PandOr App — Privacy Policy

Internal Employee Portal for Pand'Or

Effective Date: April 10, 2026

1. Introduction

This Privacy Policy describes how Pand'Or ("we", "us", "our") collects, uses, stores, and protects personal information through the PandOr App ("the App").

The App is an internal employee portal designed exclusively for authorized employees and staff of Pand'Or. Access is restricted to individuals whose accounts have been created by a company administrator. There is no public registration.

By using the App, you agree to the collection and use of information in accordance with this policy. If you do not agree, please discontinue use and contact your administrator.

2. Information We Collect

2.1 Information Provided by Your Administrator

When your company administrator creates your account, the following information is recorded:

2.2 Information You Provide Through the App

2.3 Information Collected Automatically

2.4 Information We Do NOT Collect

3. How We Use Your Information

We use the collected information solely for internal business operations:

Purpose Data Used
Authenticate your identity and manage sessions Email, password (hashed), JWT tokens
Enable internal communication (chat, announcements) Name, messages, images, @mentions
Manage operational workflows (purchasing, maintenance, menu development) Business data entries, role, department
Send push notifications for work-related updates Device push token, device platform
Enforce role-based access control Assigned role, department
Display employee names in relevant contexts (comments, assignments, chat) Full name

We do not use your information for advertising, profiling, automated decision-making, or any purpose unrelated to Pand'Or's internal operations.

4. Data Sharing and Disclosure

4.1 Within the Organization

Your name, role, and department are visible to other authenticated employees within the App, as this is necessary for internal communication and workflow management. Messages in private chats are only visible to the participants. Group chat messages are visible to group members.

4.2 Third-Party Services

We use the following third-party services to operate the App:

Service Provider Purpose Data Shared
Expo Push Notification Service Expo / 650 Industries, Inc. Delivering push notifications to your device Device push token, notification content (title, body)
Apple Push Notification service (APNs) Apple Inc. Push notification delivery on iOS Device token
Firebase Cloud Messaging (FCM) Google LLC Push notification delivery on Android Device token

4.3 No Sale of Data

We do not sell, rent, trade, or otherwise transfer your personal information to third parties for commercial or marketing purposes.

4.4 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or enforceable governmental request.

5. Data Storage and Security

5.1 Storage

5.2 Security Measures

5.3 Data Breach

In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law within a reasonable timeframe.

6. Data Retention

7. Your Rights

As an employee using this App, you have the following rights regarding your personal data:

To exercise any of these rights, contact your company administrator or reach out to us using the contact information provided below.

8. Children's Privacy

The App is intended for use by authorized employees of Pand'Or only. We do not knowingly collect personal information from anyone under the age of 17. If you believe a minor has been granted access to the App in error, please contact us immediately so we can take appropriate action.

9. International Data Transfers

The App's servers are located in Indonesia. If you access the App from outside Indonesia, please be aware that your data may be transferred to and processed in Indonesia. By using the App, you consent to such transfer and processing.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For account-related requests (access, correction, deletion), please contact your company administrator directly.