Privacy policy
Last updated: [date] · Effective date: [date]
This Privacy Policy explains how gito.az ("gito.az", "we", "us") collects, uses, stores, shares and protects your personal data when you use our mobile application, website and related services (the "Service"). It is prepared in accordance with the Law of the Republic of Azerbaijan "On Personal Data" (No. 998-IIIQ, 11 May 2010) and other applicable legislation.
Data operator: [registered entity name], TIN (VÖEN) [●], [registered address], Azerbaijan. Contact: support@gito.az.
By creating an account or using the Service, you consent to the collection and processing of your personal data as described here. You may withdraw consent at any time (Section 9).
1. Personal data we collect
We collect only the data needed to run the Service:
• Account & identity: name, email address, phone number, profile photo (if you add one), preferred language.
• Authentication: email and password, or a one-time phone code (managed by our infrastructure provider).
• Reservation data: the name, phone number, party size, date/time and notes you submit when sending a reservation request.
• Reviews and content: ratings, comments and any content you publish, together with your display name.
• Activity data: venues you view, searches, saved venues and dishes, and filters you apply.
• Approximate or precise location: only when you grant permission, to show venues near you and calculate distances. You can disable location in your device settings.
• Device & technical data: device type, operating system, app version, and a push-notification token if you enable notifications.
We do not knowingly collect special categories of data (health, religion, political views, etc.).
2. Purposes and legal basis
We process your data:
• to create and manage your account and authenticate you — basis: performance of our agreement with you and your consent;
• to provide discovery, show venues and deliver your reservation requests to the relevant venue — basis: performance of the service you requested;
• to publish your reviews and operate moderation — basis: your consent and our legitimate interest in a safe platform;
• to send service and notification messages — basis: consent / service performance;
• to maintain security, prevent abuse and fraud, and improve the Service — basis: legitimate interest and legal obligation;
• to comply with legal requirements — basis: legal obligation.
Under the Law "On Personal Data", your consent covers who we are, the purpose, the categories of data, the storage period and the deletion terms — all set out in this Policy.
3. Sharing your data
We do not sell your personal data. We share it only:
• With venues, for reservations: when you send a reservation request, your name, phone number and request details are shared with that venue so it can respond. The venue then acts as an independent recipient of that data.
• With service providers (processors) that operate our infrastructure strictly on our instructions: Supabase (database, authentication, storage), Mapbox (map display), and Google Firebase Cloud Messaging (push notifications, if enabled).
• With authorities, where required by Azerbaijani law or valid legal process.
• In a business transfer (merger, acquisition), subject to this Policy.
4. International data transfer
Our service providers may store and process data on servers located outside the Republic of Azerbaijan. Where data is transferred abroad, we rely on your consent and on the necessity of the transfer to perform the Service, and we take reasonable steps so that the data continues to receive an adequate level of protection, consistent with the Law "On Personal Data". We do not transfer data in a way that would harm national security or public order.
5. Retention
We keep your personal data for as long as your account is active and as needed to provide the Service. When you delete your account, we delete your personal data from our active systems; limited records may be retained where required for legal, security or audit purposes (for example, administrative action logs are kept up to 90 days), after which they are deleted or anonymised. Residual copies in encrypted backups are overwritten on our normal backup cycle.
6. Security
We protect your data using encryption in transit and at rest, row-level access controls (RLS) and restricted administrative access. No system is completely secure; we cannot guarantee absolute security, but we work to protect your data and to address incidents promptly.
7. Reviews and other content you publish
Reviews you post are visible to other users together with your display name. Do not include data you do not want to be public. You can edit your review (subject to limits) or delete your account to remove all your content.
8. Children
The Service is intended for users aged 18 and over. We do not knowingly collect data from persons under 18. If you believe a minor has provided us data, contact us and we will delete it.
9. Your rights
In accordance with the Law "On Personal Data", you have the right to:
• know whether we hold your data, and the purposes of processing;
• access your data and request a copy;
• correct inaccurate or incomplete data;
• request deletion of your data;
• obtain information about third parties to whom your data has been disclosed;
• change the confidentiality status of your data;
• object to processing and withdraw your consent at any time (this does not affect processing already carried out).
You can exercise most of these rights directly in the app (Profile → edit data; Profile → Delete account). For other requests, contact support@gito.az; we respond within the periods set by law.
10. Cookies and local storage
The app and website store limited data on your device (for example, your language choice and recent searches) so the service works. This data stays on your device unless needed to provide the Service.
11. Push notifications
If you enable notifications, we use a device token to send them. You can turn notifications off at any time in your device settings.
12. Changes to this Policy
We may update this Policy. We will post the updated version with a new date; significant changes will be brought to your attention.
13. Contact and supervisory authority
Questions or requests: support@gito.az.
You also have the right to contact the competent Azerbaijani state authority responsible for personal data protection (the relevant authority of executive power; currently within the Ministry of Digital Development and Transport).