B Biteaze

Website Privacy Policy

For the biteaze.com marketing website, published by Biteaze Solutions LLP.

Effective date: 26 June 2026 Last updated: 27 June 2026 Applies to: biteaze.com (website) Version 1.1

In plain language (the short version)

This summary is for quick understanding only. The full policy below is the legally binding version.

  • This is the website policy — the Biteaze Billing app has its own separate policy at biteaze.com/app-privacy.
  • The only personal data we collect is what you type into our contact form (name, brand name, email, phone, and what you’re interested in) — and we use it only to reply to your enquiry.
  • We do not track you: no Google Analytics or any analytics tool, no advertising or tracking pixels, no marketing cookies, and we set no cookies of our own. There is no cookie banner because there is nothing to consent to.
  • Our ROI calculator runs entirely in your browser — the numbers you enter are never sent to us or stored anywhere.
  • Simply loading the page fetches fonts, styles, our logo and some images from Google Fonts, Google Firebase (Cloud Firestore & Cloud Storage) and (for some fallback team/portfolio images) third-party image hosts such as Unsplash, and reaches our hosting/CDN provider, which means your IP address and browser User-Agent are visible to those providers, as with any website.
  • Your enquiry is sent through a secure server-side function and stored as a single record in our Google Firebase / Google Cloud database (Cloud Firestore), whose servers may be located outside India.
  • You can ask us to see, correct or erase your data, or to stop using it, at any time — just email [email protected].

This Privacy Policy explains how Biteaze Solutions LLP (“Biteaze”, “we”, “us”) handles personal data in connection with our marketing website at biteaze.com. We have written it in plain language and kept it deliberately short, because this website collects very little: the only personal data we actively collect is what you choose to type into our contact form. We are the Data Fiduciary responsible for that data, and we handle it in line with India’s Digital Personal Data Protection Act, 2023 (the “DPDP Act”), the Digital Personal Data Protection Rules, 2025 (the “DPDP Rules”), and the Information Technology Act, 2000 (including Section 43A) together with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the “SPDI Rules”). The DPDP Act and DPDP Rules are being brought into force on a phased basis; where their provisions are not yet operative on the effective date of this policy, we describe them as obligations we will comply with as and when they commence, and the IT Act and SPDI Rules remain operative in the interim.

Website only This Privacy Policy applies only to our marketing website at biteaze.com. Our Biteaze Billing Android application is a separate product with its own data practices and is governed by a separate privacy policy available at https://biteaze.com/app-privacy. If you use the app, that policy — not this one — applies to your in-app data.
What this website does NOT do To be completely clear: this website sets no cookies of its own; uses no Google Analytics or any other analytics tool or SDK; uses no advertising, marketing or retargeting pixels or tags; uses no social-media trackers; performs no device fingerprinting, behavioural profiling or cross-site tracking; stores no personal data in your browser’s localStorage or sessionStorage; does not store or transmit anything from the ROI calculator (it runs entirely in your browser); creates no user accounts and no newsletter sign-ups; sends no OTPs or SMS messages and runs no phone-verification; and does not sell your personal data. The only cookies that may be present are strictly-necessary infrastructure/security cookies set by our hosting/CDN provider (Vercel now, Cloudflare Pages in future), and the third-party data flows are the unavoidable transmission of your IP address and browser User-Agent when your browser loads fonts (Google Fonts), our logo and showcase images (Google Firebase Cloud Storage, and — for some fallback team and portfolio images — third-party image hosts such as Unsplash), when it submits the contact form to our Google Cloud Function, reads our public content from Cloud Firestore, and when it reaches our hosting/CDN provider.

1. Who we are & how to contact us

Biteaze Solutions LLP (“Biteaze”, “we”, “us”), a Limited Liability Partnership registered in India, is the Data Fiduciary responsible for the personal data described in this policy — that is, we determine the purpose and means of processing it.

Data Fiduciary

Entity Biteaze Solutions LLP
Registered office Ground Floor, Shop No-6, 8/2295, Satkar Building, Dhundhiyawadi, Palanpur, District Banaskantha, Gujarat 385001, India
Grievance Officer Shreyash Karnavat (see Section 12)

2. Scope of this policy

This Privacy Policy applies only to the Biteaze marketing website at biteaze.com — a single-page website describing our food-and-beverage consulting and management services.

