Africanlicious
Sign inGet started
Legal

Privacy Policy

How Bright Future Global LLC collects, uses, shares and protects personal data across the Africanlicious service. Compliant with GDPR, UK GDPR, CCPA/CPRA, LGPD, NDPR and PIPEDA.

Last updated: June 2026

1. Who we are

Bright Future Global LLC ("Africanlicious", "we", "us") is the controller of personal data processed through the Africanlicious websites, mobile applications and PWA (the "Service"). We are organised under the laws of the State of California, United States of America. For privacy questions, contact legal@africanlicious.com.

2. Scope of this policy

This policy applies to customers, restaurant operators, drivers, prospective partners and website visitors worldwide. Country-specific addenda for the EU/UK, California, Brazil, Nigeria and Canada are in section 13. Where local law gives you stronger rights, those rights apply.

3. Information we collect

We collect data in three ways: information you give us, information collected automatically, and information from third parties.

3.1 Information you give us

  • Identity & contact — name, email, phone, password hash, profile photo, date of birth where required.
  • Order data — items, modifiers, special instructions, addresses, delivery preferences and tips.
  • Payment data — payment method tokens, billing address, last four digits and card brand. We do not store full card numbers.
  • Communications — messages with support, in-app chats with restaurants and drivers, survey responses, reviews and uploaded photos.
  • Partner KYC — restaurants and drivers provide identity documents, business registration, tax IDs, banking details, vehicle and insurance documents.

3.2 Information collected automatically

  • Device & technical — IP address, device model, operating system, browser, app version, language, time zone, referrer, crash logs and performance metrics.
  • Usage — pages and screens viewed, features used, search terms, clicks, scroll and basket events.
  • Cookies & similar technologies — see our Cookie Policy.
  • Location — precise location when you grant permission (to discover nearby restaurants and enable delivery tracking) and coarse IP-based location otherwise.

3.3 Information from third parties

  • Payment processors (Flutterwave, PayPal, Stripe) — payment confirmation, fraud signals.
  • Mapping & routing providers — geocoding and ETA estimates.
  • Identity / KYC providers — partner verification results.
  • OAuth providers (Google) — basic profile when you sign in with them.

4. How we use your information

  • Operate the Service — accounts, ordering, payment, delivery, support.
  • Match customers, restaurants and drivers and route deliveries efficiently.
  • Prevent fraud, abuse and security incidents.
  • Send transactional messages (order updates, receipts, security alerts).
  • Send marketing communications where allowed — you can opt out any time.
  • Personalise content, recommendations and search ranking.
  • Comply with legal, accounting and tax obligations.
  • Improve, debug and develop new features.

6. How we share information

We share the minimum data needed with:

  • Restaurants — to prepare your order (name, items, allergen notes, contact masked).
  • Drivers — first name, masked phone, delivery address and instructions for the active job only.
  • Payment processors — to authorise and settle transactions.
  • Mapping, SMS, email and push providers — to deliver real-time messages.
  • Analytics and crash-reporting tools — with consent or in aggregated form.
  • Professional advisors and insurers — under confidentiality obligations.
  • Authorities — when required by law, court order, or to protect rights and safety.
  • In a corporate transaction — with the same protections, with prior notice where required.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising without your consent.

7. International data transfers

Personal data may be processed in countries other than your own, including in the United States where Bright Future Global LLC is established. Where we transfer EU/UK personal data outside the EEA/UK, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK addendum) together with supplementary measures where required. You can request a copy of the safeguards by writing to legal@africanlicious.com.

8. Data retention

  • Account data — while your account is active and up to 24 months after closure.
  • Order, payment and tax records — typically 7 years to meet accounting and tax laws.
  • Partner KYC — for the life of the partnership plus the period required by law.
  • Support tickets — up to 3 years from resolution.
  • Marketing preferences — until you withdraw consent or unsubscribe.
  • Aggregated, de-identified data — may be retained indefinitely.

9. Your rights

Depending on where you live, you may have the right to:

  • Access the personal data we hold about you;
  • Correct inaccurate or incomplete data;
  • Delete data ("right to be forgotten"), subject to legal exceptions;
  • Restrict or object to certain processing, including direct marketing;
  • Receive data in a portable, machine-readable format;
  • Withdraw consent (without affecting prior lawful processing);
  • Lodge a complaint with your local data protection authority.

Submit requests to legal@africanlicious.com. We respond within the period required by applicable law (typically 30 days). We may need to verify your identity before acting on a request.

10. Security

We use TLS in transit, encryption at rest for sensitive fields, role-based access controls, least-privilege service roles, audited admin actions, automated dependency scanning, isolated production environments and continuous logging. No system is perfectly secure — please use a strong unique password and enable any two-factor option offered.

11. Children

The Service is not directed to children under 16 (or the higher age set by local law). We do not knowingly collect personal data from children. If you believe a child has provided us data, contact legal@africanlicious.com so we can delete it.

12. Automated decisions and profiling

We use automated processing for fraud detection, courier dispatch, ETA estimation and search ranking. These do not produce legal effects on you that significantly affect you within the meaning of GDPR Art. 22 because human review is available — contact support@africanlicious.com to request review of any automated decision.

13. Regional addenda

EU/EEA & United Kingdom (GDPR / UK GDPR)

You have the rights listed in section 9. If we rely on legitimate interests we have completed a balancing test you can request. You may complain to your national data protection authority or the UK ICO.

California (CCPA / CPRA)

California residents have the right to know, delete, correct, limit use of sensitive personal information and opt out of "sharing" for cross-context behavioral advertising. We do not sell personal information. To exercise rights email legal@africanlicious.com. We will not discriminate against you for exercising your rights.

Brazil (LGPD)

You may exercise the rights in Art. 18 LGPD by contacting our representative at legal@africanlicious.com.

Nigeria (NDPR)

Personal data is processed in line with the Nigeria Data Protection Regulation and the NDPA 2023. Requests: legal@africanlicious.com.

Canada (PIPEDA)

You can request access and correction of personal information by writing to legal@africanlicious.com.

Other regions

If your country has stronger local rules, those rules apply.

14. Cookies and similar technologies

See our full Cookie Policy. You can manage non-essential cookies at any time from the "Cookie preferences" link in the footer.

15. Changes to this policy

We may update this policy as the Service evolves. Material changes will be announced in-app or by email. The date at the top of this page shows when it was last updated.

16. How to contact us