Privacy Policy

Effective date: 17 May 2026 · Last updated: 17 May 2026

This page explains how HoreX (operating as the restaurant management platform at horex.ae, registered in the United Arab Emirates) collects, uses, stores and shares personal data from visitors of our website, customers of our platform, and people who contact us through forms, WhatsApp or paid advertising. It is written in plain language so a non-lawyer can understand what we do with your data and what choices you have.

1. Who we are

HoreX builds restaurant management software (POS, inventory, kitchen display, delivery integrations, finance, HR, CRM, marketing). We operate primarily in the UAE. The data controller for the purposes of this policy is HoreX. For privacy-related requests, contact us at privacy@horex.ae.

2. What data we collect

Data you give us directly

• Demo / contact form data — company name, your name, phone number, email, business type, city, number of locations, current POS system, modules of interest, free-text notes. Submitted via forms on horex.ae or our paid ads (Meta Lead Ads, Google Lead Forms).
• Account data — if you become a customer: business legal entity, billing contact, billing address, VAT/TRN number, payment method information processed by our payment provider.
• WhatsApp conversations — if you message us on our WhatsApp number, we store the conversation so our sales team and the relevant agent assistance tools can read and reply.

Data we collect automatically

• Marketing analytics — IP address, browser user-agent, referrer URL, the page on horex.ae you submitted from, and UTM parameters of the campaign that brought you. This is captured by the form when you submit it.
• Cookies & tracking pixels — Google Analytics 4 (anonymized IP), the Meta Pixel (Facebook + Instagram) for ad performance measurement and lookalike audience modeling. See section 6.
• Server logs — standard nginx access logs (IP, timestamp, URL, status code, user-agent) retained for 30 days for security and abuse-prevention purposes.

3. How we use your data

• Respond to your enquiry. When you fill a demo form or message us on WhatsApp, our sales operators (and AI assistants supervised by them) read your message and reply.
• Show you relevant ads. We send hashed identifiers (email, phone) and conversion events (page view, lead submission) to Meta and Google so they can attribute conversions, exclude existing customers from prospecting, and build lookalike audiences. We never share unhashed personal data.
• Improve the website and the product. Aggregated analytics tell us which pages convert and where users drop off.
• Operate the customer account if you sign up — billing, support, product notifications, security alerts.
• Legal & compliance. Tax records, VAT reporting, and any disclosures required by UAE law.

4. Who we share data with

We don't sell your data. We share narrowly with these categories of processors, each under a contractual data-protection obligation:

• Cloud hosting — our servers and database, located in the EU/UAE.
• Email & messaging — Resend (transactional email), Telegram (internal team notifications about new leads), WhatsApp (Business API) for replies you initiate.
• Analytics & advertising — Google (Analytics, Ads), Meta (Pixel, Conversions API, Lead Ads). Conversion data is hashed; we don't send anything you haven't given us via a form.
• AI assistants — selected OpenAI / Anthropic APIs used to help draft replies, transcribe voice messages from operators, and analyse conversations. They process data on our behalf and are contractually prohibited from training models on it.
• Government authorities — only where legally required (court order, tax authority, etc).

5. How long we keep your data

• Leads who never become customers — up to 24 months from last contact, after which the record is deleted or anonymised.
• Active customer account data — for the duration of the contract plus 7 years after termination (UAE accounting rules).
• Server access logs — 30 days.
• WhatsApp conversation history — 24 months from the last message, then archived to encrypted backup.

6. Cookies & tracking pixels

horex.ae uses two trackers:

• Google Analytics 4 — anonymized IP, page-view & event tracking. Stored cookie name _ga, 13-month retention.
• Meta Pixel (ID 972139818907212) — page-view, viewed-content, and lead events. Stored cookie names _fbp and _fbc.

You can opt out of trackers by using a content-blocker extension (uBlock Origin, Brave Shields, etc), by enabling Apple's Intelligent Tracking Prevention in Safari, or by setting Do Not Track in your browser.

7. Your rights

You can ask us, at any time and free of charge, to:

• Confirm what personal data of yours we hold.
• Provide a copy of that data in machine-readable form.
• Correct anything that's wrong.
• Delete your data ("the right to be forgotten"), subject to retention obligations above.
• Withdraw consent — for example, opt out of marketing emails or stop WhatsApp follow-up. We honour this within 7 working days.
• Object to a specific use (e.g. exclusion from lookalike audiences).

Send the request to privacy@horex.ae from the address you originally signed up with. We aim to respond within 7 days; a complex case may take up to 30 days.

8. Children

horex.ae is a B2B service for restaurant operators. We do not knowingly collect data from anyone under 18. If you believe we accidentally have such data, write to privacy@horex.ae and we will delete it.

9. International transfers

Some of our processors (Google, Meta, OpenAI, Anthropic) operate from the United States or the EU. Where personal data crosses borders, we rely on standard contractual clauses or equivalent legal mechanisms approved by the EU and UAE authorities.

10. Changes to this policy

If we materially change how we use your data, we'll update this page and shift the Last updated date at the top. If the change is significant — new categories of recipients, new retention periods — we'll notify active customers via email at least 14 days before it takes effect.