Our Biteaze Billing Android application is a separate product with its own data practices — including voice billing, on-device storage, cloud sync and in-app diagnostics — and is governed by a separate privacy policy. For anything to do with the app, please see that policy instead of this one.

App policy The Biteaze Billing app is covered by a separate privacy policy at https://biteaze.com/app-privacy. Both policies share the same Data Fiduciary (Biteaze Solutions LLP) and the same Grievance Officer (Shreyash Karnavat).

The website also includes an ROI calculator. This is purely a calculator that runs in your browser — the numbers you enter are used only to perform the on-screen calculation and are never sent to us or to anyone else, and nothing is stored. It does not collect personal data and is therefore out of scope as a collection point.

3. Key terms

To keep this policy readable, here are the main terms we use, drawn from the DPDP Act:

  • Personal data — any data about an individual who is identifiable by or in relation to that data (for example, your name, email or phone number).
  • Data Principal — the individual to whom the personal data relates. If you fill in our contact form, that’s you.
  • Data Fiduciary — the person who, alone or with others, decides the purpose and means of processing personal data. For this website, that is Biteaze Solutions LLP.
  • Data Processor — a person who processes personal data on behalf of a Data Fiduciary. The service providers in Section 6 act as our processors or sub-processors.

4. What personal data we collect

The only personal data we collect through this website is the information you choose to type into our contact / enquiry form. The table below itemises exactly what that is, together with the technical data that any website provider inherently receives when your browser loads a page.

DataWhat it isHow we get it
NameThe name you enter in the contact form.You type it in
Brand NameThe name of your brand or business.You type it in
EmailThe email address you want us to reply to.You type it in
PhoneYour phone number, which we store with a +91 prefix.You type it in
Service InterestOne option you select from a dropdown: Full Brand Development; Recipe & Menu Engineering; Operations & Staffing; Digital Strategy & AI; or Franchise Management.You select it
Technical data (IP & User-Agent)Your IP address and browser User-Agent, inherently received by our hosting provider and by the third-party providers whose assets the page loads (see Section 6).Sent automatically by your browser to deliver the page

On submission, your contact-form entry is sent to a secure server-side function (a Google Cloud Function) which writes it as a single record in our database (the websiteLeads collection in Google Cloud Firestore — see Section 6); your browser never writes to the database directly. The specified purpose for which you provide this data, and for which we use it, is to respond to and follow up on your enquiry.

Not your data The team and portfolio sections of the website display our own public content, which we read from our database. That content is about us, not about you, and is not visitor personal data.

We store your phone number with a +91 prefix purely as a formatting convention. We do not verify it, and this website has no SMS, OTP or phone-verification integration of any kind — we do not send you OTPs or SMS messages.

5. What we do NOT collect — no cookies or tracking

This is a low-data marketing website, and we want to be completely clear about what it does not do.

In short This website does not track you. We do not use any analytics tool, we run no advertising or social-media pixels, and we set no cookies of our own. There is no cookie banner to click because there is nothing to consent to.

To be specific, this website does not:

  • set any cookies of its own (its own code writes no cookies);
  • use Google Analytics or any other web-analytics tool or SDK;
  • use advertising, marketing or retargeting pixels or tags;
  • use social-media tracking buttons or trackers;
  • perform device fingerprinting, behavioural profiling or cross-site tracking;
  • store any personal data in your browser’s localStorage or sessionStorage.

The only cookies that may exist are strictly-necessary infrastructure or security cookies set by our hosting/CDN provider to deliver and protect the site — not by us, and not for analytics, advertising or profiling. These are covered in Section 6, and being strictly necessary they do not require your consent.

6. Cookies, third parties & data sharing

We do not sell your personal data, and we do not share it for anyone else’s marketing. We do, however, rely on a small number of service providers and load some assets from third parties. The table below names each one, what it does, and where it typically processes data.

