out controls for those disclosures.

We retain personal information for as long as reasonably necessary for service delivery, contractual obligations, legal compliance, dispute resolution, security investigations, and legitimate business operations.

Retention periods vary by data type and legal requirement. When retention is no longer required, we delete or de-identify data using reasonable technical and organizational controls.

We use administrative, technical, and physical safeguards designed to protect personal information, including access controls, role-based authorization, tenant scoping controls, monitoring, and logging.

No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we continually improve controls to reduce risk.

Depending on where you live, you may have rights to request access, correction, deletion, portability, and information about disclosure practices, and may have rights to opt out of certain processing.

For requests, contact support@tabeyoyo.com. We may verify identity and request scope details before processing your request. Authorized agents may submit requests where permitted by law.

Where applicable (including under California law), requests to opt out of sale or sharing may be submitted through available controls, and we honor Global Privacy Control signals where legally required and technically applicable for the browser or device.

Where required by law, we provide notice-level information about categories of personal information collected, disclosure categories, and processing purposes.

Where required by law, you may request review of significant automated decision outcomes and submit an appeal for account or fraud-enforcement determinations.

Our services are not directed to children under 13, and we do not knowingly collect personal information from children under 13 without legally required consent.

If you believe a child provided personal information in violation of this policy, contact us so we can investigate and take appropriate action.

If you access services from outside the United States, your information may be transferred to and processed in the United States or other jurisdictions where we or our service providers operate.

Where required, we use contractual or other legally recognized transfer safeguards.

Where EEA or UK data protection law applies, we process personal data under legally recognized bases, including performance of a contract, legitimate interests, legal obligations, and consent where required.

Eligible individuals may have rights to object, restrict processing, and lodge complaints with a competent supervisory authority in their jurisdiction, in addition to other rights listed in this policy.

We may publish region-specific privacy supplements or notices when local law requires additional disclosures, choices, or rights.

If a regional supplement applies to you and conflicts with this policy, the regional supplement controls for that jurisdiction-specific processing.

Nothing in this policy limits non-waivable privacy rights provided by applicable law.

We may update this Privacy Policy from time to time. We will update the effective date and provide additional notice for material changes when required by law.

Your continued use of the services after updates become effective means the updated policy applies to future processing, subject to applicable law.

For privacy requests, complaints, or questions, contact support@tabeyoyo.com. Include enough detail for us to verify your request and respond efficiently.

For formal legal correspondence related to privacy rights, identify your jurisdiction and requested right category in your message subject line.