Privacy Policy

TasteTrail ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, mobile applications, and related services (collectively, the "Platform"). Please read this Privacy Policy carefully. By using the Platform, you consent to the collection and use of your information as described in this Policy. If you do not agree with our practices, please do not use the Platform. This Privacy Policy is incorporated into and forms part of our Terms of Service. Capitalised terms not defined here have the meanings given in our Terms of Service.

We collect several types of information from and about users of our Platform: **2.1 Information You Provide Directly** • Account information: name, email address, password, profile photo, and account type (Diner or Restaurant Owner) • Booking and order details: reservation preferences, dietary requirements, special requests, order history • Payment information: billing address and payment method details (note: full card numbers are processed by our payment providers and not stored by us) • Restaurant listing information (for restaurant owners): business name, address, contact details, menu items, pricing, photos, operating hours • Communications: messages sent through our platform, support tickets, and feedback • Reviews and ratings: content you submit about restaurants or dining experiences • Profile preferences: cuisine preferences, favourite restaurants, dining history **2.2 Information Collected Automatically** • Device information: IP address, browser type, operating system, device identifiers • Usage data: pages visited, features used, time spent on the Platform, referring URLs • Location data: general location (city/region) and, with your permission, precise GPS location for nearby restaurant discovery • Cookies and similar tracking technologies (see Section 7) **2.3 Information from Third Parties** • If you sign in using a third-party account (e.g., Google), we receive basic profile information from that provider • Payment processors may share transaction confirmations and fraud prevention signals with us • Restaurant review aggregators may share publicly available rating data

We use the information we collect for the following purposes: **Core Service Delivery** • Processing and managing your restaurant bookings and food orders • Authenticating your identity and maintaining your account • Sending booking confirmations, reminders, and receipts • Facilitating communication between diners and restaurants • Processing payments securely **Personalisation & AI Features** • Powering our AI dining recommendations (Palate AI) based on your preferences and history • Personalising your search results and restaurant discovery feed • Curating your loyalty rewards and points **Platform Improvement** • Analysing usage patterns to improve our features and user experience • Conducting research and analytics to understand dining trends • Testing new features and product improvements **Communications** • Sending transactional emails (booking confirmations, order updates) • With your consent, sending promotional emails, newsletters, and special offers • Sending important service announcements and policy updates **Safety & Security** • Detecting, preventing, and investigating fraudulent or illegal activities • Monitoring for suspicious account activity • Verifying restaurant partner credentials and compliance **Legal Compliance** • Complying with applicable laws, regulations, and legal processes • Enforcing our Terms of Service • Resolving disputes and troubleshooting issues

We do not sell your personal information. We share your information only in the following circumstances: **With Restaurants** When you make a booking or order, we share your name, contact details, reservation specifics, and any special requests with the relevant restaurant to fulfil your booking or order. **With Service Providers** We work with trusted third-party service providers who assist us in operating the Platform, including: • Payment processors (Stripe, Ecocash, PayNow) for secure payment handling • Cloud hosting and infrastructure providers • Email and notification service providers • Analytics providers (data is aggregated or anonymised where possible) • Customer support tools All service providers are contractually obligated to protect your data and use it only for the services they provide to us. **For Legal Reasons** We may disclose your information if required to do so by law, subpoena, or court order, or if we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a governmental request. **Business Transfers** In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of the transaction. We will notify you before your information becomes subject to a different Privacy Policy. **With Your Consent** We may share your information for other purposes with your explicit consent. **Aggregated or De-identified Data** We may share aggregated, anonymised data (such as dining trends or general usage statistics) publicly or with partners. This data does not identify individual users.

We retain your personal information for as long as necessary to provide our services and fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically: • Account information is retained for the duration of your account and for up to 3 years after account closure for legal and audit purposes • Booking and order history is retained for 7 years for tax and legal compliance • Payment records are retained as required by financial regulations • Communications and support tickets are retained for 2 years • Marketing preferences and opt-out records are retained indefinitely to honour your choices When your information is no longer needed, we securely delete or anonymise it. You may request early deletion of your data (subject to legal retention requirements) by contacting us.

