Login
Start trial

Legal

OtterOrder Privacy Policy

Last updated: October 19, 2025

1) Overview

Thank you for using OtterOrder. We’re committed to protecting your privacy in accordance with applicable U.S. laws (including the California Consumer Privacy Act as amended by the CPRA (collectively, CCPA)) and, where applicable, the EU/UK General Data Protection Regulation (GDPR). This Privacy Policy explains what personal information we collect, how we use it, how we share it, and the rights you may have.

This Policy applies to our websites, apps, kiosks, and related services (the “Services”).

Controller: OtterOrder, LLC (Wyoming, USA)
Contact: support@otterorder.com

Using our Services means you consent to this Policy. If you do not agree, please discontinue use.


2) Personal Information We Collect

The information we collect depends on how you use the Services (e.g., as a customer placing orders or as a merchant).

2.1 Information you provide

  • Identity & contact: name, email, phone, billing/shipping details.
  • Account data: username, password, preferences.
  • Order data: items ordered, instructions, tips, timestamps, totals, taxes/fees.
  • Support & communications: messages you send us; survey responses; reviews.
  • Merchant/KYC (for businesses): legal entity name, EIN, beneficial ownership info (if requested by our payments partner), business address, banking info for payouts.
  • Uploads: images, logos, menu content (for merchants).

2.2 Information collected automatically

  • Device & usage: IP address, device identifiers, browser type, OS, referring/exit pages, clickstream, page views, session duration.
  • Approximate location: derived from IP or device settings (if enabled).
  • Cookies & similar technologies: pixels, SDKs, local storage (see §8).

2.3 Information from third parties

  • Payments: status/metadata from Payroc (our payment processor).
  • Analytics & ads tech: aggregated/usage data from analytics providers.
  • Fraud prevention & address validation providers.
  • Merchants / partners: order/fulfillment status, support context.

We do not intentionally collect sensitive personal information unless necessary for identity verification, fraud prevention, or regulatory compliance (e.g., merchant KYC). We do not knowingly collect information from children under 13 (see §12).

3) How We Use Personal Information

We use your information to:

  • Provide & operate the Services (account creation, ordering, payments, receipts).
  • Facilitate payments via Payroc; detect and prevent fraud.
  • Support & communicate (order updates, receipts, service notifications).
  • Personalize & improve (content, features, performance, security).
  • Comply with law (tax/audit, chargeback handling, lawful requests).
  • Marketing with consent (or where permitted by law): email/SMS/push about features, offers, and updates. You can opt out anytime (see §9).

Legal bases (GDPR, where applicable)

  • Contract (Art. 6(1)(b)) – to provide the Services you request.
  • Legitimate interests (Art. 6(1)(f)) – security, analytics, improvements, limited marketing.
  • Consent (Art. 6(1)(a)) – where required for cookies/marketing/SMS.
  • Legal obligation (Art. 6(1)(c)) – tax/accounting, fraud prevention.

4) How We Share Personal Information

We share only as needed to operate the Services or as required by law:

  • Payment processing: Payroc (and its banking partners) to process payments, handle settlements, disputes, and fraud checks.
  • Service providers (“processors”): hosting/cloud (e.g., major U.S. cloud providers), analytics, messaging (email/SMS), customer support, logging/monitoring, error tracking.
  • Merchants: when you place an order with a merchant, we share order details so they can fulfill it; if you opt in to a merchant’s marketing, we share your contact details for that purpose.
  • Integrations you enable: POS, delivery partners, or other tools you connect.
  • Legal & safety: to comply with laws, lawful requests, or to protect rights, property, safety, and prevent fraud or abuse.
  • Corporate transactions: in the event of a merger, acquisition, financing, or sale of assets (your data may be transferred as part of the transaction).

We do not sell your personal information for money. We may use or allow limited cross-context behavioral advertising/“sharing” through analytics/ads tech. See §10 for your opt-out rights.

5) Payment Information (Payroc)

All card payments are handled by Payroc. We do not store full card numbers on our systems. Your use of payments is subject to Payroc’s terms and privacy notice. We receive limited payment metadata (e.g., last 4 digits, token, status) to confirm transactions, handle receipts, and resolve disputes.

6) Data Retention

We retain personal information for as long as necessary to:

  • Provide the Services and maintain your account,
  • Comply with legal, tax, accounting, and audit obligations,
  • Resolve disputes and enforce our agreements,
  • Maintain security and fraud prevention.

Where feasible, we de-identify or aggregate data for analytics/improvements. When no longer needed, we delete or de-identify information per our retention schedules.

7) Security

We implement reasonable administrative, technical, and physical safeguards (e.g., TLS encryption in transit, access controls, logging). No method of transmission or storage is 100% secure; you use the Services at your own risk. Protect your account credentials and notify us promptly of any suspected compromise


8) Cookies & Similar Technologies

We and our partners use cookies, SDKs, pixels, and local storage to:

  • remember preferences and keep you signed in,
  • measure usage and performance,
  • prevent fraud and maintain security,
  • (where permitted) tailor content and marketing.

