Privacy Policy
Updated 3 July 2026
LastBite
Privacy Policy
LastBite ("LastBite", "we", "us", or "our") operates a surplus food marketplace connecting consumers with discounted Surprise Bags and Parcel Market items from participating venues across the United Arab Emirates. This Privacy Policy explains what personal data we collect, why we collect it, how we use and protect it, and the rights you have over it — whether you use LastBite as a consumer or as a vendor partner.
LastBite is built and operated from the United Arab Emirates. This policy is written first and foremost to comply with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data ("UAE PDPL") — the law that governs how we are permitted to collect, use, and store your information.
In short: we collect only what we need to run the platform and make it better for you. We never sell your personal data. You can access, correct, or delete your data at any time. And every data point we collect is documented in this policy with a clear purpose — nothing is collected speculatively.
Contents
1. Who We Are & Scope
2. Information We Collect
3. How We Use Your Information
4. AI & Automated Processing
5. Sharing Your Information
6. Where Your Data Is Stored
7. Data Retention
8. Your Rights & Choices
9. Security
10. Children's Privacy
11. Cookies & Tracking Technologies
12. Changes to This Policy
13. Contact Us & Complaints
1. Who We Are & Scope
LastBite is a technology platform operating in the United Arab Emirates that connects two groups of users:
Consumers — individuals who browse, reserve, and collect Surprise Bags or Parcel Market items through the LastBite app.
Vendors — businesses (cafes, bakeries, restaurants, retailers, and similar outlets) that list surplus food or near-expiry items on the platform.
This policy applies to the LastBite mobile application (iOS and Android), our website, and any related services. It applies equally to consumers and vendors, with vendor-specific data practices addressed separately in Section 2.2 where relevant.
By creating a LastBite account, you confirm that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use the platform.
1. Information We Collect
We collect information directly from you, automatically through your use of the platform, and from trusted third-party services that help us operate LastBite. The tables below set out exactly what we collect and why — consistent with the UAE PDPL principle of data minimisation: we only collect what we have a genuine, documented use for.
2.1 Consumer Data
CATEGORY
WHAT WE COLLECT
WHY WE COLLECT IT
Account Information
Full name, email address, phone number, password (encrypted)
Creating and securing your account, identity verification
Order Information
Bag/parcel purchases, pickup confirmations, order history, reservation timestamps
Processing your orders, showing your order history, customer support
Location Data
Approximate location, used in-session only
Showing nearby venues and sorting your feed by distance. We do not store a persistent history of your location.
Payment Information
Processed entirely by Stripe. We never see or store your full card number.
Completing your purchase securely
Behavioural Data
App usage activity, including listings viewed and searches made
Improving recommendations over time and understanding what venues and bag types you prefer. This builds the data foundation for our personalisation engine, described further in Section 3.
Device & Technical Data
Device type, operating system, app version, IP address, device identifiers, crash logs
Keeping the app stable, fixing bugs, fraud prevention
Communications
Support messages, feedback, reviews, replies to surveys
Responding to you, improving the platform
Sustainability Data
Bags collected, estimated CO₂ and food waste avoided
Powering your personal impact tracker (the Sustainability tab) and your savings history
2.2 Vendor Data
If you register a venue on LastBite, we additionally collect business-level information necessary to verify, operate, and showcase your venue:
CATEGORY
WHAT WE COLLECT
WHY WE COLLECT IT
Business Identity
Business name, category, trade license number, trade license document (uploaded image)
Verifying your business is legitimate, regulatory compliance
Contact Information
Contact name, business email, business phone number
Account communication, order notifications
Venue Details
Exact GPS location, district, operating hours, product category, venue description, logo
Displaying your venue accurately to consumers, calculating distance
Listing Performance
Listing activity and order outcomes associated with your venue
Generating your performance reports and helping you understand how your venue is performing (see Section 4)
Financial Information
Bank details for payout (once payouts are enabled), subscription and billing status
Paying out your earnings, managing your subscription
2.3 How We Collect It
Directly from you — when you register, create a listing, place an order, or contact support.
Automatically — through your use of the app (behavioural and technical data, described above).
From trusted service providers — for example, Stripe confirms a payment was completed (we do not receive your card details), and Google Maps Platform helps us display venue locations accurately.
1. How We Use Your Information
We use your information only for purposes that improve your experience on LastBite or that we are legally required to perform. This includes:
Processing orders, reservations, and payments
Sending order confirmations, pickup reminders, and account notifications
Showing you available Surprise Bags and Parcel Market items nearby
Personalising your home feed and recommendations based on your activity and preferences once sufficient data exists to do so meaningfully (see Section 4)
Calculating and displaying your sustainability impact (food saved, CO₂ avoided)
Generating vendor performance reports and platform-wide analytics
Providing customer support and resolving disputes
Detecting and preventing fraud, abuse, or policy violations
Sending service updates, security alerts, and (with your consent, where required) promotional offers
Complying with our legal obligations, including UAE tax and consumer protection requirements
We do not use your data to make automated decisions with significant legal or similarly significant effects on you without the possibility of human review.
