Skip to main content
OrderPizza.app
Start free
Legal

Privacy Policy

Effective May 23, 2026. This Privacy Policy explains how OrderPizza.app handles personal information when you visit our website, create a merchant account, or use our voice AI phone-ordering platform.

1. Introduction

OrderPizza.app(“OrderPizza,” “we,” “us,” or “our”) operates the website at https://orderpizza.app, the merchant dashboard, and related services that help pizza shops answer phone orders using an AI phone agent (collectively, the “Service”).

This Privacy Policy describes what personal information we collect, how we use and share it, and the choices available to you. If you do not agree with this policy, please do not use the Service.

2. Who this policy applies to

We may process personal information relating to:

  • Website visitors who browse our marketing pages or submit a contact form;
  • Merchant users who create accounts, configure stores, and operate the dashboard; and
  • End customers who call a participating restaurant and interact with the AI phone agent, receive SMS payment links, or otherwise interact with the Service on behalf of that merchant.

3. Our role: controller vs. processor

For merchant account data (such as your name, email, billing details, and store configuration), OrderPizza generally acts as a data controller.

For end-customer call data processed on a merchant's behalf (such as caller phone numbers, order details, transcripts, and payment-link delivery status), OrderPizza generally acts as a data processor or service provider, and the merchant is responsible for providing appropriate notices and obtaining any legally required consents from callers.

4. Information we collect

A. Information you provide directly

  • Account and profile details: name, email address, phone number, company or store name, job title, and password or authentication credentials;
  • Business configuration: menu data, store hours, delivery zones, transfer rules, onboarding details, and support communications;
  • Contact and sales inquiries: information submitted through our contact form or email; and
  • Billing details: subscription plan, billing contact information, and transaction history. Full payment card numbers are processed by Stripe and are not stored on our servers.

B. Information collected automatically

  • Device and usage data: IP address, browser type, operating system, pages viewed, referring URL, timestamps, and similar log data;
  • Authentication and security data: login events, session identifiers, and fraud-prevention signals; and
  • Product telemetry: feature usage, error reports, and performance metrics needed to operate and secure the Service.

C. Phone call and order data

When a merchant uses the Service, we may process information generated during inbound phone calls, including:

  • Caller phone number and call metadata (time, duration, outcome);
  • Call audio, transcripts, and AI confidence signals;
  • Order contents, modifiers, fulfillment type, and special instructions;
  • SMS delivery status for Stripe-hosted payment links; and
  • Payment and order status returned from Stripe.

D. Cookies and similar technologies

We use cookies, local storage, and similar technologies for essential site functionality (such as theme preferences and authentication sessions) and, where enabled, privacy-friendly analytics. See Section 10 for more detail.

5. How we use information

We use personal information to:

  • Provide, operate, maintain, and improve the Service;
  • Create and manage merchant accounts and store configurations;
  • Route inbound calls, capture orders, transfer calls to staff, and send payment links;
  • Process subscriptions, usage-based billing, overage charges, and platform fees;
  • Send transactional communications such as verification emails, billing notices, and service alerts;
  • Respond to support requests, sales inquiries, and security incidents;
  • Monitor reliability, detect abuse, enforce our terms, and comply with law; and
  • Develop and evaluate product features, including AI ordering quality and fraud prevention.

We do not use end-customer call recordings or transcripts to train unrelated third-party AI models. We may use aggregated or de-identified data to improve service quality, subject to this policy and our agreements with merchants.

6. Legal bases for processing (EEA/UK)

Where the GDPR or UK GDPR applies, we rely on one or more of the following legal bases:

  • Contract: to provide the Service you or your organization requested;
  • Legitimate interests: to secure, maintain, and improve the Service, prevent fraud, and support merchants, balanced against your rights;
  • Consent: where required for optional analytics or other consent-based processing; and
  • Legal obligation: where processing is necessary to comply with applicable law.

7. How we share information

We do not sell personal information for money. We share information only as described below:

  • Service providers and sub-processors that help us host infrastructure, operate telephony, process payments, send email, provide analytics, and secure the Service;
  • Merchants, where end-customer call or order data is generated while calling that merchant's configured line;
  • Professional advisers such as lawyers, accountants, or insurers where reasonably necessary;
  • Business transfers in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards; and
  • Legal and safety purposes when we believe disclosure is required by law or necessary to protect rights, safety, and security.

