oyabite

Oyabite Privacy Policy

Effective date: 12 July 2026

This Privacy Policy explains how Oyabite collects, uses, shares, and protects your personal information when you use our website at https://oyabite.com and our two mobile apps: the Oyabite customer app and the Oyabite Chef app (together, the "Services").

Please read this policy carefully. By using the Services, you agree to the practices described here.

1. Who we are

Oyabite is a marketplace that connects people who want real home-cooked meals with verified independent home chefs. Customers discover dishes, place orders, track delivery, chat with chefs, and leave ratings. Chefs onboard, get verified, manage a menu, receive and fulfil orders, and manage their earnings.

Oyabite does not cook, prepare, or sell food. Food is prepared and sold by independent home chefs who use our platform. We record and facilitate orders, but we are not a party to the sale of the meal itself.

For the purposes of data protection law, the data controller is:

Oyabite Lagos, Nigeria Nigeria

If you have any questions about this policy or your personal information, contact us at hello@oyabite.com.

Our Data Protection Officer (or privacy contact) can be reached at: hello@oyabite.com.

2. Payments: how they work (and what we do not do)

Oyabite does not process payments and does not hold your money. Customers pay chefs directly for the physical food and delivery, using methods such as bank transfer, CashApp, or Zelle. These payments happen directly between the customer and the chef, outside of the app.

Because Oyabite sells physical, real-world goods and services (home-cooked food and delivery) rather than digital content, we do not use Apple In-App Purchase.

Oyabite earns money by charging chefs a 1% "space bill" on their sales. This is billed to chefs monthly and settled outside of the app. We do not take a cut of the customer's payment inside the app, and we do not store full customer payment card numbers.

3. The data we collect and why

We only collect what we need to run the marketplace safely. Here is what we collect, grouped by who provides it.

From customers

  • Email address. To create and secure your account, verify you with a one-time code (OTP), and send order and account messages.
  • Name. So chefs and couriers know who the order is for, and to personalise your experience.
  • Phone number. So chefs and delivery can reach you about your order.
  • Delivery address and precise location. To show you nearby chefs, calculate delivery, and get your food to the right place. Precise location is used to power features like nearby discovery and delivery tracking.
  • Photos you upload (for example, photos attached to reviews). To let you share your experience.
  • Allergy and dietary information. To power hard-exclusion allergy filters so we can hide dishes that are unsafe for you.
  • Orders, chat messages, ratings, and reports. To fulfil orders, support you, resolve disputes, and keep the community safe.

From chefs

In addition to the account details above (email, name, phone), chefs provide:

  • KYC verification documents: government-issued ID, a utility bill, kitchen photos, and a 30-second intro video. We use these to verify that every chef is a real, identifiable person cooking in a real kitchen before they can go live. This is core to trust and safety.
  • Weekly kitchen-photo check-ins. To confirm on an ongoing basis that kitchens stay clean and compliant.
  • Bank payout details. So chefs can receive payment from customers and so we can bill the monthly 1% space bill. We collect only what is needed to identify the payout account.
  • Menu content: dish names, descriptions, prices, food plans, and dish photos. To build the chef's storefront.

From everyone, automatically

  • Device and usage data: app version, device type, basic diagnostics, and how you interact with the Services. Used to keep the apps working, fix bugs, and improve the product. This is first-party product analytics only.
  • Handoff codes. Per-order codes generated to confirm the right meal reaches the right person at handoff.

We do not collect data for third-party advertising, and we do not track you across other apps or websites. We do not use Apple's App Tracking Transparency because we do not track you across other companies' apps and sites.

4. Legal bases for processing

Where data protection law (such as the Nigeria Data Protection Act / NDPR, or the EU/UK GDPR) applies, we rely on the following legal bases:

  • Performance of a contract. To create your account and let you place, receive, and fulfil orders.
  • Consent. For precise location and for optional features. You can withdraw consent at any time (for example, in your device settings for location).
  • Legal obligation. To meet identity-verification, tax, accounting, and food-safety-related obligations that may apply to us.
  • Legitimate interests. To keep the marketplace safe and trustworthy (chef verification, fraud prevention, dispute resolution, and first-party analytics to improve the Services), balanced against your rights.

