Ziara.

Privacy Policy

Last updated: May 2026

1. Who we are

Ziara ("we", "us", "our") is a restaurant marketing platform operated by DuneSpark Consulting. We provide software that allows restaurants ("Merchants") to collect customer opt-ins and send promotional messages via WhatsApp, SMS, and email.

For data protection enquiries, contact us at: privacy@ziara.com

2. What data we collect

From restaurant customers (end users):

  • First name and last name
  • WhatsApp / mobile phone number
  • Email address (optional)
  • Date and time of sign-up
  • IP address at the time of sign-up (for consent audit)
  • Consent status and opt-out history

From restaurant owners (Merchants):

  • Business name and contact email
  • Billing information (processed by Stripe — we do not store card details)
  • Campaign content and message history

3. Legal basis for processing

We process end user data on the basis of explicit consent obtained at the point of sign-up. Each customer must tick a checkbox confirming they agree to receive promotional messages from the named restaurant before any data is stored.

This consent record — including timestamp and IP address — is stored as evidence of compliance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL).

4. How we use your data

  • To send promotional messages on behalf of the restaurant you signed up for
  • To maintain your opt-in / opt-out preference
  • To provide the restaurant with aggregate campaign analytics (e.g. delivery rates)
  • To comply with legal obligations

We do not sell your personal data. We do not share your data with any third party except:

  • 360dialog / Meta — to send WhatsApp messages via the WhatsApp Business API
  • Twilio — to send SMS messages
  • Resend — to send email messages
  • Supabase — cloud database infrastructure (data stored in EU region)

5. Your rights under UAE PDPL

You have the right to:

  • Access — request a copy of the personal data we hold about you
  • Correction — ask us to correct inaccurate data
  • Deletion — ask us to delete your data ("right to be forgotten")
  • Opt-out — reply STOP to any WhatsApp or SMS message, or email us

To exercise any of these rights, email privacy@ziara.com. We will respond within 30 days.

6. Data retention

We retain customer data for as long as the restaurant's subscription is active. If a restaurant cancels and requests data deletion, all associated customer data is permanently deleted within 30 days.

Opt-out records are retained for 7 years to demonstrate compliance.

7. Cookies

The Ziara dashboard uses session cookies required for authentication. The public sign-up pages (/r/...) do not set any tracking cookies.

8. Changes to this policy

We may update this Privacy Policy from time to time. We will notify restaurant owners of material changes by email. Continued use of Ziara after changes constitutes acceptance.

9. Contact

For any privacy concerns or data requests: privacy@ziara.com