ProviderRoleData handledTypical location
Google Firebase / Google Cloud (Google LLC — Cloud Firestore database, Cloud Storage & Cloud Functions)Backend data store and form handler: a Cloud Function receives the contact-form enquiries you submit and writes them to our websiteLeads collection in Cloud Firestore (the browser cannot read that collection back); Cloud Firestore also serves our own public team/portfolio content; Cloud Storage hosts our logo and showcase images.Your contact-form details (Name, Brand Name, Email, Phone with +91 prefix, Service Interest). Our team/portfolio content and logo are our own data, not visitor personal data.Google Cloud stores data on managed cloud infrastructure; depending on the chosen region, data may be stored outside India.
Vercel (Vercel Inc. — current website hosting / CDN)Serves the biteaze.com website to your browser.Standard server log data inherent to serving any request — IP address, approximate location derived from it, browser User-Agent, requested URLs and timestamps — plus Vercel’s own essential infrastructure cookies. We do not run Vercel Web Analytics, Speed Insights or any analytics on this site.Global infrastructure, including the United States; data may be processed outside India.
Cloudflare (Cloudflare, Inc. — planned future hosting / CDN)Will serve and help secure the website once we migrate to Cloudflare Pages.Standard request log data inherent to serving and protecting web requests — IP address, User-Agent, requested URLs — plus Cloudflare’s own strictly-necessary security/bot-mitigation cookies. These are not advertising or cross-site tracking cookies.Cloudflare operates a global network; by default request and cookie data may be processed in the United States; data may be processed outside India. (Planned — applies upon migration.)
Google Fonts (Google LLC)Delivers the website’s display fonts from fonts.googleapis.com and fonts.gstatic.com.When your browser requests a font, it necessarily sends your IP address, the requested URL on Google’s server, and HTTP headers including your browser User-Agent. The Google Fonts API does not set or log cookies, and Google states it does not use this data to build advertising profiles of visitors.Google serves fonts from global infrastructure, including the United States; this is a transfer outside India.
Third-party image hosts (e.g. Unsplash, images.unsplash.com)Serve some team and portfolio showcase images referenced by our content, including built-in fallback team photos.When your browser loads such an image, it sends your IP address and browser User-Agent to that host. No cookies are set by us through this.Served from global content-delivery networks; data may be processed outside India.

Assets loaded from third parties and your IP address

Like most websites, some elements are loaded from third-party services rather than from our own servers: web fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com), our logo and showcase images from Google Firebase Cloud Storage (firebasestorage.googleapis.com), and some fallback team and portfolio images from third-party image hosts (for example Unsplash, images.unsplash.com). The contact form is also submitted to a Google Cloud Function and our public team/portfolio content is read from Cloud Firestore (firestore.googleapis.com). Whenever your browser fetches a file from or sends data to another company’s servers, it must send that company your IP address and browser User-Agent so the request can be served. We do not control what these providers do with that information; their handling is governed by their own privacy policies — see Google / Firebase (https://policies.google.com/privacy) and, for fallback images, Unsplash (https://unsplash.com/privacy).

Why we mention your IP address In January 2022 a German court (Landgericht München I, 20 January 2022) held that a website which loaded Google Fonts directly from Google’s servers had unlawfully disclosed the visitor’s IP address to Google, because an IP address is personal data and the transfer happened without consent. That ruling is from Europe and is not binding in India, but we take the same point seriously: it is why we prefer to self-host assets where feasible and why we tell you, openly, when your IP address is shared simply by loading part of this page.

Server logs

Our hosting and CDN providers automatically keep server logs that include IP addresses, as happens with every web request, in order to deliver the site and protect it against attacks and abuse. These logs are not used to track, analyse or profile you.

Processor contracts

Biteaze Solutions LLP is the Data Fiduciary for personal data collected through this website. The providers listed above act as Data Processors or sub-processors and process this data only to provide their services to us. Where the DPDP Act, Section 8(2), requires processing through a Data Processor to be under a valid contract, we engage these providers under their standard terms of service and applicable data-processing terms; where such provisions are not yet in force, we will ensure compliant processor contracts are in place as and when required.

7. Why we use your data — lawful basis

We use the information from the contact form for one purpose only: to respond to the consulting or sales enquiry that you have voluntarily submitted to us, and to follow up on it.

Our lawful basis is the legitimate use recognised in Section 7(a) of the DPDP Act — that is, the personal data that you have voluntarily provided to us for the specified purpose of answering your enquiry, and in respect of which you have not indicated to us that you do not consent to its use. Submitting the form is your voluntary provision of that data for that purpose. This basis is not consent under Section 6, so there is no “consent” for you to give or withdraw for this processing.

You’re in control Although this processing is not consent-based, you remain in control: you may at any time tell us that you no longer wish us to use your enquiry, and ask us to stop processing and erase your enquiry record, simply by emailing [email protected]. We will then cease using it and delete it, subject only to any legal obligation to retain certain information. The only practical consequence is that we will no longer be able to respond to your enquiry. Stopping use does not affect the lawfulness of any processing we carried out beforehand.

