Privacy Policy

Last updated: [Month Day, 2026]

This Privacy Policy explains how Foqira (“Foqira,” “Restaurant OS,” “we,” “us,” or “our”) collects, uses, discloses, stores, and protects personal information when you visit our website, submit an early access application, book a demo, contact us, or otherwise interact with Restaurant OS.

Restaurant OS is a product by Foqira designed to help restaurants launch direct ordering, bookings, payments, and kitchen/admin workflows through their own website.

This Privacy Policy is intended to address privacy requirements applicable to visitors and business contacts in Poland, the European Economic Area, the United Kingdom, Canada, the United States, and other jurisdictions where our website may be accessed.

By using our website or submitting information to us, you acknowledge that you have read this Privacy Policy.

Controller / Organization responsible for your information:

Foqira / Restaurant-OS Email: foqira.info@gmail.com Website: foqira.com Business location: Poland, European Union

Foqira operates from Poland and is subject to the General Data Protection Regulation (GDPR) as an entity established within the European Union. The competent lead supervisory authority for Foqira is the Polish data protection authority:

Urząd Ochrony Danych Osobowych (UODO) Website: uodo.gov.pl Address: ul. Stawki 2, 00-193 Warsaw, Poland Phone: +48 22 531 03 00

For users in the United Kingdom, the relevant supervisory authority is the Information Commissioner’s Office (ICO), reachable at ico.org.uk.

UK Representative: Because Foqira does not have a physical establishment in the United Kingdom, we have designated a UK representative for the purposes of Article 27 UK GDPR: [Name and contact details of UK Representative — to be completed]

This Privacy Policy applies to information collected through:

• Our website
• Early access application forms
• Demo request forms
• Contact forms
• Email communications
• Analytics and website usage tools
• Marketing or product update signups
• Business communications related to Restaurant OS

This Privacy Policy does not apply to third-party websites, platforms, payment processors, hosting providers, email providers, analytics providers, or other external services that have their own privacy policies.

We collect only information that is reasonably necessary for the purposes described in this Privacy Policy.

For visitors from the European Economic Area, the United Kingdom, Canada, and other jurisdictions that require consent for non-essential cookies, analytics and marketing cookies are only activated after you provide your consent through our cookie consent tool.

You can withdraw your consent or manage your cookie preferences at any time through the cookie settings available on our website. If you disable certain cookies, some website features may not work properly.

We may use personal information for the following purposes:

• To respond to your inquiries
• To review early access applications
• To determine whether your restaurant is a good fit for the pilot program
• To schedule demos or calls
• To communicate with you about Restaurant OS
• To provide information about pricing, setup, features, and pilot availability
• To understand restaurant needs and improve our product roadmap
• To improve website performance, content, and user experience
• To send product updates or marketing communications where permitted by law
• To maintain website security and prevent abuse
• To manage business records and internal administration
• To comply with legal, regulatory, tax, accounting, or contractual obligations
• To protect our rights, users, systems, and business interests

Automated decision-making: We do not use automated decision-making or profiling to make decisions about you that produce legal or similarly significant effects. All decisions regarding early access applications and pilot program participation are made by our team.

We do not use your personal information for purposes that are incompatible with the purposes for which it was collected, unless required or permitted by law or unless we obtain appropriate consent.

Where European or United Kingdom data protection law applies, we process personal data using one or more of the following legal bases:

If you apply for the Restaurant OS early access or pilot program, we may use the information you provide to:

• Review your application
• Assess fit for the pilot program
• Understand your restaurant’s needs
• Contact you for follow-up questions
• Prepare a demo or proposal
• Plan product improvements
• Prioritize roadmap feedback
• Provide onboarding if accepted

Submitting an application does not guarantee acceptance into the pilot program.

Pilot participants may provide feedback about Restaurant OS features, workflows, usability, checkout experience, menu logic, booking flow, kitchen/admin tools, and future product needs. Unless otherwise agreed in writing, we may use this feedback to improve Restaurant OS, develop features, improve documentation, and refine the product roadmap.

