Privacy Policy

Foodash is operated by Enmaa AI (the "Company", "we", "us"), based in Dubai, United Arab Emirates. We provide the foodash restaurant point-of-sale and operations platform. We can be reached at foodash.ae@gmail.com.

To run your restaurant on foodash we collect:

• Account data: your name, restaurant name, email, phone, role, and (when added) staff names and roles.
• Operational data: orders, menu items, recipes, inventory levels, supplier records, purchase orders, loyalty stamps and customer enrolments you create inside the product.
• Payment metadata: subscription status, invoice history, and the last four digits of payment cards (processed by Stripe — we never see full card numbers).
• Usage data: pages visited, actions taken, error logs and basic device information used to keep the product working and secure.

Your operational database is hosted in Frankfurt (eu-central-1) by Supabase, encrypted at rest and in transit. This region was chosen to comply with the UAE Personal Data Protection Law (PDPL) and EU GDPR data-residency expectations. Backups run daily and are kept for thirty days.

We only share what is necessary to run the product:

• Stripe — payment processing.
• Supabase — database, auth and file storage.
• Vercel — application hosting and CDN.
• Anthropic, Google AI — the LLMs powering Dash agents (only the prompts you trigger).
• Resend — outbound email (invoices, password resets, supplier confirmations).
• Twilio — outbound WhatsApp alerts you opt in to.
• PostHog, Sentry — product analytics and error monitoring.

We do not sell your data, ever. We do not share customer or order data with third parties for advertising. We do not allow other restaurants to see your data.

You have the right to:

• Access and download all your data as CSV from your dashboard at any time.
• Correct or update your data through the product.
• Delete your account, which removes your operational data within thirty days (subject to legal retention requirements such as VAT records).
• Object to or restrict certain processing — email foodash.ae@gmail.com.

We use first-party cookies for authentication and basic preferences only. We do not use third-party tracking or advertising cookies.

Every page is served over HTTPS. Passwords are hashed with bcrypt and never stored in plain text. Service-role keys are kept in environment variables on Vercel and rotated periodically. We notify affected restaurants within 72 hours of any confirmed data incident, per UAE PDPL Article 9.

We may update this policy as the product evolves. Material changes will be announced inside the dashboard at least 14 days before they take effect. The current version always lives at foodash.ae/privacy.

Anything not clear? Email foodash.ae@gmail.com and a real person will answer within one UAE working day.