We would seek your separate consent under Section 6 of the DPDP Act, with a Section 5 notice describing the data, purposes and how to withdraw, before using your data for any purpose beyond responding to your enquiry (for example, unrelated marketing). This website does not do so, so no consent-based processing currently takes place here.

8. International data transfers

Some of our service providers — including Google Firebase / Google Cloud, and our hosting/CDN providers Vercel and (in future) Cloudflare, as well as Google Fonts — may store or process data on infrastructure located outside India, including in the United States. Loading fonts, styles and assets also transmits your IP address and User-Agent to providers located outside India.

To the extent the SPDI Rules, 2011 govern such transfers in the interim, we transfer personal information only where necessary for the performance of the service you have requested, and we expect the recipient providers to maintain protection of the data on terms consistent with Rule 7 of the SPDI Rules. To the extent Section 16 of the DPDP Act is in force, that section permits transfers of personal data outside India to any country other than those the Central Government may restrict by notification. To our knowledge as at the effective date of this policy, no such notification currently restricts transfers to the jurisdictions in which the providers named above operate; if and when any such restriction is notified, we will honour it. We remain responsible for protecting your data wherever it is processed.

Sensitive data The enquiry fields we collect (name, brand name, email, phone and service interest) are not “sensitive personal data or information” as defined in Rule 3 of the SPDI Rules — we collect no passwords, financial/card details, health data or biometrics. The heightened consent and disclosure requirements that the SPDI Rules attach specifically to sensitive data are therefore largely not triggered. The transfer-protection expectation under Rule 7, however, applies to the transfer of personal information generally, and we apply it accordingly — we still expect our providers to protect the data appropriately.

9. Data retention & deletion

We keep your enquiry record only for as long as we need it — that is, to respond to and follow up on your enquiry, and for the duration of any consulting relationship that results from it. After that, we delete or anonymise the record. This reflects our obligation as Data Fiduciary under Section 8(7) of the DPDP Act to erase personal data once the purpose for which it was collected is no longer being served and retention is no longer required by law.

You can ask us to delete your enquiry record sooner at any time by emailing [email protected], and we will also honour erasure requests made in exercise of your right under Section 12 of the DPDP Act (see Section 10), subject to any legal obligation to retain certain information.

10. Your rights & how to exercise them

As a Data Principal you have the following rights under the DPDP Act in relation to the personal data we hold about you:

  • Access (Section 11) — to obtain a summary of the personal data we hold about you and how we process it.
  • Correction & erasure (Section 12) — to have your personal data corrected, completed, updated or erased.
  • Grievance redressal (Section 13) — to have any grievance about our handling of your data addressed (see Section 12 of this policy).
  • Nomination (Section 14) — to nominate another individual to exercise your rights in the event of your death or incapacity.

Separately, because the processing of your enquiry is based on legitimate use rather than consent (see Section 7), you may at any time ask us to stop using and to erase your enquiry record.

To exercise any of these rights, simply email [email protected]. As a voluntary service commitment (not a statutory deadline), we aim to acknowledge and respond to your request within 30 days; where the DPDP Rules prescribe a specific period for responding to or resolving a particular type of request or grievance, we will comply with that prescribed period once it is in force.

How to escalate If you are not satisfied with our response, you may register a complaint with the Data Protection Board of India, in the manner provided under the DPDP Act and the DPDP Rules.

11. Children's data

This website is intended for businesses. As a matter of our own policy, it is not directed at children, and we ask that anyone under 18 does not submit the enquiry form.

Consistent with Section 9 of the DPDP Act, we do not undertake any tracking, behavioural monitoring or targeted advertising directed at children, and we would obtain verifiable consent of a parent or lawful guardian before processing a child’s personal data if that were ever required. We do not knowingly collect the personal data of children through this website.

If we become aware that we have collected a child’s personal data through the website, we will delete it. If you believe a child’s data has been provided to us, please contact our Grievance Officer (see Section 12).

12. Grievance Officer & the Data Protection Board

If you have any question or complaint about how we handle your personal data, please contact our Grievance Officer.

