Privacy Policy

1. Introduction

Khajahuis ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and disclose information when you visit our website at khajahuis.nl (the "Website").

This policy complies with the General Data Protection Regulation (GDPR) and Dutch privacy laws.

2. Information We Display

Our website displays Google Reviews for our restaurant. This includes:

• Reviewer names (as provided to Google)
• Review text and ratings
• Profile photos (if provided by reviewers)
• Review timestamps

Important: We do not store this information in our own databases. The review data is fetched from Google Places API and temporarily cached on our server for performance purposes only. The cache duration is 4 weeks, after which the data is automatically refreshed.

3. How We Use Information

We use the displayed review information solely for the purpose of:

• Displaying customer reviews on our website
• Providing transparency about our restaurant's reputation
• Improving user experience on our website

We do not use this information for marketing purposes, nor do we share it with third parties (except as described in section 6).

4. Cart and Local Storage

When you add menu items to your cart or enter a delivery address, this information is stored only in your browser (localStorage) on your device. We do not send your cart or address to our servers.

Cart data may include: menu item names, quantities, and prices. If you choose to save a delivery address, it is stored locally until you clear it or clear your browser data.

This data is used only to let you complete an order (e.g. by placing it via WhatsApp or phone). You can clear your cart and saved address at any time by using the cart and clearing the fields, or by clearing your browser's local storage.

5. Ordering via WhatsApp

You can place an order by opening a WhatsApp conversation with us. When you do, the order details (items, quantities, prices, and optionally your delivery address) are sent through WhatsApp to our business number.

WhatsApp is a third-party service. Any data you send via WhatsApp is subject to WhatsApp's privacy policy and terms. We use the order information only to prepare and deliver your order and do not use it for marketing unless you have given separate consent.

6. Third-Party Services

Google Places API

We use Google Places API to fetch and display reviews. When you visit our website, Google may collect certain information according to their privacy policy. We recommend reviewing Google's Privacy Policy to understand how Google handles your data.

Profile photos from Google are proxied through our server and cached in our cache storage (the same infrastructure we use for other site data; in production, Upstash Redis in the EU) for up to 4 weeks. We also send cache headers so that browsers and CDNs may cache the response for the same period. This improves performance and avoids cross-origin restrictions. Cached images are automatically refreshed after the cache period expires. The images remain publicly available Google profile photos.

Upstash (Cache Storage)

We use Upstash Redis, a cloud-based caching service, to temporarily store cached data such as menu information, site configuration, and Google review data. This improves website performance by reducing the need to fetch data from source systems on every request.

Upstash servers are located in the EU. The cached data does not contain personal information that you provide directly to us. We cache only publicly available information from Google: review text, ratings, reviewer names, and review profile images. You can learn more about Upstash's privacy practices at their website.

Google Analytics

We may use Google Analytics 4 only when you have accepted optional analytics cookies via our consent banner. See section 9 (Cookies and Tracking) for details. We do not load or use Google Analytics until you give consent.

Push notifications

We offer optional push notifications (for example, when we launch new exclusive menu items). If you choose "Set Notification" on our website, your browser will ask for permission to send you notifications.

When you subscribe, we store the data needed to send you those notifications: a subscription endpoint, encryption keys, and optionally your language preference (e.g. en or nl). This data is stored in our database (Firebase, EU) and is used only to deliver the notifications you requested.

You can turn off notifications at any time using the "Turn off notifications" option on our website. Unsubscribing removes your subscription data from our systems. We do not use push subscription data for marketing or share it with third parties for their marketing.

If you have accepted analytics cookies, we may record when you reach our site by clicking a push notification, to understand how notifications are used.

7. Data Storage and Retention

We use temporary caching to improve website performance. The cached information is:

• Fetched from source systems (Google Places API, Firebase Storage) when first requested
• Temporarily stored in Upstash Redis (a cloud cache service) for performance optimization
• Automatically refreshed after the cache period expires (review data: 2 weeks; review profile images: 4 weeks; menu/config: 1 day)

We do not maintain any permanent databases containing personal data from reviews. The cache contains only publicly available information. Cart and delivery address data exist only in your browser until you send an order via WhatsApp or clear the data.

8. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

• Right to Access: You can request information about what personal data we display (though we do not store this data ourselves)
• Right to Rectification: If you believe any displayed information is incorrect, please contact Google directly, as the data originates from their platform
• Right to Erasure: If you wish to have your review removed, you must do so through your Google account, as we do not control the source data
• Right to Object: You can object to the processing of your personal data
• Right to Data Portability: You can request a copy of your data

To exercise these rights, please contact us using the information provided in section 10.

9. Cookies and Tracking

We respect your privacy and comply with the GDPR. We use optional analytics only with your consent.

Cookie consent

When you first visit our website, we show a cookie consent banner. You can choose to Accept or Reject optional analytics cookies. We do not load any analytics or send any data to Google until you click Accept. If you reject, we do not use analytics cookies on your device.

You can change your choice at any time using the Cookie settings link in the footer of our website. Your preference is stored locally in your browser and applies on future visits until you change it.

Google Analytics (optional)

If you accept cookies, we use Google Analytics 4 (GA4) to understand how visitors use our site (for example, which pages are viewed and how you interact with the menu and ordering links). This helps us improve our website. We use Google Consent Mode v2 so that no analytics data is sent until you have given consent.

Data collected when you have accepted may include: page views, approximate location (country-level), device type, and events such as clicks on menu sections, delivery partner links, and contact options. We do not collect personally identifiable information (PII) through analytics. For more information, see Google's Privacy Policy and How Google uses data when you use our partners' sites or apps.

Other third-party cookies

Third-party services embedded on our website may set their own cookies:

• Google Maps: The Google Maps embed on our website may set cookies according to Google's cookie policy. These cookies are used for map functionality and are not controlled by us.

You can control or delete cookies through your browser settings. Please note that disabling cookies may affect the functionality of embedded maps and of our cookie consent preference (you may see the consent banner again).

10. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last updated" date.