Privacy Policy

Last Updated: February 13, 2026

Introduction

Welcome to Nommy ("we," "us," or "our"). We provide a website builder platform for food businesses to generate websites and digital menus. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

Information We Collect

Account Information

When you register for an account, we collect:

  • Personal Details: Your name and email address.
  • Authentication Data: Your password (stored in encrypted form), if you signed up via Google account.

Business Information

To build and host your website, we collect the business details you provide to us, including:

  • Business name.
  • Business contact details (phone number, email).
  • Business physical address(es).
  • Business opening hours.
  • Menus and menu items (names, descriptions, prices, categories, etc).
  • Social media links and other optional business information.

Media Content

When you upload images (such as logos, covers, or menu item photos) to Nommy, your media is stored securely utilizing Cloudflare for storage and content delivery. We do not host these files on our own servers. We do not access your media files unless necessary for technical support or legal compliance.

Payment Information

We use Stripe to process payments. We do not store your full credit card number or CVV code on our servers. Stripe provides us with a tokenized ID for the transaction. For details on how Stripe handles your data, please refer to the Stripe Privacy Policy.

Usage and Analytics Data

We use PostHog to analyze how our platform is used. PostHog is self-hosted/GDPR-compliant analytics. We collect:

  • Device information (browser type, operating system).
  • Log data (IP address, access times, pages viewed).
  • Interaction data (clicks, feature usage).

Data from Your Customers (End-Users)

You use Nommy to build websites for your customers (diners).

  • Analytics: We may collect anonymous usage data on the websites you build (e.g., page views) via PostHog.
  • Transactional Data: We do not directly collect or store the personal details (names, emails, delivery addresses) of your customers.

How We Use Your Information

We use the information collected for:

  • Service Delivery: To create, host, and display your website, digital menu, and associated media.
  • Account Management: To manage your registration and authentication.
  • Communications: To send you emails regarding your account, product updates, and support queries.
  • Improvement: To analyze usage patterns via PostHog to improve our features and user experience.
  • Business transfers: In the event of merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.
  • Legal Compliance: To comply with applicable legal obligations.

Disclosure of Your Information

We do not sell your personal data. We share your information with third-party vendors who perform services on our behalf:

  • Stripe: For payment processing.
  • Google: For authentication services.
  • Resend: For sending transactional emails.
  • PostHog: For product analytics.
  • Cloudflare: For media storage and content delivery (CDN).

These providers are contractually required to use data only for the services they provide to us and to protect it appropriately.

We may also disclose your information if required by law, court order, or government request, or to protect our rights, safety, or property.

Data Retention

We retain your personal data only for as long as necessary to provide the Service, fulfill legal obligations, resolve disputes, and enforce agreements. After account termination, we typically retain data for a limited period (e.g., 30–90 days for backups/recovery) before deletion, unless longer retention is required by law.

Data Security

We implement appropriate technical and organizational security measures designed to protect the security of any personal information we process. These measures include encryption of data in transit and at rest, and secure password hashing.

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

Your Rights and Choices

Under the PDPA and other applicable laws, you have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request that we correct any inaccurate or incomplete data.
  • Deletion: Request the deletion of your data.
  • Withdrawal of Consent: Withdraw your consent to data processing at any time.

To exercise these rights, please contact us at hello@nom.my.

Cookies and Tracking

We use cookies and similar tracking technologies to track activity on our service and hold certain information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent.

Children's Privacy

Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

Contact Us

If you have any questions about this Privacy Policy, please contact us at: hello@nom.my