Grievance Officer / Contact Person

Name Shreyash Karnavat
Address Ground Floor, Shop No-6, 8/2295, Satkar Building, Dhundhiyawadi, Palanpur, District Banaskantha, Gujarat 385001, India
Response time Within 30 days as a voluntary commitment; any period prescribed under the DPDP Rules honoured once in force
Escalation If you are not satisfied with our response, you have the right to register a complaint with the Data Protection Board of India, in the manner provided under the DPDP Act and the DPDP Rules.

Whether an entity is a Significant Data Fiduciary is determined by notification of the Central Government, based on factors set out in Section 10(1) of the DPDP Act — such as the volume and sensitivity of personal data processed and the risk to the rights of Data Principals — and not by the size of the company. Biteaze has not been so notified, so the additional Section 10 obligations (including appointment of a statutory Data Protection Officer) do not apply to us. We have instead named the contact person above, who is able to answer your questions about how we process your personal data.

13. Personal data breach

If we become aware of a personal data breach affecting your information, we will handle it in accordance with the breach-notification requirements of the DPDP Rules (Rule 7 read with the Third Schedule), to the extent those provisions are in force at the time, and otherwise in line with applicable law. Our approach is as follows:

  • To you (the affected Data Principal): we will give an intimation without delay on becoming aware of the breach, in concise and plain language, describing the nature, extent and timing of the breach, its likely consequences for you, the measures we have taken or are taking to mitigate it, the steps you can take to protect yourself, and contact details of a person who can answer your questions about the breach.
  • To the Data Protection Board of India: we will give an initial intimation without delay on becoming aware of the breach, and will then provide the Board with detailed and updated particulars (including the events, circumstances and reasons for the breach, mitigation measures, findings about the person who caused it, remedial measures taken, and our notification to affected Data Principals) within 72 hours of becoming aware of the breach, or within such longer period as the Board may allow on a written request.

14. Security practices

We apply reasonable, proportionate security practices and procedures appropriate to the limited volume and low sensitivity of the data we collect, in the spirit of Section 43A of the IT Act. These include:

  • encryption in transit (HTTPS/TLS) for the website and form submissions;
  • storing enquiries in an access-controlled, managed cloud database (Google Cloud Firestore) that the browser cannot read back — enquiries are written only by a secure server-side function (a Google Cloud Function) and the database is protected by Security Rules;
  • collecting the minimum data needed to respond to your enquiry; and
  • relying on reputable service providers (Google Firebase / Google Cloud, Vercel and, in future, Cloudflare) that maintain their own security measures.
Honest note Rule 8 of the SPDI Rules treats the IS/ISO 27001 standard (or an approved industry code) as one benchmark for “reasonable security practices.” We do not hold ISO/IEC 27001 or any other formal security certification, and we do not claim to. Instead, we apply security measures that are reasonable and proportionate to the low volume and low sensitivity of the data this website handles.

15. Legal framework & changes to this policy

This policy is drafted with reference to the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, as well as the Information Technology Act, 2000 (including Section 43A) and the SPDI Rules, 2011.

The DPDP framework is being brought into force on a phased basis, and the IT Act and SPDI Rules remain in force in the interim. Where a DPDP Act or DPDP Rules provision referred to in this policy is not yet operative on the effective date, we describe it as an obligation we will comply with as and when it commences. As provisions of the DPDP framework come into operation, we will update this policy accordingly.

We may update this policy from time to time — for example, if we change hosting from Vercel to Cloudflare Pages, or if we begin self-hosting fonts and assets. When we do, we will revise the “Last updated” date and version at the top of this policy. Material changes will be reflected here on this page.

16. Governing law & jurisdiction

This policy is governed by the laws of India, and the competent courts at Banaskantha, Gujarat shall have exclusive jurisdiction over any matter arising from or in connection with it, without prejudice to your rights under the DPDP Act, including the right to approach the Data Protection Board of India.

17. Contact summary

For quick reference, here are our key details and the link to our separate app policy.

Quick reference

Data Fiduciary Biteaze Solutions LLP
Grievance Officer Shreyash Karnavat
Address Ground Floor, Shop No-6, 8/2295, Satkar Building, Dhundhiyawadi, Palanpur, District Banaskantha, Gujarat 385001, India
Reminder This policy covers the biteaze.com website only. For the Biteaze Billing Android app — point-of-sale, voice billing, on-device and synced business data — please see our separate app privacy policy at https://biteaze.com/app-privacy.

↑ Back to top