Sub-processors we use today

ProviderPurposeTypical data involved
Amazon Web Services (AWS)Cloud hosting, storage, compute, and related infrastructureAccount, call, order, and operational data
Amazon ConnectInbound telephony, contact flows, and call routingCall audio, metadata, transcripts, phone numbers
Stripe, Inc.Subscription billing and hosted payment links for caller ordersBilling details, payment status, transaction metadata
Amazon CognitoMerchant authentication and account managementName, email, authentication events
Cloudflare TurnstileBot and abuse prevention on signup flowsDevice and interaction signals
Plausible AnalyticsPrivacy-friendly website analytics when enabledPage views, referrer, coarse usage metrics

Each provider processes data under its own privacy policy and, where applicable, under a data processing agreement with OrderPizza. Stripe's privacy policy is available at stripe.com/privacy.

8. Payment information

Paid subscriptions and caller payment links are processed by Stripe. We do not collect, store, or process full payment card numbers in our application in Phase 1. Stripe may collect billing name, billing address, payment method details, and transaction information directly from payers according to Stripe's terms and privacy policy.

We receive limited billing and payment-status information from Stripe needed to manage subscriptions, reconcile orders, handle disputes, and provide merchant reporting.

9. Phone calls, recordings, and AI processing

The Service uses AI to answer inbound restaurant phone calls, capture orders, and generate transcripts. Depending on merchant configuration, call audio and transcripts may be stored in the merchant dashboard for review, training, and support.

Important for merchants:laws governing call recording, AI-generated voice disclosure, telemarketing, and text messaging vary by jurisdiction. Merchants are responsible for providing legally adequate notices to callers and obtaining any required consents before or during calls, including under the TCPA, state two-party consent laws, and applicable restaurant or hospitality regulations. OrderPizza provides configurable call flows and disclosures, but compliance with caller-facing legal obligations remains the merchant's responsibility.

10. Cookies and analytics

We may use the following categories of cookies and similar technologies:

  • Strictly necessary: required for authentication, security, and basic site functionality;
  • Preference: such as theme selection stored in local storage; and
  • Analytics: where enabled, to understand aggregate website usage through privacy-oriented analytics tools.

You can control cookies through your browser settings. Disabling certain cookies may affect site functionality.

11. Data retention

We retain personal information for as long as necessary to provide the Service, fulfill the purposes described in this policy, comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type:

  • Merchant account data is retained while the account is active and for a reasonable period thereafter;
  • Call transcripts and order records are retained according to merchant settings and operational needs;
  • Billing and tax records may be retained longer where required by law; and
  • Security logs may be retained for a limited period to investigate abuse or incidents.

Merchants may request deletion of account data subject to legal, billing, and backup limitations.

12. Security

We use administrative, technical, and organizational measures designed to protect personal information, including encryption in transit, access controls, audit logging for sensitive actions, and least-privilege access for production systems. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

13. International data transfers

OrderPizza is operated from the United States. If you access the Service from outside the United States, your information may be processed in the United States and other countries where our service providers operate. Where required, we use appropriate safeguards such as Standard Contractual Clauses or equivalent mechanisms for cross-border transfers.

14. Your privacy rights

Depending on your location, you may have rights to access, correct, delete, restrict, or port certain personal information, and to object to or withdraw consent for certain processing.

California residents (CCPA/CPRA)

California residents may have the right to know what personal information we collect, request deletion or correction, obtain a portable copy, and opt out of certain sharing for cross-context behavioral advertising. We do not sell personal information for money. To submit a privacy request, email hello@orderpizza.appwith the subject line “California Privacy Request.” We will verify requests as required by law.

EEA, UK, and other regions

Where the GDPR or similar laws apply, you may lodge a complaint with your local supervisory authority. You may also contact us to exercise applicable rights.

End customers calling a restaurant

If you are a caller and want to exercise privacy rights related to an order placed with a restaurant using OrderPizza, please contact that restaurant directly. We will assist the merchant with verifiable requests where we act as their processor.

15. Children's privacy

The Service is intended for business use by restaurants and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, contact us and we will take appropriate steps to delete it.

16. Changes to this policy

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and update the effective date above. Your continued use of the Service after the effective date of a revised policy constitutes acceptance of the changes, except where further consent is required by law.

17. Contact us

For privacy questions or requests, contact us at hello@orderpizza.app.

See also our Terms of Service.