WPOrder

Privacy Policy

Last updated: 21 February 2026

1. Who We Are

WPOrder ("we", "us", "our") operates the wporder.co.uk website and the WPOrder platform, an AI-powered ordering service for takeaway restaurants. Our contact email is hello@wporder.co.uk.

2. Data We Collect

We collect the following categories of personal data:

  • Restaurant owners (tenants): Name, email address, business name, WhatsApp Business phone number, Telegram bot token.
  • End customers: Name (if provided), phone number (from WhatsApp/Telegram), delivery address (if provided), order history, and conversation messages.
  • Website visitors: Standard web analytics data (page views, browser type, IP address).

3. How We Use Your Data

  • To process and fulfil food orders placed via WhatsApp, Telegram, or web chat.
  • To provide the AI-powered conversational ordering experience.
  • To display order history, customer preferences, and conversation logs to restaurant staff on the dashboard.
  • To send order confirmations and status updates via the relevant messaging channel.
  • To improve our AI system and service quality.
  • To communicate with restaurant owners about their account and service updates.

4. Legal Basis for Processing

We process personal data under the following lawful bases (UK GDPR):

  • Contract: Processing necessary to fulfil orders and provide the service.
  • Legitimate interest: Improving our service, preventing fraud, and ensuring platform security.
  • Consent: Where required, such as marketing communications.

5. Data Sharing

We share personal data with:

  • Restaurant partners: Customer name, phone number, delivery address, and order details are shared with the restaurant processing your order.
  • Meta (WhatsApp): Messages are transmitted via the WhatsApp Business API.
  • Telegram: Messages are transmitted via the Telegram Bot API.
  • AI providers: Conversation content is sent to our AI provider to generate responses. No personally identifiable data is retained by the AI provider beyond the session.
  • Hosting providers: Our infrastructure is hosted on secure cloud servers.

We do not sell your personal data to third parties.

6. Data Retention

We retain order data and conversation history for up to 24 months from the date of the last interaction. Restaurant owner account data is retained for the duration of the subscription and for 12 months after cancellation. You may request earlier deletion — see Section 8.

7. Data Security

We use industry-standard security measures including encrypted connections (TLS), secure database storage, and access controls. API tokens and credentials are stored securely and never exposed in client-side code.

8. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data.
  • Object to or restrict processing of your data.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent at any time where processing is based on consent.

To exercise any of these rights, contact us at hello@wporder.co.uk. We will respond within 30 days.

9. Cookies

Our website uses essential cookies for authentication and session management. We do not use third-party advertising cookies. Analytics cookies, if used, are anonymised.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.

11. Contact

For any questions about this Privacy Policy or your personal data, contact us at: hello@wporder.co.uk