Privacy Policy

Gravito (“Company”, “we”, “our”, or “us”) values your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, store, disclose, and safeguard data when you use our mobile application, website, and related services (collectively, the “Services”).

By accessing or using Gravito, you agree to the practices described in this Policy. If you do not agree, please discontinue use of our Services.

1. Information We Collect

We may collect the following categories of information:

  • Personal Identification Information (Customers): Name, email address, phone number, payment details.
  • Usage Data: Device type, IP address, operating system, app version, log files, crash reports.
  • Transactional Data: Orders placed, payments made, tips processed, billing history.
  • Location Data: Approximate location when using the Services (only when necessary for functionality, e.g., restaurant availability).
  • Communication Data: Messages sent through the app, support requests, and feedback.
  • Business Verification Documents (Restaurants): Trade license, VAT certificate, bank account information, and other legal or regulatory documents required to verify and onboard restaurant partners.

We do not collect more information than is necessary for providing our Services.

2. How We Use Your Information

Your data is processed strictly for the following purposes:

  • To enable QR code ordering, payments, bill-splitting, and tipping.
  • To process transactions through MyFatoorah, our secure payment partner.
  • To onboard and verify restaurants in compliance with legal and financial regulations.
  • To provide restaurant owners with analytics on sales, orders, and staff performance.
  • To allow waiters to receive and manage customer orders efficiently.
  • To detect, prevent, and investigate fraud, abuse, or security threats.
  • To comply with legal and regulatory obligations.

3. Payment Processing

All financial transactions (including orders, bill-splitting, and tips) are processed through MyFatoorah, a PCI-DSS certified third-party payment provider. Gravito does not store or process full credit/debit card details on its own servers. Sensitive payment data is encrypted and handled exclusively by MyFatoorah.

4. Data Sharing & Disclosure

We never sell your personal information. Data may only be shared with:

  • Payment Partner: MyFatoorah, for secure payment processing.
  • Service Providers: Hosting, analytics, and technical support, bound by confidentiality agreements.
  • Restaurant Partners: Limited order-related and verification data necessary for account activation and fulfillment.
  • Legal Authorities: If required by law, court order, or to protect against fraud, threats, or misuse.

5. Data Security

We implement industry-leading safeguards to protect your information, including:

  • End-to-end encryption for sensitive data (SSL/TLS).
  • PCI-DSS compliance via MyFatoorah for all payment processing.
  • Restricted employee access to data on a “need-to-know” basis only.
  • Continuous monitoring for unauthorized access, malware, and vulnerabilities.

6. Data Retention

  • Personal and transactional data is retained only as long as necessary to provide the Services or comply with legal obligations.
  • Restaurant documents may be retained for compliance, fraud prevention, and regulatory audit purposes.
  • Upon account deletion, we remove or anonymize personal information unless retention is legally required.

7. User Rights

Depending on your jurisdiction, you may have the right to:

  • Access, update, or delete your personal data.
  • Restrict or object to certain data processing.
  • Request data portability.
  • Withdraw consent at any time (without affecting lawful prior processing).

Requests can be made by contacting us at support@gravito.one. We will respond within the legally required timeframe.

8. International Data Transfers

If you access Gravito from outside the country where our servers are located, your data may be transferred across borders. We ensure all transfers comply with applicable data protection laws, including GDPR, CCPA, and other global frameworks.

9. Children’s Privacy

Gravito is not intended for use by individuals under 16. We do not knowingly collect personal information from children. If we discover such data, we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our practices. Updates will be posted with a revised “Last Updated” date. Continued use of the Services after changes means acceptance of the updated Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at:

📧 support@yachtshub.com 📞 +971 56 880 8863 ⏰ Business Hours: 10 AM – 7 PM (UAE Time)