Back to Home

Privacy Policy

Last updated: 12 May 2026

Mango Digital Pty Ltd (ABN 25 674 715 336)

At a glance

This Privacy Policy explains how Appetite Point of Sale (operated by Mango Digital Pty Ltd) handles personal information. The key points are:

  • Who we are: Mango Digital Pty Ltd, an Australian company operating the Appetite Point of Sale platform.
  • What we collect: Information from people who visit our website, restaurants that use our platform, diners who order through restaurant apps, and people who contact us.
  • How we use it: To provide the Appetite platform, support our customers, run our business, and (where you have agreed) to send you marketing.
  • Where it is stored: In Australia, on infrastructure based in Sydney.
  • Who we share it with: A short list of trusted service providers, all named in this Policy. Personal information does not leave Australia, except in very limited cases described below.
  • Your rights: You can access, correct, or delete your personal information. To do so, email support@appetitepos.com.au.

The detail follows below. If you would rather just talk to a person, contact us using the details at the end.

1. Who this Policy applies to

This Policy applies to personal information handled by Appetite in connection with:

  • visitors to https://appetitepos.com.au and related Appetite-owned websites;
  • Restaurant Partners — businesses that subscribe to the Appetite platform — and their owners, operators, and staff;
  • End Users — diners who order through a Restaurant Partner's white-label app or online ordering page;
  • prospects who enquire about Appetite, request a demo, or otherwise contact us through sales and marketing channels;
  • anyone else who contacts us through our support, sales, or general enquiry channels.

Where a Restaurant Partner uses the Appetite platform to handle personal information about its own customers, the Restaurant Partner is responsible for that information under the Australian Privacy Principles. Appetite acts as a service provider in that context. The Data Processing Agreement available at https://appetitepos.com.au/dpa sets out the detail of that relationship.

2. Who we are

Appetite is a brand of Mango Digital Pty Ltd (ABN 25 674 715 336), an Australian company that operates the Appetite Point of Sale platform.

Contact us at:

  • Email: support@appetitepos.com.au
  • Phone: +61 481 827 738
  • Mail: PO Box 6162, Halifax Street, South Australia 5000, Australia

We are bound by the Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth), and we are committed to handling personal information in accordance with those principles.

3. What we mean by "personal information"

In this Policy, personal information has the same meaning as in the Privacy Act 1988 (Cth) — information or an opinion about an identified individual, or an individual who is reasonably identifiable, whether or not it is recorded in a material form.

4. What personal information we collect

4.1 Visitors to our website

When you visit https://appetitepos.com.au, we collect:

  • technical information automatically logged by your browser (IP address, device type, browser, operating system, referring page);
  • pages you view and actions you take on the site;
  • information you provide if you submit a contact or enquiry form (name, email, phone number, business name, business type, and the message you send us);
  • information collected through analytics and advertising tools, described in section 9 (Cookies, analytics, and advertising).

4.2 Prospects and people who enquire about Appetite

When you contact us through a sales enquiry, demo request, Instagram DM, email, or any other sales or marketing channel, we collect:

  • your name and contact details;
  • your business name, business type, and location;
  • the content of your communications with us;
  • notes our team takes about your business and interest in the platform.

This information is stored in our customer relationship management system (HubSpot) for the purpose of managing the sales conversation.

4.3 Restaurant Partners

When a Restaurant Partner signs up for and uses the Appetite platform, we collect:

  • business information — business name, ABN, trading address, business type, websites and social profiles;
  • owner and operator information — names, contact details (email, phone), and (where required for verification) identification documents;
  • billing information — payment method details held by Stripe for subscription billing (we do not see or store full card numbers — see section 6);
  • merchant configuration — settings the Restaurant Partner provides to configure the platform, including menu data, pricing, integrations, branding, and operational preferences;
  • platform usage information — logs of when and how the platform is used, which features are accessed, errors and crashes, and information generated through use of the platform;
  • staff records uploaded into the platform — typically staff names, contact information, and rostering and clock-in/out times.

Appetite staff can technically access information held on the platform for the purpose of providing support and operating the platform. We do not access this information without a reason, and access is governed by our internal access controls described in section 12.

4.4 End Users (diners)

When you order from a restaurant using the Appetite platform — through a white-label mobile app or an online ordering page — we collect, on behalf of the restaurant:

  • your name;
  • your phone number;
  • your delivery address (for delivery orders);
  • your order details and order history;
  • payment information processed by Tyro (we do not see or store your card numbers — see section 6);
  • a non-identifying device identifier (UUID) for push notifications, if you have a restaurant's app installed;
  • your location, where you have given permission, to help find nearby restaurants or for delivery;
  • IP address and device information, for security and fraud prevention.

We collect your email address only if you choose to provide it (for example, during account setup or to receive a receipt).

When you place an order, the restaurant is responsible for this information under the Australian Privacy Principles. Appetite handles it on the restaurant's behalf.

4.5 People who contact us

When you contact us through support, sales, or general enquiry channels, we collect:

  • your name and contact details;
  • the content of your communication;
  • any information you choose to share with us.

5. How we collect personal information

We collect personal information:

  • directly from you — when you fill in a form, sign up for the platform, place an order, contact us, or otherwise interact with us;
  • automatically — through cookies, analytics tools, and platform logs (see section 9);
  • from third parties — including payment processors (Tyro, Stripe), delivery platforms (Uber Direct, DoorDash Drive), and integration partners, in connection with services they provide on or alongside the Appetite platform.

We only collect personal information by lawful and fair means, and where it is reasonably necessary for one or more of our functions or activities.

