Français | English

Privacy Policy

Last updated: April 2026

Star Eats SAS ("Star Eats", "we", "us") is committed to protecting the privacy of users of its mobile applications (Star Eats Customer, Star Eats Kitchen, Star Eats Driver) and of its website stareats.fr. This Privacy Policy describes, in accordance with the EU General Data Protection Regulation 2016/679 (GDPR) and the French Data Protection Act, how we collect, use, share and protect your personal data.

1. Data Controller

Company: Star Eats SAS
Registered office: 76 Allée Louis Blériot, 30320 Marguerittes, France
SIREN: 989 156 823
Email: contact@stareats.fr
Phone: +33 4 88 95 98 74

2. Data We Collect

2.1 Identification data

First and last name
Email address
Phone number
Password (stored encrypted)
Profile picture (optional)

2.2 Location data

Delivery address entered by the user
Precise GPS location (collected only after your explicit consent and only during an active order, to compute delivery fees and enable order tracking)
For the Driver app: background GPS location during active duty periods only, to enable delivery and matching with customers

2.3 Transaction data

Order history (items, restaurant, amounts, dates)
Payment data: processed exclusively by our PCI-DSS certified providers (Stripe). Star Eats does not store any full payment card data; only a transaction ID and the last 4 digits of the card may be retained.
Billing and delivery addresses

2.4 Usage and technical data

Unique device identifier (used for push notifications via Firebase Cloud Messaging)
Device type, operating system, app version
Technical logs (errors, crashes, performance)
User preferences, language, settings
Ratings, reviews and comments left on restaurants or drivers

2.5 Device permissions

Location: required to identify nearby restaurants and enable delivery
Camera / Gallery: only if you choose to upload a profile or dish picture
Notifications: to inform you of your order status
Phone (DIAL only): to enable one-tap calls to the restaurant or driver, without collecting the phone number

3. Purposes of Processing

We use your data to:

Create and manage your user account
Process your orders (preparation, delivery, payment, invoicing)
Provide customer service and support
Send you notifications regarding your orders
Comply with legal obligations (accounting, tax, fraud prevention)
Improve our service (anonymized and aggregated statistics)
Prevent fraud and abuse

4. Legal Basis

The processing of your data relies on:

Performance of the contract (GDPR art. 6.1.b) — for account management, orders, payments and customer service
Compliance with legal obligations (GDPR art. 6.1.c) — for invoicing, accounting and fraud prevention
Your consent (GDPR art. 6.1.a) — for precise geolocation and push notifications
Legitimate interest (GDPR art. 6.1.f) — for service security and fraud prevention

5. Data Recipients

We never sell your data. It is accessible only to:

Star Eats SAS and its authorized staff
Partner restaurants (only the information needed to prepare your order)
Drivers (only your first name, address and phone number, during the delivery)
Our contracted technical providers, acting as GDPR processors:
- Hetzner Online GmbH (Germany) — hosting
- Stripe (Ireland/USA) — payment processing (PCI-DSS)
- Google Firebase (USA) — push notifications, authentication
- Google Maps (USA) — mapping services
Competent authorities in case of legal obligation

Transfers outside the EU are covered by the European Commission's Standard Contractual Clauses or an equivalent framework.

6. Data Retention

Customer account: for the duration of the contractual relationship, then archived for 3 years from the last activity
Billing data: 10 years (accounting obligation)
Technical logs: 12 months
Geolocation data: deleted at the end of the delivery (drivers: within 30 days)
Deleted account: effective deletion within 30 days, except where legal retention applies

7. Your Rights

Under the GDPR, you have the following rights at any time:

Right of access — obtain a copy of your data
Right to rectification — correct inaccurate data
Right to erasure ("right to be forgotten") — delete your data
Right to restriction of processing
Right to object to processing
Right to data portability — retrieve your data in a structured format
Right to withdraw consent at any time
Right to give post-mortem instructions

8. Account Deletion

You can delete your account and all associated data directly from the mobile app, with no email request or delay:

Profile > Edit profile > menu (⋮) > Delete account

Alternatively, or if you no longer have access to the app, you can contact us at contact@stareats.fr. Deletion will be carried out within a maximum of 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your data:

Encryption of communications (HTTPS/TLS)
Password hashing (bcrypt)
Data access restricted to authorized personnel
Hosting in the European Union (Germany)
Encrypted backups

10. Cookies

Our website stareats.fr uses only essential technical cookies. No advertising or third-party tracking cookies are set. Our mobile apps do not use cookies but may store preferences (language, session) locally for proper operation.

11. Minors

Our services are not intended for persons under 16. We do not knowingly collect data from minors. If you believe a minor has provided us with data, please contact us for deletion.

12. Changes to This Policy

This policy may be updated. Any substantial change will be notified to you by email or via the app. The date at the top of this page indicates the last update.

13. Contact and Complaints

To exercise your rights or for any question about this policy:

By email: contact@stareats.fr
By post: Star Eats SAS, 76 Allée Louis Blériot, 30320 Marguerittes, France

You also have the right to lodge a complaint with the French Data Protection Authority (CNIL — www.cnil.fr) or your local supervisory authority within the EU.