Home
Individuals
Restorer
Home

Privacy Policy

Privacy Policy

Last updated: 2026-04-30

This policy describes how Dine In collects, uses and protects your personal data, in compliance with the Saudi Personal Data Protection Law (PDPL).

1. Data we collect

  • Phone number (for authentication)
  • First name, gender, date of birth (for personalization)
  • Order, reservation and payment history at participating restaurants
  • Optional feedback you submit after a meal

    • 2. How we use your data

  • To authenticate you via SMS verification codes
  • To process and display your reservations, orders and invoices
  • To allow restaurants to deliver service personalized to your preferences and allergies
  • To comply with tax and legal obligations

    • 3. Sharing

    Order and reservation data is shared with the restaurant where you placed the order. We do not sell your personal data to third parties.

    4. Retention

  • Profile data: until you delete your account
  • Tax-related order, payment and invoice data: 6 years (legal requirement)
  • After deletion, your historical orders and payments remain in anonymized form

    • 5. Your rights

    Under PDPL you may:

  • Access and export your data — available from your account dashboard
  • Delete your account — available from your account dashboard
  • Rectify any inaccurate data — by contacting support

    • 6. Security

    Verification codes are issued through Twilio. Sessions are protected by signed JWT cookies (HttpOnly, SameSite=Lax). Data is stored in databases hosted in compliant infrastructure.

    7. Contact

    For any privacy-related question or to exercise your rights, contact privacy@dinein.sa.