Privacy Policy
Version 2026-07-14-v1 · Effective date: 14 July 2026
https://mygodly.info/privacy · Effective date: 14 July 2026
This Privacy Policy explains how Mygodly, operated by MYGODLY ECOMMERCE AND TRANSPORTATION INDIA PRIVATE LIMITED (“we”, “us”), collects, uses, and discloses personal data when a restaurant uses our commerce and marketing platform (the “Service”), and when a diner orders from, messages, or books a table at a restaurant that uses the Service. By using the Service, you agree to this Policy.
1. Who this applies to
In short: This policy covers two kinds of people: restaurant owners and staff who run the Service, and diners who order, message, or book through a restaurant's storefront or WhatsApp number.
Two different people read this policy for two different reasons. A restaurant signs up, runs its storefront, catalog, and marketing through the Service, and is our direct customer. A diner never signs up with us directly — they order food, message a restaurant, or book a table through a storefront or WhatsApp number that a restaurant operates using the Service. Section 2 explains why that distinction matters legally.
2. The restaurant is the controller; we are the processor
In short: For diner data — phone numbers, orders, WhatsApp messages — the restaurant decides why the data is collected and what it's used for. We just process it on the restaurant's behalf, under the restaurant's instructions.
This is the legal basis of the whole product, so we state it plainly rather than bury it in a definitions section. When a diner places an order, sends a WhatsApp message, or makes a reservation with a restaurant, that restaurant is the data controller for the diner's personal data — the restaurant decides what is collected and why, exactly as it would if it took the order over the counter or the phone. We are the data processor: we store and process that data on the restaurant's behalf, under the restaurant's instructions, to run the storefront, the order board, and the WhatsApp conversation. A diner with a question about how their data is used by a specific restaurant should start with that restaurant; we support the restaurant in answering it.
For a restaurant's own account data — its login, its subscription, its own contact details — we are the controller in the ordinary sense, exactly as any software provider is for its own customer's account.
3. Data we collect
In short: For restaurants: account, billing, and menu/catalog data. For diners: phone number, order and reservation history, and — with consent — WhatsApp messages. Plus basic technical data for everyone.
- Restaurant account data — name, email, password hash or OAuth identifier, business details, and subscription/billing status.
- Catalog & menu content — the dishes, prices, and photos a restaurant uploads or that we help generate from photos it provides.
- Diner order data — phone number, name, order and reservation history, delivery or pickup details, and payment status (not full card or bank details — those are handled by our payment processor, described in section 7).
- Diner WhatsApp messages — with the diner's consent (opening a conversation with the restaurant on WhatsApp), we store the conversation needed to take an order, answer a question, or make a booking.
- Analytics — anonymous or pseudonymous storefront view/click events, and aggregate marketing page-view counts for our own site (path, referring domain, campaign tag — no IP address, no cookie ID, no account link).
- Technical data — IP address, device and browser information, and cookies needed to operate and secure the Service.
4. AI processing — your photos and menu leave our servers
In short: To generate marketing content and enhance dish photos, we send a restaurant's menu content and dish photographs to third-party AI models — Anthropic for language, and an image-enhancement model for photos. Restaurants deserve to know this before they upload a photo.
A core part of the Service is producing marketing content — captions, posts, and enhanced photos — from a restaurant's own dish photographs and menu. To do that, we send the relevant photo or text to third-party AI providers for processing: Anthropic for language generation (captions, replies, menu structuring), and a separate image-enhancement model for photo processing. These providers process the content to generate a result and do not use it to market a different restaurant. We enhance real photographs — we do not fabricate a dish that does not exist and present it as real; see our for restaurants page for why that distinction matters for aggregator compliance.
5. WhatsApp
In short: Ordering conversations and broadcasts run through WhatsApp's Cloud API, so they are also subject to Meta's own terms and privacy practices, on top of ours.
Orders, reservations, and conversations between a restaurant and its diners flow through WhatsApp Business messaging, provided by Meta (or a Meta-authorized technology provider we work with). That means this data is also handled under Meta's own terms and privacy policy for WhatsApp Business, in addition to this Policy.
6. What we do not do
In short: We do not sell diner data, and we do not use one restaurant's customer list to market a different restaurant. Ever.
We do not sell personal data — diner or restaurant. We do not use a diner's phone number, order history, or WhatsApp conversation with one restaurant to market a different restaurant, and we do not pool diner data across restaurants for our own marketing purposes. Each restaurant's customer relationship stays that restaurant's.
7. Service providers (processors)
In short: We share data with the providers who help run the Service — hosting, storage, AI, payments, messaging, and email — only as needed to run it.
- Railway — hosts our managed PostgreSQL database, storing restaurant, catalog, order, and diner data.
- Tigris — object storage for uploaded and generated images.
- Anthropic — processes prompts and menu content for AI-generated marketing copy (see section 4).
- An image-enhancement model provider — processes dish photographs to produce enhanced images (see section 4).
- Meta / WhatsApp — carries WhatsApp order and messaging traffic (see section 5).
- Cashfree — processes payments, splits settlement between the restaurant and us, and handles payouts.
- Mailgun — delivers transactional and account email.
- Google — provides OAuth sign-in if a restaurant chooses to use it.
8. Your rights
In short: Restaurants can access, correct, export, or delete their account data directly. Diners should start with the restaurant they ordered from; we support the restaurant in fulfilling the request.
Subject to applicable law, a restaurant may access, correct, export, or delete its account and catalog data directly in the Service, or by contacting us. A diner who wants to access, correct, or delete their order or WhatsApp history should contact the restaurant they dealt with — as the controller of that data, the restaurant directs us in fulfilling the request, and we act on it promptly once instructed.
9. Data retention
In short: We keep data while a restaurant's account is active and delete or anonymize it within a reasonable time after closure, unless we must keep it for legal, tax, or fraud reasons.
We retain personal data for as long as a restaurant's account is active and as needed to provide the Service. After account closure, we delete or anonymize data within a reasonable period, except where we must retain it to meet legal, tax, accounting, or fraud-prevention obligations — for example, GST invoices and payment records.
10. Security
In short: We use reasonable safeguards to protect data, though no system is ever completely secure.
We use reasonable technical and organizational measures to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
11. Changes & contact
In short: We'll communicate material changes to this Policy; questions or requests go to our support email or contact page.
We may update this Policy from time to time and will communicate material changes through the Service or by email. Questions or requests? Contact us at [TO BE FILLED — support email], or visit our contact page.
Disclaimer: This document is a non-lawyer template provided for convenience and does not constitute legal advice. Have qualified counsel review and adapt it before relying on it.