SpeedyFeast Privacy Policy

Last Updated: August 25, 2025
Who we are: SpeedyFeast (“SpeedyFeast,” “we,” “us,” or “our”) operates a multi-tenant platform that powers direct online ordering, websites, and related tools for restaurants in Canada. We are based in Ontario, Canada.

This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our websites, use our applications or merchant dashboards, or interact with services that link to this Policy (collectively, the “Services”). By using the Services, you agree to the practices described here. Your use of the Services is also subject to our Terms of Service.

1) How Canadian law applies

We handle personal information in accordance with Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act (PIPEDA) and, where applicable, substantially similar provincial laws (e.g., Québec's Act respecting the protection of personal information in the private sector (Law 25), Alberta PIPA, BC PIPA). We also comply with Canada's Anti-Spam Legislation (CASL) for commercial electronic messages.

2) Roles: who is responsible for what?

  • SpeedyFeast as “organization”/controller. We are responsible for personal information we collect for our own purposes (e.g., account administration, billing, platform analytics, security).
  • SpeedyFeast as service provider/processor to Restaurants. When a Restaurant uses the Services to interact with its customers (“Customers”)—for example, to accept an order or send marketing—SpeedyFeast processes personal information on the Restaurant's instructions. Restaurants are responsible for their own privacy notices and lawful use of the data (including CASL compliance) when they use our tools.

If you are unsure whether SpeedyFeast or a Restaurant is responsible for a specific activity, contact us (see §14) and we will help route your request.

3) Personal information we collect

We collect personal information from or about you and your devices as described below.

A) Information you provide

  • Ordering & account details (Customers). Name, email, phone, address, order contents, delivery/pickup notes, allergy notes you provide, loyalty participation, feedback/reviews, and communication preferences.
  • Merchant information (Restaurants/Staff). Contact details (name, email, phone), business name and addresses, role information, tax/banking details you provide for payouts, and documents you upload for onboarding.
  • Support & communications. Information you include when you contact us (e.g., troubleshooting details, survey responses, preferences).
  • Careers. Resume/CV details, work/education history, and other information you choose to submit in an application.

B) Information we collect automatically when you use the Services

  • Device & log data. IP address, device identifiers, browser type, operating system, language, referring/exit pages, timestamps, and system activity.
  • Usage data. Page views, clicks, scrolls, session duration, features used, order funnel events (e.g., add to cart/abandon), and error diagnostics.
  • Location data. If you enable location permissions, we may collect precise geolocation to help locate the nearest Restaurant or assist delivery/pickup features. We may also infer a general location from IP address.
  • Cookies & similar technologies. We and our partners use cookies, pixels, SDKs, and local storage for core functionality (e.g., sign-in, cart), analytics, fraud prevention, and (if enabled by a Restaurant) marketing. You can manage preferences in your browser and, where provided, in our cookie banner.

C) Information from third parties

  • Restaurants & partners. Order history or loyalty status related to your transactions; limited delivery details shared by a Restaurant or its couriers to complete an order (e.g., delivery status).
  • Payments. Confirmation tokens and limited metadata from our payment processors (see §6) after a transaction.
  • Service providers. Analytics or anti-fraud signals (e.g., approximate location risk, device reputation) as permitted by law.

4) How we use personal information (Purposes)

We use personal information to:

  1. Provide and operate the Services (create/maintain accounts, host Business Sites, process orders, display menus/prices, loyalty features).
  2. Facilitate payments and payouts and maintain accurate records.
  3. Communicate about orders, account notices, updates, security alerts, and respond to support requests.
  4. Support Restaurants in serving Customers (order routing, ticket printing, delivery/pickup coordination as applicable).
  5. Comply with CASL by enabling consent capture and unsubscribe flows for messages sent by Restaurants; manage SpeedyFeast's own marketing consents.
  6. Improve and secure the Services (debugging, analytics, testing, research, preventing fraud/abuse, enforcing terms).
  7. Comply with law and regulator requests; establish, exercise, or defend legal claims.
  8. Other purposes with your consent or as otherwise permitted or required by law.

We do not use payment card numbers for any other purpose—we do not receive full card numbers (see §6).

5) How we disclose personal information

We do not sell personal information. We disclose personal information in these circumstances:

  • Restaurants & couriers (to fulfill an order). We share necessary information with the Restaurant you ordered from (and, if the Restaurant uses first-party couriers, with those couriers) to prepare and deliver your order, handle customer service, loyalty, and refunds.
  • Vendors/service providers. Trusted providers that host our infrastructure, process payments, perform analytics, messaging (email/SMS, if enabled), print tickets, prevent fraud, or provide customer support. They may access personal information only to perform services for us and must protect it contractually.
  • Marketing & analytics partners (limited). If a Restaurant enables certain marketing or analytics integrations, we may share pseudonymized or aggregated usage data or event tags to help measure campaign performance. Where required, we rely on your consent or the Restaurant's lawful instructions.
  • Business transfers. In connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to confidentiality protections and continued safeguards.
  • Legal and safety. When we believe disclosure is required or appropriate to comply with law or legal process; to respond to lawful requests from regulators/law enforcement; to protect the rights, property, or safety of Customers, Restaurants, SpeedyFeast, or others.
  • With your consent. As requested or clearly disclosed at the time of sharing.