5. How we use your data

We use personal information to:

  • Create, secure, and verify your account, including email OTP verification.
  • Verify chefs before they go live and keep them compliant over time.
  • Show customers relevant dishes, including the swipe deck, search, and AI meal-timetable suggestions.
  • Take, record, and help fulfil orders, including delivery tracking and handoff codes.
  • Let customers and chefs message each other about an order.
  • Apply allergy hard-exclusion filters so unsafe dishes are hidden.
  • Enable ratings, reports, and our "we step in" appeals process.
  • Bill chefs the monthly 1% space bill.
  • Provide customer support and resolve disputes.
  • Keep the Services safe, prevent fraud and abuse, and meet legal obligations.
  • Improve the Services using first-party product analytics.

AI features

Some features, such as AI meal-timetable suggestions, are powered by a third-party AI provider (OpenAI). We minimise the personal information sent to the AI provider and avoid sending directly identifying details where we can. AI providers act as our processors and are not permitted to use your data to train their own models for their own purposes.

6. How we share your data

We do not sell your personal data. We share it only in the limited ways below.

  • Between chefs and customers, to fulfil an order. When you place an order, we share the limited information needed to complete it. For example, a chef receives the customer's name, delivery address, phone number, order details, and relevant allergy information; a customer receives the chef's business details needed to receive the food and to pay the chef directly. Food is prepared and sold by the independent chef, and payment happens directly between the customer and the chef.
  • Service providers (processors) who help us run the Services under contract, including:
    • Cloudflare for hosting, image storage and delivery (Cloudflare Images), and video hosting (Cloudflare Stream), including the intro videos and photos.
    • Resend for sending transactional email such as OTP codes and order notifications.
    • OpenAI for AI-powered features, with personal information minimised as described above. These providers process data on our behalf and under our instructions.
  • Legal and safety. We may share information if required by law, to enforce our Terms, to prevent fraud or harm, or to protect the rights and safety of our users and the public.
  • Business transfers. If Oyabite is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction, subject to this policy.

7. Data retention

We keep personal information only for as long as we need it for the purposes described in this policy, or for as long as the law requires.

  • Account information is kept while your account is active.
  • Order records, chat logs, and ratings are kept for a reasonable period to support disputes, appeals, safety, and legal or accounting obligations.
  • Chef KYC documents and payout details are kept for as long as the chef is active and for any period required to meet legal, tax, and verification obligations, then deleted or anonymised.

When we no longer need your data, we delete it or make it anonymous.

8. How we protect your data

We take security seriously.

  • KYC documents and other sensitive files are encrypted, both in transit and at rest.
  • Access to sensitive data (such as KYC documents and payout details) is restricted to authorised staff on a need-to-know basis, and access is logged.
  • We use industry-standard measures to protect data in transit and at rest.

No system is perfectly secure, but we work to protect your information and to respond quickly if something goes wrong.

9. Your rights

Depending on where you live, you have rights over your personal information. These include, under the Nigeria Data Protection Act / NDPR and under GDPR-grade laws:

  • Access. Ask for a copy of the personal data we hold about you.
  • Export (portability). Get your data in a portable format.
  • Correction. Ask us to fix data that is wrong or incomplete.
  • Deletion. Ask us to delete your data, subject to legal limits.
  • Restriction and objection. Ask us to limit or stop certain processing.
  • Withdraw consent. Where we rely on consent, withdraw it at any time, without affecting past processing.

To exercise any of these rights, email hello@oyabite.com. We will respond within the time required by law. You also have the right to complain to your data protection authority (in Nigeria, the Nigeria Data Protection Commission).

10. Children

Oyabite is not for children. The Services are intended for people aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has given us personal information, contact us at hello@oyabite.com and we will delete it.

11. International data transfers

Oyabite serves customers and chefs in Nigeria (starting in Lagos and Abuja) and works with service providers that may store or process data in other countries. When we transfer personal data across borders, we take steps to make sure it is protected in line with applicable law, including using providers that offer appropriate safeguards.

12. Cookies and analytics

Our website uses a small number of cookies and similar technologies to make the site work and to understand how it is used. Our analytics are first-party product analytics only. We do not use third-party advertising cookies, and we do not track you across other companies' websites or apps. You can control cookies through your browser settings.

13. Changes to this policy

We may update this policy from time to time. If we make material changes, we will update the effective date at the top and, where appropriate, let you know through the Services or by email. Please check back so you stay informed.

14. Contact us

If you have any questions, requests, or complaints about this policy or your personal information, contact us at:

Email: hello@oyabite.com

Oyabite Lagos, Nigeria

Governing law: Lagos State, Nigeria.