Privacy Policy
Last updated: 2026-07-17
Wenorr ("we", "us", "our") respects your privacy. This Policy explains how we collect, use, share and protect personal information when you use our platform. It is written to align with the South African Protection of Personal Information Act (POPIA) and the EU/UK General Data Protection Regulation (GDPR) where applicable.
1. Who We Are
Wenorr operates a workplace canteen platform. For employees ordering food, your employer is the "responsible party" / "controller" of your data and Wenorr acts as an "operator" / "processor". For company admins signing up directly, Wenorr is the controller.
2. Information We Collect
- Account data: name, email, phone number, company, role, avatar.
- Order data: items ordered, timestamps, canteen, pickup times, payment method (last 4 digits only).
- Dietary preferences: allergies and preferences you choose to share with the kitchen.
- Usage data: pages viewed, device type, IP address, session identifiers.
- Support communications: messages you send us and to our AI assistant.
3. How We Use Your Information
- Provide, operate and improve the Service.
- Process orders, payments and refunds.
- Send transactional emails (receipts, order status, password resets).
- Prevent fraud, secure the platform and enforce our Terms.
- Produce anonymised analytics and forecasting.
- Comply with legal obligations.
4. Legal Bases
We process personal data under one or more of: performance of a contract, your consent (which you may withdraw at any time), our legitimate interests in operating the Service, and compliance with legal obligations.
5. Sharing
We share personal data only with: (a) your Canteen Operator to fulfil orders; (b) payment processors to charge cards; (c) cloud, email and SMS providers who host the infrastructure; (d) authorities where legally required. We never sell your personal information.
6. International Transfers
Some of our providers are based outside South Africa. Where data is transferred internationally, we rely on adequacy decisions or standard contractual clauses to ensure equivalent protection.
7. Retention
We retain personal data for as long as your account is active plus a reasonable period thereafter to satisfy tax, accounting and legal requirements. Order records are typically kept for 5 years for tax purposes.
8. Your Rights
You have the right to access, correct, delete, restrict, port or object to processing of your personal data. You may also lodge a complaint with the Information Regulator (South Africa) or your local data-protection authority. To exercise rights, email [email protected].
9. Security
We use TLS in transit, encryption at rest, role-based access control, row-level security and audited logs. No system is 100% secure, so we encourage you to use strong unique passwords and enable multi-factor authentication when available.
10. Cookies
We use only strictly necessary cookies for authentication and session management. We do not run advertising trackers.
11. Children
The Service is not directed to children under 18. We do not knowingly collect data from children.
12. Changes
We may update this Policy. Material changes will be notified in-app or by email.
13. Contact
Information Officer: [email protected]
