Privacy Policy

This Policy has been prepared in accordance with the legislation of the Republic of Uzbekistan on personal data, in particular the Law of the Republic of Uzbekistan «On Personal Data» No. ZRU-547 of 02.07.2019, as well as the general principles of GDPR with respect to processing data of users from EU countries.

Personal data means any information relating to a directly or indirectly identified natural person. Processing means any action or set of actions performed with such data.

Consent to this Policy is given at the moment of registration, submission of an application, or commencement of use of the service. If you do not agree with its terms, please do not use the service.

Depending on how you interact with the service, we may collect the following categories of data:

• Contact details: name, phone number, email, company name, job title.
• Technical data: IP address, device type, browser version, cookie identifiers, information about pages visited.
• Authentication data: login, password hash, session tokens.
• Payment details: masked card number, payment status, transaction identifier (the full card number is not stored — it is processed by the Click, Payme, HUMO, and Uzcard payment systems).
• Customer business data: menus, dish descriptions, photos, inventory, order history, sales metrics.
• Data of your business's end customers (if you use the service as a restaurant or store): phone number, delivery address, order contents.

We use the data we collect solely for the following purposes:

• Identifying and authenticating users in the service.
• Entering into and performing the contract, including providing access to the chosen plan.
• Communicating with you on matters of service, support, billing, and important notifications.
• Improving the quality of the service: behavioral analytics, A/B testing, incident diagnostics.
• Marketing communications (only with your consent and with the option to unsubscribe in one click).
• Compliance with legal requirements and responding to requests from authorized agencies.

Personal data is processed on the following legal grounds: consent of the data subject; performance of a contract to which the subject is a party; compliance with the Company's legal obligations; protection of the Company's legitimate interests, where these do not override the interests of the data subject.

Data is retained only for as long as necessary to achieve the purposes of processing and to comply with legal requirements:

• Active account data — for the entire period of service usage.
• Payment and fiscal document data — 5 years from the date of the transaction (as required by tax and fiscal legislation).
• Marketing data — until consent is withdrawn by the user.
• Technical logs — 90 days from the time of creation.
• Backup copies — 30 days after deletion of the source data.

Once the retention period expires, data is anonymized or irreversibly deleted.

We do not sell your data to third parties. Sharing may occur only in the following cases:

• With contractors that operate the service (hosting, email delivery, SMS providers) — to the minimum extent necessary to provide the service and subject to confidentiality agreements.
• With the Click, Payme, HUMO, and Uzcard payment systems, acquirers, and banks — for processing payments.
• With government agencies — in response to official requests submitted in accordance with applicable law.
• During corporate events (mergers, acquisitions) — provided that the successor undertakes to comply with this Policy.

The zoomda.uz website and the control panel use cookies and similar technologies (localStorage, pixels) for the following purposes: maintaining a user session; remembering language and interface preferences; collecting anonymous statistics through analytics systems; protecting against automated attacks.

You can disable cookies in your browser settings, but doing so may affect the functionality of the service.

We apply organizational and technical measures to protect personal data:

• Transport-layer encryption (TLS 1.2+) for all connections.
• Encryption of sensitive fields in the database.
• Multi-factor authentication for administrative accounts.
• Regular backups and recovery testing.
• 24/7 monitoring of anomalies and incidents.
• Information security training for staff.

Despite the measures we take, no protection on the internet is absolute. Please report any suspicious activity on your account to us immediately.

As a personal data subject, you have the right to:

• Receive information about the contents and sources of the data we hold.
• Request that your data be clarified, corrected, or deleted.
• Withdraw any previously given consent to processing.
• Receive an export of your data in a machine-readable format (Excel, CSV, JSON).
• File a complaint with the authorized agency for personal data protection.

Send requests to info@zoomda.uz. We respond within 10 business days.

The service is not intended for persons under 16 years of age. We do not request and do not knowingly collect data of minors. If you become aware that we have received such data, please notify info@zoomda.uz and we will delete it.

We may update this Policy from time to time. The date of the most recent revision is shown at the top of the document. We notify users of material changes by email and in the control panel at least 14 days before they take effect.

For questions about personal data processing and the exercise of your rights:

• Email: info@zoomda.uz
• Phone: +998 (90) 823-33-83
• Address: 7 Urikzor Street, Yakkasaray district, Tashkent, the Republic of Uzbekistan
• Legal entity: Zoomda LLC (TIN, registration number, and other details to be specified upon finalization of the document)