Privacy Statement

Last modified: May 2026  ·  Estimated reading time: ~30 minutes

This Privacy Statement is adapted and based on industry-standard food delivery privacy frameworks.

1. Who Are We and How Can You Reach Us?

We are Matis Eat AB, a food delivery company headquartered in Stockholm, Sweden, operating across Sweden and Europe. We are the "data controller" for your personal data — meaning we decide how and for what purposes your data is processed.

If you have questions about your privacy, contact us:

• General privacy enquiries: privacy@matiseat.com
• Data Protection Officer: dpo@matiseat.com
• Address: Stockholm, Sweden

2. What Personal Data Do We Process?

When you use the Matis Eat platform (the "Platform"), we process personal data you provide, data collected from your device, and data obtained from third parties. The main categories are:

Account Data

Your name, email address, password, telephone number, country of residence, user ID, and language preferences.

Order & Delivery Data

Delivery address, order date and time, order IDs, order history, product names and quantities, and delivery instructions.

Location Data

Address, postcode, city, country, and geographic coordinates (longitude and latitude).

Device Data

Device ID, IP address, session data, device configuration, operating system, platform interactions (e.g. items added to cart), and data from web trackers (cookies, SDKs, pixels).

Payment Data

Bank account details, credit/debit card information, tax ID, payment method, payment amounts, refund details, and receipts.

Customer Support Data

Content of support requests, responses from the Matis Eat support team, and any attached images or files.

3. How Do We Process Your Personal Data?

3.1 Creating Your Account

When you register on the Platform, we collect your name, email, password, phone number, country, and language settings. We assign you a unique user ID to manage your account efficiently. You may also register via Single Sign-On (SSO) using Google, Apple, or Facebook — we never store your SSO password.

Legal basis: Art. 6(1)(b) GDPR — Performance of contract

3.2 Browsing the Platform

We use cookies and web tracking technologies to operate the Platform, improve performance, and personalise content. You can manage your cookie preferences at any time through your account settings. We may also show restaurants and products tailored to your location, order history, and browsing behaviour.

Legal basis: Art. 6(1)(b) GDPR & Art. 6(1)(f) GDPR — Contract & legitimate interest

3.3 Placing an Order

When you place an order, we process your account data, order details, delivery address, and payment information. Your cart persists across sessions. Payment data is shared with your chosen payment provider. Receipts and payment records are retained for 7 years to meet accounting obligations.

Legal basis: Art. 6(1)(b) GDPR & Art. 6(1)(c) GDPR — Contract & legal obligation

3.4 Delivering Your Order

We share your name, telephone number, and delivery address with the restaurant (Vendor) and, where applicable, the courier. Couriers may contact you via in-app chat or phone if needed. We minimise data shared at every step. Proof of delivery may include a timestamp, your name, and a photo or signature.

Legal basis: Art. 6(1)(b) & Art. 6(1)(f) GDPR — Contract & legitimate interest

3.5 Customer Support

When you contact support, we process your account, order, and request data. We may use automated tools and AI-powered chatbots for routine tasks. You can always request a human review. Support data is retained for the applicable legal limitation period (typically 3–6 years).

Legal basis: Art. 6(1)(b) GDPR — Performance of contract

3.6 Marketing & Promotions

We may send you app notifications, emails, or SMS about offers and new restaurants. You can opt out at any time. We also run referral programs, vouchers, loyalty rewards, and competitions. Online targeted advertising requires your explicit consent — if you decline, you may still see generic Matis Eat ads.

Legal basis: Art. 6(1)(f) GDPR — Legitimate interest (newsletters)  |  Art. 6(1)(a) GDPR — Consent (targeted ads)

3.7 Platform Security & Fraud Prevention

We use industry-leading infrastructure including two-factor authentication, traffic monitoring, backups, and encryption. We also employ automated fraud detection (scoring, transaction analysis, behavioral modelling). If an automated decision negatively affects you, contact us to request a human review.

Legal basis: Art. 6(1)(f) GDPR — Legitimate interest

3.8 Improving Our Services

We use aggregated and pseudonymised data for analytics, A/B testing, and business intelligence. User surveys and interviews are conducted with your consent. Anonymised vendor insights help restaurants improve their services on our Platform.

Legal basis: Art. 6(1)(f) GDPR — Legitimate interest  |  Art. 6(1)(a) GDPR — Consent (surveys)

3.9 Legal Compliance

We may process or disclose your data to comply with legal obligations, respond to court orders or authority requests, or defend against legal claims.

Legal basis: Art. 6(1)(c) & Art. 6(1)(f) GDPR — Legal obligation & legitimate interest

4. Who Receives Your Data?

Within Matis Eat, only staff with a legitimate need access your data. Externally, we share data with:

• Vendors (restaurants/stores) and couriers to fulfil your orders
• Payment providers to process transactions
• Technology service providers (e.g. Google Cloud, Amazon Web Services, Salesforce, Braze, SAP) acting as data processors under our instruction
• Public authorities where required by law
• Legal, financial, and professional advisors under confidentiality obligations

We never sell or rent your personal data to third parties without your explicit, informed consent.

5. International Data Transfers

Where personal data is transferred outside the European Economic Area (EEA), Matis Eat applies appropriate safeguards, including:

• EU Commission adequacy decisions (including the EU–US Data Privacy Framework)
• Standard Contractual Clauses (SCCs) with supplementary measures where required
• Binding corporate rules or other mechanisms under Art. 46 GDPR

To receive a copy of the safeguards used for your data transfers, contact us at privacy@matiseat.com.

6. Your Legal Rights

Under EU data protection law, you have the following rights regarding your personal data held by Matis Eat:

To exercise your rights, use the tools in your Matis Eat account profile or contact our support team.

7. Data Retention

We retain your personal data only for as long as necessary. Key retention periods:

• Account data — retained while your account is active; deleted after closure or 3 years of inactivity
• Payment & receipt data — 7 years (legal accounting obligation)
• Customer support data — 3–6 years (legal limitation periods)
• Daily server backups — deleted after 90 days

8. Automated Decision-Making

Some Matis Eat processes use algorithmic and machine learning tools, such as fraud detection, compensation calculations, and personalised recommendations. We maintain meaningful human oversight wherever decisions could significantly affect you. You can always contact us to request a human review of any automated decision.

9. Changes to This Statement

We may update this Privacy Statement from time to time to reflect changes in our services, technology, or legal obligations. Significant changes will be communicated to you directly. We encourage you to review this page periodically.

Last modified: May 2026

Questions about your privacy?

Our team is here to help. Reach out to us directly and we'll get back to you as soon as possible.

info@matiseat.com   ·   info@matiseat.com

© 2026 Matis Eat AB · Stockholm, Sweden · All rights reserved