6) Payments

When you pay through the Services, your payment is processed by a third-party payment processor (e.g., Stripe). The processor collects personal information such as name, email, billing address, and payment card details to complete the transaction. SpeedyFeast does not store full payment card numbers. The processor's privacy policy and terms govern its handling of your payment information. We receive limited payment confirmation and metadata needed for order fulfillment, fraud prevention, and accounting.

7) CASL & communications choices

  • Restaurant messages. Restaurants are responsible for ensuring they have appropriate consent to send commercial electronic messages via our tools. Each such message will include an unsubscribe mechanism managed by the sender or within the Services.
  • SpeedyFeast marketing. We may send our own marketing with your express consent. You can revoke consent at any time using the unsubscribe link or by contacting us.
  • Transactional messages. You may continue to receive non-marketing messages (e.g., order receipts, service or security notices) even if you opt out of marketing.
  • SMS/MMS. By providing a mobile number to a Restaurant or to SpeedyFeast, you may receive messages for operational purposes (e.g., order status). Message frequency varies; carrier rates may apply. You can reply STOP to opt out of a given message stream.

8) Cookies, analytics, and ads

You can control cookies through your browser and, where available, through our cookie banner/preferences. Blocking some cookies may affect site functionality (e.g., keeping items in your cart).
We use analytics services (e.g., to understand feature usage and improve performance). We do not currently respond to Do Not Track signals because no industry standard exists, but you can use browser or OS-level settings, and our preferences tools, to limit tracking technologies.

9) Children's privacy

Our Services are not directed to children under 13. We do not knowingly collect personal information from children under 13 without verifiable parental consent. If you believe a child under 13 has provided personal information, contact us and we will take appropriate steps to delete it. If you are under the age of majority in your province/territory, use the Services only with the involvement of a parent or guardian.

10) Retention

We retain personal information only as long as necessary to fulfill the purposes described in this Policy and comply with legal, tax, accounting, and reporting obligations. We apply criteria such as the nature of the data, the purpose of processing, statutory retention periods, and the sensitivity/risk associated with the data. We securely delete or anonymize information when no longer needed.

11) Security

We use administrative, technical, and physical safeguards designed to protect personal information (e.g., encryption in transit, access controls, logging, segmentation). No method of transmission or storage is completely secure. If we become aware of a breach of security safeguards that poses a real risk of significant harm, we will notify affected individuals and the appropriate privacy regulator(s) as required by law and maintain records of all such incidents.

12) Cross-border transfers

We may process and store personal information in Canada, the United States, and other jurisdictions where we or our service providers operate. While outside your province/territory or Canada, personal information is subject to the laws of the foreign jurisdiction and may be accessed by courts, law enforcement, and national security authorities there. We use contractual and organizational measures to protect personal information regardless of location.
Québec (Law 25) notice: If your information is collected in Québec, we will inform you of any transfer of personal information outside Québec and the countries where the information will be located (e.g., United States for cloud hosting and messaging). We conduct a privacy impact assessment for such transfers as required.

13) Your rights & choices

Subject to applicable law and certain exceptions, you may have the right to:

  • Access your personal information and obtain information about how it is used and disclosed.
  • Rectify inaccurate or incomplete personal information.
  • Withdraw consent for processing where consent is the legal basis (e.g., SpeedyFeast marketing; Restaurant marketing sent using our tools).
  • Portability (where available by law). Request a copy of certain information in a structured, commonly used format.
  • Object or restrict certain processing (e.g., profiling for marketing), where provided by law.
  • De-indexation/cessation of dissemination (Québec, where applicable). Request cessation of dissemination or de-indexation in circumstances provided by law.

To exercise these rights, contact us (see §14). We may request information to verify your identity. If we process your information on behalf of a Restaurant, we may refer your request to that Restaurant.

14) Contacting us (Privacy Officer)

Privacy Officer - SpeedyFeast
Email: support@speedyfeast.ai

15) Accessibility

We strive to make our Services accessible and to provide this Policy in alternative formats upon request to accommodate disabilities, consistent with Ontario's AODA and applicable provincial standards. Please contact us if you require an accessible format or communication support.

16) Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version with a new “Last Updated” date, and, if changes are material, we will provide prominent notice (e.g., dashboard notice or email). Your continued use of the Services after the effective date signifies acceptance of the updated Policy.

17) Additional notices for Restaurants and Staff

  • CASL & consent records. You are responsible for obtaining and retaining valid consent for any marketing you send using our tools and for honoring unsubscribe requests.
  • Customer transparency. You must publish accurate privacy disclosures for your brand(s) and ensure your Business Content (menus, pricing, promotions) complies with applicable laws (e.g., consumer protection, advertising/competition, accessibility).
  • Data exports & integrations. If you enable third-party integrations (e.g., POS, analytics, delivery), you are responsible for the transfer and use of personal information by those third parties and for any notices/consents required.

18) Summary of key points (non-exhaustive)

  • We collect only what we need to run the Services and fulfill orders.
  • We do not sell personal information.
  • Payments are processed by third-party processors; we don't store full card numbers.
  • You control marketing consents; unsubscribe any time.
  • Your data may be processed in Canada, the U.S., and elsewhere with safeguards.
  • You can request access/correction and exercise other rights under Canadian law.

If you have questions about this Policy or how we handle personal information, please contact our Privacy Officer.