Privacy Policy

Effective date: 1 September 2025

Mangalore Kitchen (“we,” “us,” or “our”) is committed to protecting your privacy. This Policy explains what personal information we collect, how we use it, who we share it with, and the choices you have. It applies to our website, social media pages, WhatsApp/phone interactions, delivery and catering services, and any related online/offline touchpoints.

1) What information we collect

  • Identity & contact: name, phone number, email, delivery/billing address.

  • Order & service data: items ordered, catering requirements (guest count, venue details, event date/time), special preferences/allergies you choose to share.

  • Payment data: payment method, transaction IDs, amount, and status. We do not store full card/UPI credentials; payments are handled by certified gateways.

  • Technical data (online): device/browser, IP address, cookie identifiers, pages viewed, referral links, approximate location (from your device/network).

  • Communications: messages or calls on WhatsApp/phone, emails, support tickets, feedback/reviews.

  • Optional offline data: if you visit our premises, basic visitor details or CCTV footage for safety (where applicable and sign-posted).

2) Why we use your information (purposes)

  • Provide services: take and fulfill orders, plan and deliver catering, process payments, send confirmations/ETAs/invoices.

  • Customer support: respond to queries, complaints, refund or replacement requests.

  • Improvements & security: troubleshoot, analytics, quality control, fraud and abuse prevention.

  • Marketing (with consent/legitimate interest): offers, festival menus, surveys, loyalty updates via SMS/WhatsApp/email; you can opt out anytime.

  • Legal & compliance: taxation, accounting, and responding to lawful requests.

3) Legal bases / our grounds for processing

Depending on context, we rely on one or more of: your consent, performance of a contract (to fulfill your order), legitimate interests (to run, secure, and improve our services), and legal obligations (tax and records retention). We follow India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable platform rules.

4) Cookies & analytics

We may use cookies and similar technologies to:

  • keep you signed in, remember cart items and preferences,

  • measure site performance and detect issues,

  • run analytics and ad measurement (e.g., Google Analytics/Ads, Meta).
    You can manage cookies in your browser settings. If required, our site will present a cookie banner for consent.

5) Who we share information with (limited, purpose-based)

  • Payment processors/gateways: to complete transactions (PCI-DSS compliant).

  • Delivery & logistics partners: to deliver orders (name, phone, address, order notes).

  • Event/catering partners or venues: only where needed for your event.

  • IT/hosting, marketing, and analytics vendors: to operate our website, communications, and analytics.

  • Law/regulators: if required to comply with applicable law or enforce our rights.
    We do not sell personal information.

6) International transfers

Some vendors or servers may be located outside India. Where we transfer data internationally, we take reasonable steps so that your information receives an equivalent level of protection.

7) Data security

  • Enforced HTTPS; encryption in transit and at rest where supported.

  • Restricted, role-based access; MFA for admin systems; staff confidentiality and periodic training.

  • Gateway-handled payments; we never store full card numbers, CVV, or UPI PINs.

8) Data retention

We keep data only as long as necessary for the purpose collected:

  • Orders & invoices: retained for legal/tax periods (typically up to 7 years).

  • Catering/event records: for service history and re-bookings (customary 2–3 years unless you ask us to delete earlier, subject to law).

  • Marketing consents & logs: until you opt out or for periods permitted by law.
    When no longer needed, we delete or anonymize information.

9) Your choices & rights

Subject to law, you may:

  • Access the personal data we hold about you;

  • Correct inaccurate or incomplete data;

  • Delete your data (where permissible);

  • Withdraw consent for marketing or specific processing;

  • Nominate another person to exercise your rights under the DPDP Act.
    To exercise these rights, contact us (details below). We aim to respond within a reasonable timeframe.

10) Communications preferences

  • WhatsApp/SMS/email: You’ll receive service messages (order confirmations, delivery updates). Marketing messages are optional; opt out any time by replying “STOP” on SMS/WhatsApp or using the unsubscribe option in email.

  • Delivery apps & platforms: Your use of third-party apps (e.g., food delivery) is also governed by their privacy terms.

11) Children’s privacy

Our services are intended for general audiences. If you believe a minor provided personal data without appropriate consent, please contact us to remove it.

12) Links to other sites

Our website and social pages may link to third-party sites. Their privacy practices are their own; please review their policies.

13) Changes to this Policy

We may update this Policy from time to time. Material changes will be highlighted on our website and will include a new “Effective date.”

Contact & Grievance Redressal

Email: srikanthbandya123@gmail.com
Phone/WhatsApp: +91 98806 50539

If you have questions, requests, or a privacy complaint, please contact us using the details above. We will work to resolve your concern promptly in accordance with applicable law.