We will not publicly identify your restaurant as a pilot participant, customer, or case study without your prior written permission.

If you submit your email address or request updates, and where you have provided appropriate consent where required, we may send you communications about:

• Restaurant OS
• Early access availability
• Product updates
• Demo scheduling
• Pricing or launch information
• Restaurant technology insights
• Relevant services by Foqira

You can unsubscribe from marketing emails at any time by using the unsubscribe link in the email or by contacting us at foqira.info@gmail.com

Even if you unsubscribe from marketing emails, we may still send non-marketing communications, such as responses to your inquiry, service-related messages, legal notices, or administrative communications.

We do not sell your personal information.

We do not share your personal information for cross-context behavioral advertising.

We may share limited personal information with trusted service providers who help us operate our website and business, including:

• Website hosting providers
• Form providers
• Email and communication tools
• Scheduling tools
• Analytics providers
• CRM or lead management tools
• Security and anti-spam providers
• Cloud storage providers
• Professional advisors, such as accountants or legal advisors

All service providers acting on our behalf are bound by data processing agreements and may only process information as necessary to provide services to us.

We may also disclose information:

• If required by law, regulation, court order, subpoena, or legal process
• To protect our rights, safety, users, systems, or business
• To investigate fraud, abuse, or security incidents
• In connection with a business transfer, merger, acquisition, restructuring, or sale of assets
• With your consent or at your direction

Foqira is established in Poland (European Union). We may transfer personal information to service providers located outside the European Economic Area or United Kingdom, including to the United States and Canada.

Where such transfers occur, we rely on appropriate safeguards, including:

• EU Standard Contractual Clauses (SCCs) approved by the European Commission, where required for transfers from the EEA
• UK International Data Transfer Agreements (IDTAs) or UK Addenda to EU SCCs, where required for transfers from the United Kingdom
• EU–US Data Privacy Framework (DPF) and UK–US Data Bridge, where our US-based service providers are certified under these frameworks
• Adequacy decisions of the European Commission or UK Secretary of State, where applicable

Before engaging any service provider that involves international data transfers, we conduct a Transfer Impact Assessment (TIA) where required, to ensure that appropriate protections are in place.

You can request a copy of the relevant transfer safeguards by contacting us at foqira.info@gmail.com

We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy and in accordance with applicable law.

Specific retention periods:

 

When information is no longer needed, we will delete, anonymize, or securely archive it as appropriate.

We use reasonable technical, administrative, and organizational measures to protect personal information against unauthorized access, loss, misuse, disclosure, alteration, or destruction.

These measures may include:

• Secure hosting within the European Union or with providers meeting EU data protection standards
• Access controls and role-based permissions
• HTTPS encryption for all website communications
• Spam and abuse prevention
• Secure password and account practices
• Data minimization
• Regular vendor review and data processing agreements
• Backups and operational safeguards

However, no website, internet transmission, email communication, or electronic storage system is completely secure. You should avoid sending highly sensitive information through website forms unless specifically requested.

We use reasonable technical, administrative, and organizational measures to protect personal information against unauthorized access, loss, misuse, disclosure, alteration, or destruction.

These measures may include:

• Secure hosting within the European Union or with providers meeting EU data protection standards
• Access controls and role-based permissions
• HTTPS encryption for all website communications
• Spam and abuse prevention
• Secure password and account practices
• Data minimization
• Regular vendor review and data processing agreements
• Backups and operational safeguards

However, no website, internet transmission, email communication, or electronic storage system is completely secure. You should avoid sending highly sensitive information through website forms unless specifically requested.

Depending on where you live, you may have rights regarding your personal information.

These rights may include:

• The right to access personal information we hold about you
• The right to correct inaccurate or incomplete information
• The right to erasure (“right to be forgotten”)
• The right to withdraw consent where processing is based on consent
• The right to object to certain processing, including processing based on legitimate interests or for direct marketing
• The right to restrict certain processing
• The right to data portability where applicable
• The right to opt out of certain marketing communications
• The right not to be subject to solely automated decisions that produce legal or similarly significant effects
• The right not to be discriminated against for exercising privacy rights

To exercise your rights, contact us at:

foqira.info@gmail.com

We may need to verify your identity before responding to your request. We will respond within the timeframe required by applicable law (generally within 30 days under GDPR; 45 days under CCPA; 30 days under PIPEDA).

