Privacy Policy
Last updated: June 24, 2026
1. Introduction
This Privacy Policy explains how Roomanos ("we", the "Platform") collects, processes, stores and protects personal data in connection with the digital marketplace platform we operate.
Roomanos is a multi-sided digital marketplace that connects restaurants, couriers and customers. By using the Platform you agree to this Policy.
2. Personal Data We Collect
To provide the service, the Platform may collect the following categories of personal data:
2.1. Data You Provide Directly
- Name, surname and contact details (email, phone)
- Business name and tax information (for restaurant members)
- Address and location information
- Account credentials (username, password hash)
- Courier documents (driver's licence, insurance, etc.)
2.2. Data Collected Automatically
- IP address and browser information
- Device type and operating system
- Platform usage data (page views, clicks)
- Data obtained via cookies and similar tracking technologies
- Location data (for couriers, with explicit consent)
2.3. Data From Third Parties
- Transaction information from payment service providers
- Profile information from social media accounts (when you authorise it)
3. Purposes of Use
The personal data we collect is used for the following purposes:
- Service delivery: creating accounts, managing orders, coordinating deliveries and providing customer support.
- Platform improvement: analysing user experience, developing new features and resolving defects.
- Security: fraud prevention, account security and blocking unauthorised access.
- Communication: sending order notifications, service updates and marketing messages (where consented).
- Legal obligations: meeting tax, accounting and other statutory requirements.
4. Cookies & Tracking Technologies
The Platform uses the following categories of cookies:
- Strictly necessary cookies:required for the Platform's core functions (session management, security).
- Analytics cookies: used to analyse user behaviour anonymously.
- Functional cookies: remember user preferences such as language and theme.
You can manage or disable cookies through your browser settings. Disabling strictly-necessary cookies may prevent the Platform from working correctly. You can also revisit your choices at any time via the "Cookie Preferences" link in the page footer.
5. Sharing With Third Parties
We do not share your personal data with third parties except in the following situations:
- Service providers:we transfer to processors who help us deliver the service (payment processing, email delivery, cloud storage) only the data needed for that specific service. Current processors include Supabase (database & auth), Vercel (hosting), Firebase Cloud Messaging (push notifications) and Resend (transactional email).
- Platform participants: to fulfil orders we may share necessary information between restaurant and courier — for example the delivery address.
- Legal obligations: we may share data in response to a court order, statutory regulation or a request from a competent public authority.
- Business transfer: in the event of a merger, acquisition or asset sale, data may be transferred; users will be informed in such cases.
We never sell personal data to advertisers or data brokers.
6. Data Security
We apply the following technical and administrative measures to protect your personal data:
- SSL/TLS encryption for data in transit
- Database-level encryption and access controls
- Regular security audits and vulnerability scans
- Data-security training for staff
- Access privileges limited under the principle of least privilege
7. Data Retention
Your personal data is retained for as long as required by the purpose of collection, or for the periods set out in our legal obligations. After your membership ends, your data is securely deleted or anonymised once the statutory retention periods expire.
8. Your Rights
For your statutory rights under Turkish Personal Data Protection Law No. 6698 (KVKK) — including the right to access, correct, delete and object — please review our KVKK Information Notice. If you reside in the European Economic Area or the United Kingdom, comparable rights under the GDPR / UK GDPR apply (access, rectification, erasure, restriction of processing, data portability and objection).
You can also delete your Roomanos account at any time from the dashboard, or request deletion via the page at /legal/data-deletion.
9. Children's Privacy
The Platform is not intended for individuals under the age of 18. We do not knowingly collect personal data from anyone under 18. If we become aware that such data has been collected, the relevant records are deleted immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Changes take effect as soon as they are published on the Platform. Material changes are announced by email or via an in-platform notification.
11. Mobile App: Roomanos GO
The Roomanos GO Android application (packagecom.roomanos.courier) collects the following additional data on the device:
- Location (foreground, restaurant in-house couriers): when a restaurant courier switches the app into "On duty" mode, the device's location is sent to the affiliated restaurant roughly every 30 seconds — only while the app is open — so dispatchers can see which courier is best placed to take the next order.
- Background location (hub-fleet couriers, while on duty): when a hub-fleet courier switches the app to "Müsait" (on duty), Roomanos GO collects the device location — including while the app is in the background or the screen is off — and sends it to the affiliated courier fleet so the nearest delivery can be assigned and customers can track it live. Collection runs through an Android foreground service that shows a persistent notification and uses the
ACCESS_BACKGROUND_LOCATIONpermission. A prominent in-app disclosure is shown before the permission is requested, and collection stops completely the moment the courier goes "Çevrimdışı" (off duty). Location is never collected while off duty. - Push-notification token (FCM): an anonymous device token issued by Firebase Cloud Messaging is mapped to your account on Roomanos servers so order-alert push notifications reach your phone. The token is removed when you sign out or uninstall the app.
- Device information: app version and OS version, used solely for compatibility diagnostics.
Collected data is not sold to third-party advertisers or data brokers. Use is strictly limited to: (a) order dispatch, (b) showing proof-of-delivery to the relevant restaurant and customer, and (c) measuring service quality (e.g. average delivery time).
You can revoke the location permission at any time from your device settings. Once revoked, "On duty" mode cannot run; other features of the app are unaffected.
12. Mobile App: Roomanos Kitchen
The Roomanos Kitchen Android application (packagecom.roomanos.operator) is used by restaurant operators for order management and collects the following data:
- Push-notification token (FCM): an anonymous Firebase Cloud Messaging device token is mapped to your account so new-order alerts reach the device in real time. The token is removed when you sign out or uninstall the app.
- Device information: app version and OS version, for compatibility diagnostics only.
The app does not collect location data, does not request background-execution permissions, and does not sell user data to advertisers or data brokers. Data is used solely for order management and notification delivery.
13. Contact
For questions or requests about this Privacy Policy:
- Email: [email protected]
- Platform: roomanos.com
The authoritative version of this Policy under Turkish law is the Turkish text available at /tr/legal/privacy.