Fondora
العربيةHome
Legal · Privacy Policy

Privacy Policy

Effective date: 15 May 2026

Last updated: 15 May 2026

1. Who we are

Welcome to Fondora (فندورا)(“Fondora,” “we,” “our,” or “us”). Fondora operates the website myfondora.co, the Fondora web and mobile applications, and our AI-powered concierge service for ordering custom cakes and bakery products in the Kingdom of Saudi Arabia (collectively, the “Services”).

This Privacy Policy explains what personal information we collect about you, how we use it, who we share it with, and the rights you have. By using the Services, you agree to the practices described in this policy.

If you have any questions, contact us at privacy@myfondora.co.

2. Information we collect

2.1 Information you provide directly

  • Account information: name, mobile number, email address, password (stored encrypted).
  • Delivery information: address, city, district, delivery instructions, recipient name and phone for gift orders.
  • Order information: cake selections, custom design briefs, occasion details, dietary preferences, and any photos or reference images you upload for custom orders.
  • Payment information: processed by our licensed payment partners (mada, Visa, Mastercard, STC Pay, Apple Pay, Tabby, Tamara). We do not store full payment card numbers on our servers.
  • Communications: messages, voice notes, and images you send to our AI concierge or customer support team.
  • Vendor information (for bakery partners): commercial registration, VAT certificate, bank details for payouts, menu, and pricing.

2.2 Information from Facebook Login and other sign-in providers

If you sign in using Facebook, Google, or Apple, we receive information from those providers in accordance with the permissions you grant. This typically includes:

  • Your name
  • Your email address
  • Your public profile picture
  • A unique provider user ID

We do not access your posts, friends list, photos, messages, or any other content on those platforms. You can revoke our access at any time from your Facebook account settings under Settings & Privacy → Settings → Apps and Websites.

2.3 Information collected automatically

  • Device and usage data: device model, operating system, browser type, IP address, language settings, and time zone.
  • Activity data: pages viewed, items browsed, search queries, and session timestamps.
  • Cookies and similar technologies: see Section 9.

2.4 Location information

With your permission, we collect approximate or precise location to recommend nearby bakery vendors, estimate delivery times, and verify delivery addresses. You can disable location access at any time from your device settings.

3. How we use your information

We use your information to:

  • Provide and operate the Services, including matching your custom-cake briefs with appropriate bakery vendors.
  • Process orders, payments, refunds, and coordinate delivery.
  • Power our AI concierge to interpret your design briefs, recommend cakes, and generate quotes.
  • Send order updates, delivery notifications, and customer support messages.
  • Improve our platform, evaluate model quality on de-identified data, and develop new features.
  • Detect fraud, abuse, and security incidents.
  • Comply with legal obligations under Saudi law, including ZATCA (Zakat, Tax and Customs Authority) e-invoicing requirements.

4. How we share your information

We share your information only as described below:

  • Bakery vendors: When you place an order, we share your name, contact number, delivery address, and order details with the assigned bakery so they can fulfill your order.
  • Delivery partners: Logistics providers receive the information necessary to deliver your order (name, phone, address).
  • Payment processors: Licensed payment service providers process your transactions in accordance with their own privacy policies and applicable regulations.
  • Service providers: Cloud hosting, database, analytics, customer support, and messaging providers operate under contracts that restrict their use of your information to providing services to Fondora.
  • AI providers:We use Anthropic’s Claude models to power our concierge. Conversations may be processed by Anthropic under their data processing terms; we do not permit Anthropic to use your personal data to train their general-purpose models.
  • Legal and safety: We may disclose information to comply with legal obligations, court orders, regulatory requests, or to protect the rights, safety, and property of Fondora, our users, or the public.

We do not sell your personal information to third parties.

5. Data retention

We retain your information for as long as your account is active or as needed to provide the Services. Order records, invoices, and tax-related data are retained for the period required by Saudi commercial and tax law (currently at least 10 years). You may request earlier deletion as described in Section 7 and Section 8, subject to these legal retention requirements.

6. Data security

We use industry-standard safeguards to protect your information, including:

  • TLS encryption in transit
  • Encryption of sensitive data at rest
  • Role-based access controls
  • Rate limiting and abuse detection
  • Regular security reviews

No system is perfectly secure, and we cannot guarantee absolute security, but we work continuously to protect your information.

7. Your rights and choices

Under the Saudi Personal Data Protection Law (PDPL) and other applicable laws, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate or incomplete information.
  • Delete your information (subject to legal retention requirements).
  • Withdraw consent for processing where consent is the legal basis.
  • Object to certain types of processing.
  • Receive a copy of your information in a portable format.
  • Lodge a complaint with the Saudi Data and Artificial Intelligence Authority (SDAIA) at sdaia.gov.sa.

To exercise any of these rights, email us at privacy@myfondora.co. We will respond within 30 days.

8. Data deletion (including Facebook Login users)

If you signed in with Facebook (or any other provider) and you want to delete the data Fondora holds, you have three options:

  1. In-app: Go to Profile → Settings → Delete Account.
  2. By email: Send a deletion request to privacy@myfondora.co from the email address associated with your Fondora account. Use the subject line “Account Deletion Request.”
  3. From Facebook: Revoke Fondora’s access from your Facebook settings: Settings & Privacy → Settings → Apps and Websites → Fondora → Remove.

We will delete your personal data within 30 days of receiving a verified request, except where retention is required by law (for example, financial records under ZATCA rules), in which case we will securely retain only the minimum data required and delete the rest.

9. Cookies and tracking technologies

We use cookies and similar technologies to keep you signed in, remember your preferences, measure performance, and improve the Services. You can control cookies through your browser settings. Disabling cookies may affect some features of the Services.

10. Children's privacy

Fondora is intended for users aged 18 and older. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, contact us at privacy@myfondora.co and we will delete it promptly.

11. International data transfers

Fondora primarily processes data within the Kingdom of Saudi Arabia. Some of our service providers (cloud hosting, AI processing, analytics) operate servers in other jurisdictions, including the European Union and the United States. When data is transferred outside Saudi Arabia, we ensure appropriate safeguards consistent with PDPL requirements and the policies of the Saudi Data and Artificial Intelligence Authority (SDAIA).

12. Third-party links

The Services may contain links to third-party websites, apps, or services. We are not responsible for the privacy practices of those third parties. Please review their privacy policies before sharing any information with them.

13. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the app, by email, or by prominent notice on our website. The “Last updated” date at the top of this policy reflects the most recent version. Your continued use of the Services after a change becomes effective constitutes acceptance of the updated policy.

14. Contact us

For any privacy questions, complaints, or requests:

Fondora (فندورا)
Email: privacy@myfondora.co

You may also contact the Saudi Data and Artificial Intelligence Authority (SDAIA) at sdaia.gov.sa.

This Privacy Policy is also available in Arabic at myfondora.co/privacy-ar. In the event of any conflict between the English and Arabic versions, the Arabic version shall prevail for users in the Kingdom of Saudi Arabia.