If you are not satisfied with our response, you have the right to lodge a complaint with the relevant supervisory authority (see Section 1 for contact details).

If you are located in Canada, we handle personal information in accordance with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, including Quebec Law 25 (Act respecting the protection of personal information in the private sector, as amended).

Our practices are guided by the following principles:

• Accountability
• Identifying purposes
• Consent
• Limiting collection
• Limiting use, disclosure, and retention
• Accuracy
• Safeguards
• Openness
• Individual access
• Challenging compliance

For transparency, we may collect the following categories of personal information, depending on how you interact with us:

• Identifiers: name, email address, phone number, IP address, or online identifiers
• Business contact information: restaurant name, website, role, and business location
• Internet or electronic network activity: website usage, browser type, and pages visited
• Commercial or business inquiry information: service interest, demo requests, and pilot applications
• Approximate geolocation information derived from IP address
• Communications content that you choose to send us
• Inferences about restaurant needs, such as likely fit for Restaurant OS or relevant product modules

We do not intentionally collect sensitive personal information through this website. If any information that may be considered sensitive is incidentally provided by you (for example, in a free-text field), we will treat it with the appropriate level of care and will not use it for purposes beyond responding to your communication.

Restaurant OS is intended for business users, restaurant owners, operators, and professionals.

Our website is not directed to children under the age of 13 in the United States, under 16 in the European Economic Area where applicable, or under the relevant age of digital consent in other jurisdictions.

We do not knowingly collect personal information from children. If you believe a child has provided personal information to us, please contact us at foqira.info@gmail.com and we will take appropriate steps to delete it.

Our website may contain links to third-party websites or services.

We are not responsible for the privacy practices, security, or content of third-party websites or services. You should review their privacy policies before providing information to them.

Third-party services we may use include tools for hosting, analytics, email, scheduling, form submissions, CRM, security, or payment-related communications. All third-party processors engaged by us are subject to data processing agreements.

We may use analytics tools to understand how visitors interact with our website and to improve our content, product, and user experience.

Analytics cookies and similar technologies are only activated after you have provided your consent through our cookie consent tool (where required by applicable law).

We configure our analytics tools to retain data for no longer than 14 months.

If we introduce advertising or retargeting technologies in the future, we will update this Privacy Policy, implement appropriate consent mechanisms, and — where required — update our cookie consent tool and provide opt-out mechanisms before activating such tools.

As a controller established in the European Union, Foqira maintains an internal Record of Processing Activities (RoPA) in accordance with Article 30 of the GDPR. This record is available to the supervisory authority upon request.

If Foqira or Restaurant-OS is involved in a merger, acquisition, financing, reorganization, sale of assets, or similar business transaction, personal information may be transferred as part of that transaction.

If this happens, we will take reasonable steps to ensure that your information remains protected and is used consistently with this Privacy Policy, and we will provide notice through our website or by email where required by law.

We may update this Privacy Policy from time to time.

When we make changes, we will update the “Last updated” date at the top of this page.

If we make material changes, we will provide additional notice — through the website, a banner, or by email — where required by applicable law. For EEA and UK users, material changes that affect the legal basis for processing or your rights will be communicated directly where we hold your contact information.

Your continued use of the website after an updated Privacy Policy is posted constitutes your acknowledgment of the updated policy.

If you have questions about this Privacy Policy, want to exercise your privacy rights, or want to make a privacy-related complaint, please contact us at:

Foqira / Restaurant OS Email: foqira.info@gmail.com Website: foqira.com Business location: Poland, European Union

Lead supervisory authority (EEA): UODO, uodo.gov.pl UK supervisory authority: ICO, ico.org.uk Canadian supervisory authority: OPC, priv.gc.ca Quebec supervisory authority: CAI, cai.quebec.ca