You can adjust browser/device settings to block or delete cookies, which may affect functionality. Where required, we request consent for non-essential cookies.

9) 10DLC Compliance and Privacy

A. Collection of Personal Information

We collect limited personal information when you provide your phone number to receive text messages related to your transactions or account activity. This may include your name, phone number, and order or account identifiers.
 You provide this information voluntarily when:

  • Entering your phone number to receive receipts, order updates, or pickup notifications;
  • Enabling two-factor authentication (2FA) for account security; or
  • Using the mobile app or kiosk where texting is part of the service.

B. Use of Personal Information

We use the information you provide for the following purposes:

  • To send you transactional or service-related 10DLC messages, including receipts, 2FA codes, and “order ready” or “pickup” notifications;
  • To comply with carrier and legal obligations under 10DLC (10-Digit Long Code) regulations;
  • To maintain records of consent and message logs required by carriers;
  • To improve our messaging reliability and user experience.

Important: Any marketing-related text messages (promotions, coupons, or announcements) are sent only through authorized third-party marketing platforms that have their own opt-in systems, privacy policies, and carrier-approved 10DLC registrations. OtterOrder’s core 10DLC traffic is reserved solely for transactional purposes.

C. Privacy and 10DLC Standards

As a registered 10DLC messaging provider, OtterOrder, LLC follows the CTIA and carrier-mandated principles below:

  • Transparency: Our Privacy Policy and Terms are displayed next to all phone number entry fields where messaging consent is collected.
  • Data Protection: End-user information collected for 10DLC messaging is never shared, sold, or used for lead generation, analytics, or marketing.
  • Explicit Consent: Users opt in by submitting their phone number through a clear call-to-action (e.g., “Text me my receipt”). Consent is not bundled with unrelated services.
  • Opt-Out & Help Keywords: Users can text STOP to the 10DLC number to immediately stop receiving messages or text HELP for assistance.
  • No Short Code Routing: All opt-in and opt-out activity occurs through the same 10DLC number; short code or alternate routes are not used.
  • Retention: Message data is retained only as long as necessary to fulfill service or legal requirements.

D. Opting Out

You may stop receiving 10DLC messages at any time by replying STOP to the number associated with the service. You will receive a confirmation that you have been unsubscribed. For assistance or questions, reply HELP or contact support@otterorder.com. Standard message and data rates may apply.

E. Disclosure of Personal Information

We do not share, sell, or rent end-user information collected for 10DLC purposes to any third parties or affiliates for marketing, lead generation, or analytics. Information is used only to deliver messages you’ve requested, ensure compliance with 10DLC and carrier regulations, and maintain service functionality.

10) Your Privacy Rights

Depending on your jurisdiction (e.g., California, Colorado, Virginia, Connecticut, Utah; EU/UK), you may have rights to:

  • Access/know the categories and specific pieces of personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete personal information (subject to legal exceptions).
  • Portability (receive a copy in a portable format).
  • Opt out of: targeted advertising (“sharing”), certain profiling, and the sale of personal information (we do not sell for money).
  • Limit the use/disclosure of sensitive personal information (where applicable).
  • Withdraw consent (for processing based on consent).

How to exercise: email support@otterorder.com with the subject line “Privacy Request” and tell us what you want to do (e.g., Access, Delete, Correct, Do Not Sell/Share). We will verify your request (we may ask you to confirm your email or provide limited information to match our records). You may use an authorized agent where allowed by law (with proof of authorization). If we deny your request, some states allow you to appeal—reply “Appeal” to our decision, and we’ll review.

California disclosures

We have collected the following categories in the past 12 months: identifiers; commercial information (orders); internet/network activity; approximate geolocation; inferences (limited, for service personalization); and, for merchants, professional/commercial information. Sources include you, your devices, merchants, Payroc, and service providers. We share with service providers/processors, merchants (when you order), and, where applicable, analytics/ads partners for cross-context advertising. We do not sell personal information for monetary consideration.

11) International Data Transfers

We operate in the United States and may transfer data to service providers in other countries. Where GDPR/UK GDPR applies, we rely on appropriate safeguards (e.g., Standard Contractual Clauses) for such transfers.

12) Children’s Privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child under 13 has provided personal information, contact us and we will take appropriate steps to delete it.

13) Third-Party Links & Services

The Services may link to or integrate third-party sites and services. Their privacy practices are governed by their own policies. We are not responsible for third-party practices.

14) Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date reflects the latest version. Material changes will be highlighted through the Services or by email where appropriate. Your continued use after changes means you accept the updated Policy.

15) Contact Us

OtterOrder, LLC
Email: support@otterorder.com
Subject line: Privacy Inquiry

Supplemental Notice for Merchants (KYC/Underwriting)

When you onboard as a merchant, Payroc (and its banking partners) may require information to verify your identity and assess risk (e.g., EIN, beneficial owners, government IDs, bank account details). We share related information with Payroc solely to enable payments, fraud prevention, compliance reviews, and payouts. Payroc’s handling of your information is subject to its own privacy notice.