Tap2Eat
← Back to Home Sign In

Legal

Privacy Policy

Last updated: 06 June 2026

POPIA Compliant HK Data Solutions Pty Ltd · Reg 2016/352497/07

HK Data Solutions Pty Ltd

Registration No. 2016/352497/07 · Operating as Tap2Eat

This policy applies to all users of the Tap2Eat platform, including restaurant operators and their customers.

1 Introduction

HK Data Solutions Pty Ltd (“we”, “us”, or “our”), registration number 2016/352497/07, operates the Tap2Eat platform (“the Service”). We are committed to protecting your personal information in accordance with the Protection of Personal Information Act, 4 of 2013 (POPIA) and any other applicable South African privacy legislation.

This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and what rights you have in relation to that information. By using the Service, you acknowledge that you have read and understood this policy.

2 Who This Policy Applies To

This policy applies to:

  • Restaurant operators — businesses that register and use Tap2Eat to manage WhatsApp-based ordering.
  • End customers — individuals who place orders through a restaurant’s WhatsApp ordering channel powered by Tap2Eat.
  • Visitors — anyone who visits our website at tap2eat.co.za.

3 Information We Collect

3.1 Restaurant Operators

When you register and use Tap2Eat as a restaurant operator, we collect:

  • Business name, registration details, and address
  • Contact name, email address, and phone number
  • WhatsApp Business Account details and phone number
  • Menu content (categories, items, pricing, images)
  • Billing and payment information processed via PayFast
  • Order history and sales data generated through the platform
  • Login credentials (email address and hashed password)

3.2 End Customers

When a customer interacts with a Tap2Eat-powered ordering channel, we collect:

  • WhatsApp phone number (provided automatically by Meta via the WhatsApp Business Cloud API)
  • Order details including items selected, quantities, and special instructions
  • Conversation history within the ordering session
  • Any name or contact details provided voluntarily during the ordering process

3.3 Website Visitors

  • Contact form submissions (name, email address, message)
  • Standard web server logs (IP address, browser type, pages visited)

4 How We Use Your Information

We use personal information only for the purposes for which it was collected or for compatible purposes, including:

  • Providing, operating, and improving the Tap2Eat platform
  • Processing and fulfilling orders placed through the Service
  • Communicating with restaurant operators about their accounts, billing, and support
  • Sending transactional messages (order confirmations, status updates) via WhatsApp
  • Billing and subscription management
  • Preventing fraud, abuse, and unauthorised access
  • Complying with legal obligations
  • Analytics and service improvement (using aggregated, anonymised data where possible)

We do not sell personal information to third parties, nor do we use it for unsolicited marketing without explicit consent.

5 Legal Basis for Processing

Under POPIA, we process personal information on the following grounds:

  • Contract performance — processing necessary to provide the Service to restaurant operators and deliver orders to customers.
  • Legitimate interests — platform security, fraud prevention, and service improvement.
  • Legal obligation — compliance with South African law.
  • Consent — where we rely on consent (e.g. marketing communications), you may withdraw it at any time.

6 Third-Party Services

We work with the following third-party service providers who may process personal information on our behalf:

Provider Purpose Location
Meta (WhatsApp Business Cloud API) Delivery of WhatsApp messages and ordering flows USA (Meta Platforms, Inc.)
PayFast Payment processing for restaurant subscriptions South Africa
Hosting / Cloud Infrastructure Platform hosting, database storage, and email delivery South Africa / EU

Where personal information is transferred outside South Africa (such as to Meta), we take reasonable steps to ensure it is adequately protected in accordance with POPIA Section 72.

7 Data Retention

We retain personal information for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Restaurant accounts — retained for the duration of the subscription and for a period of 5 years thereafter for legal and accounting purposes.
  • Order data — retained for a minimum of 5 years for business record-keeping.
  • Customer WhatsApp sessions — active session data is cleared upon order completion or inactivity. Message logs may be retained for up to 12 months.
  • Contact form submissions — retained for up to 12 months.

When personal information is no longer required, it is securely deleted or anonymised.

8 Security

We implement appropriate technical and organisational measures to protect personal information against unauthorised access, loss, destruction, or alteration. These include encrypted data transmission (HTTPS/TLS), hashed password storage, access controls, and regular security reviews.

While we take reasonable precautions, no method of transmission over the internet is completely secure. We encourage you to contact us immediately if you suspect any unauthorised use of your information.

9 Your Rights Under POPIA

As a data subject, you have the right to:

  • Access — request a copy of the personal information we hold about you.
  • Correction — request that inaccurate or incomplete information be corrected.
  • Deletion — request deletion of your personal information, subject to legal retention requirements.
  • Objection — object to the processing of your personal information in certain circumstances.
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.
  • Lodge a complaint — lodge a complaint with the Information Regulator of South Africa if you believe your rights have been infringed.

To exercise any of these rights, contact us at privacy@tap2eat.co.za. We will respond within a reasonable timeframe and no later than 30 days.

10 Information Regulator

You have the right to complain to the Information Regulator of South Africa if you are unhappy with how we have handled your personal information:

Information Regulator (South Africa)

Website: inforegulator.org.za

Email: inforeg@justice.gov.za

11 Cookies and Tracking

Our website uses session cookies and CSRF tokens strictly necessary for security and platform functionality. We do not use advertising or tracking cookies. No third-party analytics scripts are loaded without your knowledge.

12 Children’s Privacy

The Tap2Eat Service is not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us and we will promptly delete it.

13 Changes to This Policy

We may update this Privacy Policy from time to time. We will notify restaurant operators of material changes via email or an in-platform notice. The “last updated” date at the top of this page will always reflect the most recent version. Continued use of the Service after changes are published constitutes acceptance of the updated policy.

14 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal information, please contact us:

HK Data Solutions Pty Ltd (trading as Tap2Eat)

Registration No. 2016/352497/07

Email: privacy@tap2eat.co.za

General: info@tap2eat.co.za