Diamond Food
Diamond Food
Privacy

Privacy Policy

How we collect, use, and protect data for customers, restaurants, and riders — and your choices under applicable law.

Effective date: 5 May 2026

1. Who we are

DiamondFood (“we”, “us”, “our”) operates the DiamondFood website, web applications, and related services (together, the “Platform”) that connect customers with restaurants and independent delivery partners (“riders”) for food ordering and delivery in Ghana.

This Privacy Policy explains how we collect, use, store, and share personal information when you use the Platform, create an account, place or fulfil orders, or contact support. It should be read together with our Terms & Conditions.

2. Scope

This policy applies to:

  • Customers who browse menus, place orders, pay, receive deliveries, and use account features (wallet, addresses, order history, ratings).
  • Restaurant partners who list menus, receive orders, and interact with operations tools made available to them.
  • Riders / delivery partners who accept and complete deliveries.
  • Visitors who only browse marketing pages or support content.

Restaurants and riders may also receive limited information about you strictly as needed to prepare or deliver your order (for example, drop-off address and contact phone). They must use that information only for fulfilment and support related to that order unless separate consent or law applies.

3. Information we collect

3.1 You provide directly

  • Account & profile: name, email, phone number, username where offered, password or authentication credentials (stored using industry-standard hashing—we do not store plaintext passwords where hashing applies).
  • Addresses & delivery: delivery labels, street or area descriptions, coordinates when you use map pickers, and delivery instructions.
  • Orders & payments: items ordered, amounts, payment method type (e.g. card, mobile money, wallet), transaction references, tips, receipts, and refund-related communications.
  • Communications: messages you send to support, in-app chat content where enabled, feedback, ratings, and reviews.
  • Marketing preferences: opt-in or opt-out choices for promotional email or SMS where we offer them.
  • Onboarding & verification (partners): business details, documents, bank or payout identifiers, and identity-related data submitted during restaurant or rider onboarding as required by our processes and applicable law.

3.2 Automatically collected

  • Device & technical: IP address, browser or app version, operating system, coarse location derived from IP, timestamps, and diagnostic logs needed to secure and operate the service.
  • Usage: pages or screens viewed, approximate referral source, cart activity, and events needed for analytics, fraud prevention, and product improvement (often in aggregated or pseudonymous form).
  • Location (when permitted): precise location during active delivery sessions for riders, or when you enable location features for address or tracking—only as described at collection and in product settings.
  • Cookies & similar technologies: on the web, cookies or local storage for session login, preferences, security tokens, and analytics where enabled. You can control cookies through your browser settings; disabling some cookies may limit functionality.

3.3 From third parties

  • Payment processors: payment status, risk signals, or partial identifiers from providers we use to authorise and settle transactions.
  • Maps & communications: geocoding, routing, or messaging providers we integrate to show maps, ETAs, or deliver OTPs and notifications.
  • Authentication partners: if we enable social or federated login in future, limited profile data from those providers as disclosed at sign-up.

3.4 Group orders, invites, and referrals

When you use group ordering, shared carts, or invite links, we process participant identifiers, cart contents, host/guest roles, and session metadata needed to merge orders and prevent abuse. Referral or promotional codes may tie activity to your account for eligibility and fraud checks.

4. Why we use your information (purposes)

Depending on your relationship with us, we process personal information to:

  • Create and secure accounts; authenticate sessions and prevent fraud.
  • Display menus and pricing; build carts; submit orders to restaurants.
  • Calculate fees, taxes where applicable, delivery charges, and loyalty or promotions.
  • Route orders to riders; share fulfilment details (name, phone, address, order contents as needed).
  • Process payments, wallet top-ups, tips, refunds, and settlement with partners.
  • Provide customer support, dispute handling, and safety investigations.
  • Send transactional notices (order confirmations, delivery updates, password resets).
  • Send marketing communications only where you have opted in or applicable law allows.
  • Improve the Platform, train models only as permitted and without selling your personal data as a standalone commodity.
  • Comply with legal obligations, respond to lawful requests, and enforce our Terms.
  • Detect, investigate, and prevent fraud, account takeover, and policy violations; maintain trust and safety for customers, restaurants, and riders.

5. Legal bases (summary)

Where Ghana’s Data Protection Act, 2012 (Act 843) and related rules apply, we rely on appropriate grounds such as: performance of a contract (providing the service you requested); legitimate interests (security, analytics, product improvement) balanced against your rights; consent where required (e.g. certain marketing or optional location); and legal obligation where we must retain or disclose information to authorities.

6. Sharing of information

We do not sell your personal information. We may share it as follows:

  • Restaurants receive what they need to prepare your order (items, dietary notes if provided, and contact/address details required for pickup or delivery).
  • Riders receive what they need to complete delivery (typically customer first name or initial, phone, address or pin, and order identifier).
  • Service providers who host infrastructure, process payments, send email/SMS, provide maps, analytics, or customer-support tooling—under contracts requiring protection and limited use.
  • Professional advisers (lawyers, auditors) where required.
  • Authorities when we believe disclosure is required by law, court order, or to protect rights, safety, or security.
  • Business transfers in connection with a merger, acquisition, or asset sale, subject to continued protection consistent with this policy or notice to you.

7. International transfers

Our primary processing occurs in Ghana or within service regions we configure. Some subprocessors may process data in other countries. Where we transfer personal data outside Ghana, we take steps described in our agreements and applicable law (including appropriate safeguards where required).

8. Retention

We retain information only as long as necessary for the purposes above, including legal, tax, and accounting requirements. Examples: order and payment records for dispute resolution and regulatory retention periods; support tickets for a defined period; marketing preferences until you withdraw consent; security logs for fraud prevention. When retention ends, we delete or anonymise data where feasible.

9. Security

We implement administrative, technical, and organisational measures appropriate to the risk—including encryption in transit where standard for web traffic, access controls, monitoring, and vendor due diligence. No method of transmission or storage is 100% secure; you should protect your password and device.

10. Your rights and choices

Subject to applicable law, you may have the right to:

  • Request access to personal information we hold about you.
  • Request correction of inaccurate data.
  • Request deletion where applicable—note we may retain certain records where law or legitimate interests require.
  • Object or restrict certain processing, including direct marketing.
  • Withdraw consent where processing was consent-based, without affecting prior lawful processing.
  • Lodge a complaint with a supervisory authority or our team first through the contact below.

To exercise rights, email support@diamondfood.app from your registered address where possible. We may verify identity before fulfilling sensitive requests.

11. Children

The Platform is not directed at children under 13 (or the minimum age required locally). We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it promptly.

12. Third-party links

The Platform may link to restaurants’ sites, payment pages, or social networks. Their privacy practices are governed by their own policies; we are not responsible for third-party sites.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version on this page and update the effective date. Material changes may be communicated by email or in-app notice where appropriate. Continued use after the effective date constitutes acceptance of the updated policy where permitted by law.

14. Contact

For privacy questions or requests: support@diamondfood.app
DiamondFood — Accra, Ghana (see Contact for current details).

Privacy Policy | Diamond Food