Depending on your location, you may have the following rights regarding your personal information: **Access**: You have the right to request a copy of the personal information we hold about you. **Correction**: You have the right to request correction of inaccurate or incomplete personal information. **Deletion**: You have the right to request deletion of your personal information, subject to certain exceptions (such as legal retention requirements or ongoing dispute resolution). **Portability**: You have the right to receive your personal information in a structured, machine-readable format and to transfer it to another service provider where technically feasible. **Restriction**: You have the right to request that we restrict our processing of your personal information in certain circumstances. **Objection**: You have the right to object to our processing of your personal information for direct marketing or where processing is based on legitimate interests. **Withdraw Consent**: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal. **To exercise these rights**, please contact us at privacy@tastetrail.com or through your account settings under "Privacy & Data." We will respond to verified requests within 30 days. You also have the right to lodge a complaint with a data protection authority if you believe your rights have been infringed.

We use cookies and similar tracking technologies to enhance your experience on our Platform. **Types of cookies we use:** Essential Cookies — Required for core Platform functionality such as authentication, session management, and security. These cannot be disabled. Preference Cookies — Remember your settings and preferences (such as dark/light mode, language, and region) to personalise your experience. Analytics Cookies — Help us understand how users interact with our Platform so we can improve it. We use tools such as analytics dashboards to track aggregate usage patterns. Marketing Cookies — With your consent, used to deliver relevant advertisements and track the effectiveness of our marketing campaigns. **Managing Cookies** You can control cookies through your browser settings. Most browsers allow you to refuse cookies or delete existing cookies. However, disabling certain cookies may affect Platform functionality. You can also opt out of analytics tracking and marketing cookies through our Cookie Preferences centre, accessible from the footer of our website.

Our Platform uses location data to power "Near Me" restaurant search and to provide localised recommendations. **How we use location data:** • Displaying nearby restaurants and their distance from you • Providing estimated travel times and directions • Improving search relevance for location-based queries **Precise GPS location** is only collected with your explicit permission (when you grant location access in your browser or device settings). You can revoke location permission at any time through your device or browser settings. **Approximate location** (city or region level) may be inferred from your IP address to provide relevant content without requiring GPS access. We do not share your precise location with restaurants or third parties beyond what is necessary to fulfil a specific booking or service request.

TasteTrail is intended for users who are 18 years of age or older. We do not knowingly collect, maintain, or use personal information from children under the age of 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we may have inadvertently collected information from a child under 18, please contact us at privacy@tastetrail.com.

We take the security of your personal information seriously and implement appropriate technical and organisational measures to protect it against unauthorised access, alteration, disclosure, or destruction. Our security measures include: • Encryption of data in transit using TLS/SSL • Encryption of sensitive data at rest • Secure, access-controlled infrastructure • Regular security audits and vulnerability assessments • Payment Card Industry (PCI) compliant payment processing through certified providers • Employee training on data protection and security practices • Incident response procedures for potential data breaches No method of electronic storage or transmission over the internet is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee absolute security. In the event of a data breach that affects your rights and freedoms, we will notify you and relevant authorities as required by law.

TasteTrail is headquartered in Harare, Zimbabwe. Your information may be stored and processed on servers located in various countries where our service providers operate. When we transfer personal information outside of Zimbabwe, we take steps to ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws. These safeguards may include standard contractual clauses, data processing agreements, or other lawful transfer mechanisms.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will: • Update the "Last Updated" date at the top of this page • Notify you by email (if you have an account with us) • Display a prominent notice on the Platform We encourage you to review this Privacy Policy periodically. Your continued use of the Platform after any changes become effective constitutes your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Privacy Team: TasteTrail Privacy Team Email: privacy@tastetrail.com Address: Harare, Zimbabwe For general support: support@tastetrail.com For legal enquiries: legal@tastetrail.com We will respond to your enquiry within 30 days.