Privacy Policy
Effective date: January 1, 2026. This Privacy Policy explains how NorthBite Inc. collects, uses, discloses, and protects personal information when you use our services, including our website, mobile applications, and delivery operations across Toronto and Ontario. We design our services to respect user privacy and comply with applicable Canadian privacy laws, including the Personal Information Protection and Electronic Documents Act. Where we process data for customers or partners, we follow clear agreements that define permitted uses and safeguards. If you have questions about this policy or our practices, you may contact our privacy team using the contact details below.
Information we collect
We collect information that is necessary to operate a food delivery service and to provide a reliable user experience. This includes information you provide directly when creating an account, placing an order, or contacting support. Typical categories include name, email address, phone number, delivery address, payment information, and order details. We may also collect profile preferences such as dietary filters, saved addresses, and order history. When you use our apps or website, we collect technical data such as device identifiers, IP addresses, browser type, operating system, and mobile network information. Location data is collected with your permission to enable accurate delivery and live tracking. For drivers and restaurant partners, we collect additional operational data such as driver license information, vehicle details, bank or payout information, and onboarding documentation. We do not sell personal information for direct marketing purposes.
How we use information
We use collected information to provide, maintain, and improve our services. Use cases include processing orders, coordinating deliveries, communicating order status, providing customer support, and enabling payment processing and refunds. Information supports trust and safety functions such as fraud detection, driver onboarding verification, and dispute resolution. We analyze aggregated and de-identified data to understand usage patterns, improve routing, and optimize delivery times. With consent, we may use contact information to send service updates, offers, or surveys, and you may opt out of marketing communications at any time. For restaurant partners, operational data is used to populate menus, display accurate availability, and provide performance reports that help partners improve service and menu offerings. We retain and use information as necessary for legal obligations, to resolve disputes, and to enforce our agreements.
Cookies and tracking
Our website and apps use cookies and similar technologies to enable core functionality and to improve user experience. Essential cookies are required for account authentication, shopping cart persistence, and security. Analytics cookies help us measure site performance, understand how users interact with our content, and identify areas for improvement. Where permitted, we use third-party analytics providers to collect aggregated metrics. You can manage cookie preferences using the cookie control tools on the site. For users who decline analytics cookies, we will continue to provide essential service functions while disabling optional tracking. We do not use cookies to collect payment card data; payment processing is handled by secure payment processors that meet applicable industry standards.
Sharing and disclosure
We share personal information with third parties only for legitimate business purposes and under strict safeguards. Examples include payment processors who handle card transactions, mapping and routing providers that enable driver navigation, analytics providers for aggregated insights, and background check vendors used in driver onboarding. We share order details with restaurants to prepare and fulfill your order. We may disclose information to comply with legal obligations or to respond to lawful requests by public authorities. In limited circumstances, such as mergers, acquisitions, or insolvency, personal information may be transferred to a successor entity, and we will require any such acquirer to honor the commitments in this policy. We do not authorize third parties to use customer data for their independent direct marketing unless you explicitly consent to such use.
Security and retention
We implement administrative, physical, and technical measures to protect personal information from unauthorized access, disclosure, alteration, and destruction. These measures include secure network architecture, encryption of sensitive data in transit and at rest where feasible, access controls, and regular security assessments. Despite these measures, no system is fully immune to risk, and we encourage users to protect their account credentials. We retain personal information only as long as necessary to fulfill the purposes described in this policy, to meet legal obligations, or to resolve disputes. Retention periods vary by data type, for example, transactional records and payment receipts are typically retained for several years to comply with financial recordkeeping obligations. Where possible, data that is no longer required is deleted or de-identified.
Your rights
Depending on your jurisdiction, you may have certain rights regarding your personal information. These may include the right to access, correct, or delete information, the right to request portability, and the right to object to or restrict processing in certain circumstances. To exercise these rights, please contact our privacy team at [email protected] or by mail using the address listed below. We will verify requests to protect you and other users from fraudulent requests. For marketing opt-outs, you may use the unsubscribe link in communications or manage preferences via your account settings. We will respond to requests in accordance with applicable law and aim to provide a timely response.
International transfers
NorthBite operates primarily in Canada but may transfer and store information in other jurisdictions where our service providers operate. When personal information is transferred outside Canada, we take reasonable steps to ensure it remains protected by contractual safeguards and technical controls that meet Canadian privacy standards. If you are located in a jurisdiction with specific cross-border transfer rules, please contact our privacy team for details regarding safeguards applied to your data.
Children's privacy
Our services are intended for users aged 18 and over. We do not knowingly collect or solicit personal information from children under 13. If a parent or guardian becomes aware that their child has provided us with personal information, they should contact us at [email protected] and we will promptly delete such information unless retention is required by law.
Changes to this policy
We may update this Privacy Policy to reflect changes in our practices or legal obligations. When we make material changes, we will provide a prominent notice on the site or via email before the changes take effect. The effective date at the top of this page indicates when the policy was last updated. We encourage users to review this page periodically to stay informed about how we protect personal information.
Contact
For privacy questions, requests, or concerns, reach our privacy team: