Privacy Policy

Last updated: March 2026

1. Introduction

At Pickato, we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, share, and protect your personal information in compliance with applicable privacy laws and regulations, including applicable Mexican data protection laws (such as the Ley Federal de Protección de Datos Personales en Posesión de los Particulares) and, where applicable, international privacy regulations.

2. Data Controller

Pickato is the controller responsible for processing your personal data. Pickato operates primarily in Mexico. You can contact us at:

  • • Email: hola@pickato.app

3. Information We Collect

3.1 Registration Data

  • Full name
  • Email address
  • Phone number
  • User ID (internal account identifier)
  • Profile photo (optional, uploaded by you)

3.2 Preference Data

  • Food preferences
  • Dietary restrictions and allergies
  • Order history (food orders placed through the app, also referred to as "purchase history" by app store platforms)

3.3 Usage Data

  • IP address
  • Browser type and device information
  • Pages visited
  • Date and time of access
  • Approximate location (with your consent), to show restaurants available in your city
  • Precise location (with your consent), to auto-detect your city and calculate your distance to restaurant locations
  • App interactions and in-app search history, used to improve the app experience and generate usage analytics
  • Crash logs and diagnostic data, used to detect and fix stability issues
  • Device identifiers, used for push notification delivery

3.4 Payment Data

We do not store complete credit or debit card information. Payment data is processed securely by our certified payment service providers (PCI-DSS compliant). With your explicit consent during the checkout process, your payment methods may be securely saved by our payment service providers to streamline future payments.

4. How We Use Your Information

We use your personal data to:

  • Process and manage your orders
  • Provide personalized recommendations through AI. AI-based recommendations are intended to assist your decision-making and do not produce legal or similarly significant effects on you
  • Improve our services and user experience
  • Send you notifications about your order status (with your consent)
  • Communicate offers and promotions (with your consent)
  • Prevent fraud and ensure security
  • Comply with legal obligations

5. Information Sharing

We may share your information only when necessary, with:

  • Restaurants: We share the necessary order and reservation details (such as order items, reservation time) so the restaurant can confirm availability and fulfill your request. For pickup orders or reservations, we may also share the first name you provide solely for identification purposes. Personal contact information is not shared directly with restaurants; when communication is required, it is facilitated by Pickato through intermediary communication mechanisms designed to protect user privacy.
  • Service providers: Companies that help us operate the platform, including payment processing, hosting, analytics, and security monitoring.
  • Legal authorities: When required by law or to protect our rights.

Service providers process data only in accordance with our instructions and applicable legal obligations and may not use it for any other purposes.

We never sell your personal information to third parties.

Restaurants are contractually required to use shared information solely to fulfill the order or reservation and not for marketing or unrelated purposes.

6. Your Privacy Rights & Account Deletion

Depending on your location, you have rights to access, rectify, cancel, or object to the processing of your data.

  • Access: Know what data we have about you
  • Rectification: Correct inaccurate or incomplete data
  • Deletion: Request deletion of your data
  • Objection: Object to the use of your data for specific purposes
  • Portability: Receive a copy of your data in a portable format
  • Restriction: Limit how we process your data

6.1 In-App Account Deletion

We provide a simple way for you to delete your account directly within the Pickato app:

  • How to request: Go to Profile > Account Settings > Delete Account.
  • 30-Day Grace Period: When you request deletion, your account enters a “pending deletion” state for 30 days. You can cancel the deletion and restore your data by logging in during this period.
  • Permanent Anonymization: After 30 days, your personal data (name, email, phone, avatar) is irreversibly anonymized. We remove your personal identity but retain non-identifiable transaction records for accounting and reporting purposes.
  • Restrictions: You cannot delete your account while you have an active order. Please wait for your order to be completed before requesting deletion.

To exercise other privacy rights manually, contact us at: hola@pickato.app with the Subject: Privacy Rights Request.

7. Data Security

We implement technical, administrative, and physical measures to protect your data, including:

  • SSL/TLS encryption for data transmission
  • Restricted access to personal data
  • Regular security monitoring
  • Staff training on data protection
  • Regular security assessments and updates

8. Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience. Please see our Cookie Policy for more information. You can manage your cookie preferences through your browser settings.

9. Data Retention

We retain your personal data as long as your account is active or needed to provide you services. If you request account deletion, your personal data will be anonymized after the 30-day grace period. However, we retain financial transaction records and order history (stripped of your personal identifiable information) for the duration required by applicable tax and commercial laws.

10. Minors and Age Restrictions

Our service is not directed to children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will promptly delete such information.

11. International Data Transfers

If you are accessing our services from Mexico or other countries, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers are located. We ensure appropriate safeguards are in place for such transfers.

12. California Privacy Rights

If you are a resident of the State of California, United States, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information we collect and how we use it
  • Right to delete your personal information
  • Right to opt-out of the sale of personal information (we don't sell personal information)
  • Right to non-discrimination for exercising your privacy rights

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

For any questions about this Privacy Policy or our data processing practices:

  • • Email: hola@pickato.app
  • • Contact form: Contact