Privacy Policy Terms of Service Cookie Policy Security
Legal

Privacy Policy

At AloraPay, we believe transparency is foundational to trust. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and the choices you have. Please read it carefully — it matters.

Summary: AloraPay collects information from restaurant operators, their staff, and their guests to deliver our table-ordering and payment platform. We never sell your personal data. We use it only to operate the service and improve your experience.

Defined Terms

Throughout this Policy, the following terms carry specific meanings:

  • "AloraPay", "we", "our", "us" refers to AloraPay Ltd. and its subsidiaries operating in the Caribbean and West African territories.
  • "Personal Data" means any information relating to an identified or identifiable natural person — including names, contact details, payment information, and device identifiers.
  • "Restaurant Operator" or "Merchant" refers to any business entity that has registered an AloraPay account to use our platform.
  • "Guest" refers to any individual who interacts with the AloraPay platform at a table — scanning a QR code, placing an order, or making a payment.
  • "Services" refers to AloraPay's table ordering platform, digital menu, in-app payments, order routing, and admin dashboard.
  • "Transaction Data" refers to data associated with an order or payment, including items ordered, amounts, timestamps, table identifiers, and payment method details.

Data We Collect

The data we collect depends on whether you are a Restaurant Operator, a member of restaurant staff, or a Guest.

From Restaurant Operators and Staff

  • Account information: Business name, contact name, email address, phone number, and billing address.
  • Business verification: Business registration documents, tax identification numbers, and bank account details required for payment processing.
  • Platform usage data: Login activity, dashboard interactions, menu edits, table configurations, and order management actions.
  • Communications: Emails, support tickets, and messages you send to AloraPay.

From Guests

  • Table & session data: The table QR code scanned, session start time, and items browsed.
  • Order data: Items selected, customisations, quantity, order time, and special requests.
  • Payment data: Payment method type (credit/debit card), card last four digits, transaction amount, and payment status. Full card details are handled by our PCI-compliant payment processor and never stored on AloraPay servers.
  • Device data: Browser type, device type, IP address, and operating system — collected to ensure compatibility and detect fraud.
  • Contact details (optional): If you choose to receive a digital receipt, we collect your email address.

Automatically Collected Data

Like most web services, we automatically collect certain technical data when you use our platform, including cookies, log data, and usage analytics. See our Cookie Policy for full details.

How We Use Your Data

Purpose Data Used Legal Basis
Providing the platform and processing orders Account, session, order, and transaction data Contract performance
Processing payments and payouts to merchants Payment and banking data Contract performance
Fraud detection and platform security Device, IP, and transaction data Legitimate interest
Providing customer and merchant support Account and communications data Contract performance
Product analytics and improvement Aggregated, anonymised usage data Legitimate interest
Regulatory compliance and legal obligations Identity, transaction, and financial data Legal obligation
Marketing communications (opt-in only) Email address and account data Consent

Sharing Your Data

AloraPay does not sell personal data. We share it only in the following circumstances:

With Restaurant Operators

Guest order and transaction data is shared with the relevant Restaurant Operator to fulfil your order and manage their business. Restaurant Operators agree to our data processing terms and are prohibited from using Guest data for purposes beyond service delivery.

With Service Providers

We engage trusted third-party vendors to operate the platform, including payment processors (who are PCI-DSS certified), cloud hosting providers, fraud detection services, and analytics tools. All vendors are contractually bound to process data only on our instructions.

Kitchen and POS Systems

Order data (items, customisations, table number) is transmitted to the restaurant's kitchen display or Point of Sale system to fulfil your order. This transmission does not include payment or personal identity data.

Legal and Regulatory Disclosure

We may disclose personal data where required by law, court order, or the lawful request of a governmental authority in the jurisdictions in which we operate, including regulators in Trinidad & Tobago, Jamaica, Guyana, Barbados, and Ghana.

Retention & Security

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

  • Guest transaction data: Retained for 7 years for accounting and tax compliance purposes.
  • Merchant account data: Retained for the duration of the account and 7 years thereafter.
  • Session and device data: Retained for 90 days, then anonymised or deleted.
  • Marketing preferences: Retained until you withdraw consent.

Security measures include TLS encryption in transit, AES-256 encryption at rest, PCI-DSS compliant payment handling, role-based access controls, and regular security audits. Full details are in our Security Policy.

Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Erasure: Request deletion of your data, subject to legal retention requirements.
  • Restriction: Request that we limit how we use your data while a dispute is resolved.
  • Portability: Request your data in a structured, machine-readable format.
  • Objection: Object to processing based on legitimate interest, including for marketing purposes.
  • Withdraw consent: Where processing is based on consent, you may withdraw at any time.

To exercise any of these rights, contact us at privacy@alorapay.com. We will respond within 30 days.

International Data Transfers

AloraPay operates across multiple territories including the Caribbean and West Africa. Your data may be processed or stored in countries other than your own. Where we transfer data internationally, we implement appropriate safeguards including standard contractual clauses, data processing agreements, and equivalent protection mechanisms recognised in each operating jurisdiction.

We comply with applicable data protection legislation in all territories where we operate, including relevant legislation in Trinidad & Tobago, Jamaica, Guyana, Barbados, and Ghana.

Children's Privacy

The AloraPay platform is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without appropriate consent, please contact us at privacy@alorapay.com and we will take prompt steps to delete it.

Policy Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. We will notify Restaurant Operators of material changes via email and update the "Last updated" date at the top of this page.

Your continued use of the Services after a change takes effect constitutes your acknowledgment of the revised Policy.

Contact Us

For any privacy-related questions, requests, or concerns, please reach out to our Privacy Team:

AloraPay Privacy Team

📧 privacy@alorapay.com

📬 AloraPay Limited., Port of Spain, Trinidad & Tobago

We aim to respond to all privacy enquiries within 30 days. For urgent matters, please indicate "URGENT" in your subject line.