1. AI & Automated Processing
LastBite uses data-driven and AI-assisted systems to operate and improve the platform for both consumers and vendors. This section explains, at a general level, how this kind of processing is used.
4.1 Vendor Insights
We use automated and third-party AI processing tools to help generate performance insights for vendors, based on aggregated listing and order data already described in Section 2.2. This processing does not use your personal account credentials and does not involve sharing data beyond the service providers described in Section 5.
4.2 Personalisation
As LastBite collects more usage data over time, we use this information to personalise the venues and bags shown to each consumer, based on the behavioural data described in Section 2.1. This does not involve sharing your personal data with parties beyond those described in Section 5.
4.3 Your Control
Automated processing and AI-assisted features are used to improve your experience, not to make decisions that have a legal or similarly significant effect on you. You can request more information about how your data is used for these purposes at any time by contacting us using the details in Section 13.
1. Sharing Your Information
We do not sell your personal data. Full stop.
We share information only in the limited circumstances below, and every third party we work with is contractually required to protect your data and use it only for the approved purpose.
Partner venues
To fulfil your order and coordinate pickup. A venue sees only what's needed to identify and prepare your order — your name and order details, not your full account information.
Payment processors
To process your payment securely. Our payment partners are PCI-DSS compliant and we never receive or store your full card number.
Cloud hosting providers
To run our database, authentication, and storage infrastructure. See Section 6 for where this data is physically stored.
Communications service providers
To deliver SMS, WhatsApp, and email notifications such as order confirmations and one-time passcodes.
AI and analytics service providers
To support automated processing as described in Section 4, and to monitor app performance and stability.
Mapping service providers
To display venue locations and calculate distances accurately.
Legal & regulatory authorities
Where required by UAE law, court order, or to protect the rights, safety, or property of LastBite, our users, or the public.
Business transfers
If LastBite is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, subject to the same protections described in this policy.
1. Where Your Data Is Stored
Your data is stored using secure third-party cloud infrastructure providers. We maintain separate, isolated environments for production and testing, and access controls are enforced at the database level — meaning a user can only ever access their own data, not anyone else's.
Where personal data is transferred or stored outside the United Arab Emirates, we ensure this is done in a manner consistent with the cross-border data transfer requirements of the UAE PDPL, including the use of providers that maintain appropriate technical and organisational safeguards.
1. Data Retention
We retain personal data only for as long as necessary for the purposes set out in this policy, including to:
Provide the platform and related support while your account is active
Comply with our legal, tax, and financial record-keeping obligations under UAE law
Resolve disputes and enforce our agreements
After You Delete Your Account
Most personal data is permanently deleted within 30 days of your deletion request.
Certain transaction records may be retained for longer where required by UAE tax or financial law (typically up to 7 years).
Aggregated, anonymised data that can no longer identify you may be retained indefinitely for platform analytics and improvement.
1. Your Rights & Choices
Under the UAE PDPL, you have the following rights regarding your personal data:
Right to access — request a copy of the personal data we hold about you
Right to correction — ask us to correct inaccurate or incomplete data
Right to deletion — request that we delete your personal data, subject to our legal retention obligations described in Section 7
Right to restrict processing — ask us to limit how we use your data in certain circumstances
Right to data portability — request your data in a structured, commonly used format
Right to withdraw consent — where we rely on your consent for a specific use of your data, you may withdraw it at any time
Right to object — object to certain uses of your data, including direct marketing
You can manage many of these preferences directly inside the LastBite app under Settings → Notifications and Settings → Account. For requests we cannot fulfil through the app — including data access or deletion requests — contact us using the details in Section 13. We aim to respond to all requests within 30 days, consistent with the UAE PDPL.
1. Security
We take the security of your data seriously and apply industry-standard safeguards, including:
Encryption in transit (TLS) for all data sent to and from our servers
Encryption at rest for data stored in our database
Access controls ensuring users can only access their own data
Internal access restrictions limiting which team members can view or modify production data
Regular monitoring for unauthorised access or unusual activity
Secure handling of sensitive documents such as vendor verification uploads
No platform can guarantee perfect security. If you believe your account has been compromised or you suspect unauthorised access, please contact us immediately using the details in Section 13.
1. Children's Privacy
LastBite is not intended for and may not be used by children under the age of 13. We do not knowingly collect personal information from children under 13. If, during registration, a user indicates they are under 13, we block account creation.
If you believe a child under 13 has provided us with personal data, please contact us immediately and we will take steps to delete that information promptly.
1. Cookies & Tracking Technologies
Our website may use cookies and similar technologies to remember your preferences and understand how visitors use our site. The LastBite mobile app uses comparable device-level identifiers for analytics and crash reporting purposes, as described in Section 2. You can control cookie preferences through your browser settings.
1. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the platform, or applicable law. If we make material changes, we will notify you through the app or by email before the changes take effect.
The "Last updated" date at the top of this policy always reflects the current version. Your continued use of LastBite after a policy update constitutes your acceptance of the revised terms.
1. Contact Us & Complaints
If you have questions about this Privacy Policy or how we handle your data, or wish to exercise any of the rights described in Section 8, please contact us:
Email: tawzieapp@gmail.com