6. How payment information is handled

Card payments are processed by:

  • Tyro Payments Limited for transactions between End Users and Restaurant Partners; and
  • Stripe Payments Australia Pty Ltd for Appetite's own subscription billing to Restaurant Partners.

Appetite does not see or store your full card numbers. Card data is entered through Tyro's or Stripe's secure infrastructure, which is compliant with the Payment Card Industry Data Security Standard (PCI DSS).

For repeat-customer functionality, Tyro may provide us with a card token identifier — a reference that lets us recognise a returning customer's payment method. The token itself cannot be used to recover your card details, is stored only by Tyro (not on our systems), expires automatically after three months, and is locked to the specific customer who created it.

When you pay with Apple Pay or Google Pay, your card details are tokenised by Apple or Google before reaching Tyro or Stripe. Appetite never receives your card numbers.

7. How we use personal information

We use personal information for the following purposes.

7.1 To operate the Appetite platform

  • providing the Services to Restaurant Partners and their staff;
  • enabling End Users to place orders and receive updates;
  • processing payments through Tyro and Stripe;
  • providing customer support;
  • maintaining, securing, and improving the platform;
  • developing new features and improving existing ones (including through aggregated and anonymised analytics);
  • training and improving Appetite Intelligence, our in-house AI capability, which operates only on anonymised data within Australia (see section 10).

7.2 To run our business

  • managing our relationships with Restaurant Partners and prospects;
  • billing, invoicing, and collecting payment;
  • complying with our legal, tax, and regulatory obligations;
  • managing risk, including fraud prevention and security;
  • protecting our rights and the rights of others.

7.3 To communicate with you

  • responding to enquiries, support requests, and complaints;
  • sending service messages about the platform (outages, maintenance, important updates);
  • sending marketing communications (see section 8).

7.4 Where required or permitted by law

  • where we are required to disclose information by law, regulation, court order, or government direction;
  • to establish, exercise, or defend legal claims;
  • to assist law enforcement and regulatory authorities where required.

8. Marketing communications

8.1 Marketing to Restaurant Partners

If you are a Restaurant Partner or a prospect, we may send you marketing communications about Appetite — primarily SMS updates approximately every two months covering new features and product changes. We may transition to email marketing in the future, and where we do, we will use Klaviyo to send those communications.

You can opt out of marketing communications at any time:

  • by replying STOP to any marketing SMS;
  • by clicking the unsubscribe link in any marketing email (when we begin sending email marketing); or
  • by contacting support@appetitepos.com.au.

Service messages relating to your account, billing, or important platform updates are not marketing and you cannot opt out of these while you remain a customer.

8.2 Marketing to diners

Marketing communications to diners are the responsibility of the restaurant they ordered from, not Appetite. The Appetite platform may be used by restaurants to send marketing SMS to their customers, but the content, timing, and Spam Act compliance of those messages is the restaurant's responsibility. Diners can manage marketing preferences within the restaurant's app or by replying STOP to any marketing SMS.

9. Cookies, analytics, and advertising

9.1 Cookies on the Appetite website

When you visit https://appetitepos.com.au, we use cookies and similar technologies for the following purposes:

  • essential cookies — to make the site work, remember your session, and protect against security threats;
  • analytics cookies — to understand how visitors use the site so we can improve it. We use Google Analytics and Google Tag Manager for this purpose;
  • marketing cookies — to support our digital advertising. We use the Meta Pixel (Facebook) for retargeting and audience building, and we may run advertising campaigns through Google Ads and Meta Ads that rely on these cookies.

You can control cookies through your browser settings. Disabling essential cookies may prevent the site from working correctly.

We are working on adding a cookie consent banner to the Appetite website to give you clearer control over non-essential cookies.

9.2 Cookies on restaurant ordering websites

Restaurant ordering websites operated through the Appetite platform use essential cookies only — for the cart, session, and login. These are required for ordering to work and cannot be turned off.

9.3 Analytics and Google

Google Analytics processes some data (including IP-based location data) on Google's infrastructure, which may include servers outside Australia. We use Google Analytics in a way that does not provide Google with content data, payment data, or identifying customer data — only general site usage information.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on, available at https://tools.google.com/dlpage/gaoptout.

9.4 Advertising

If we run advertising campaigns through Meta, Google Ads, or similar platforms, your visit to our website may cause those platforms to add you to a retargeting audience. You can manage advertising preferences through:

  • Meta: https://www.facebook.com/adpreferences
  • Google: https://adssettings.google.com

10. Appetite Intelligence

Appetite Intelligence is our in-house artificial intelligence capability that powers product recommendations and customer insights within the platform.

Appetite Intelligence:

  • operates only on anonymised data — no personally identifiable information about diners is used to train or run the model;
  • operates only on Australian infrastructure — no data is sent to any third-party AI service or any infrastructure outside Australia;
  • maintains strict per-restaurant isolation — data from one restaurant is not used to inform outputs provided to any other restaurant.

Appetite Intelligence is an integrated feature of the platform.

11. Who we share personal information with

We share personal information with the following categories of recipients.

11.1 Service providers (sub-processors)

We engage the following service providers to help us operate the platform. Each is bound by contractual obligations to handle personal information consistently with this Policy:

  • Tyro Payments Limited — card payment processing for Restaurant Partners' customers (Australia);
  • Stripe Payments Australia Pty Ltd — Appetite subscription billing (Australia);
  • Telstra Corporation Limited — SMS messaging (Australia);
  • DigitalOcean LLC — hosting and content delivery (Australia, Sydney region);
  • Google LLC — analytics (Google Analytics), tag management (Google Tag Manager), and advertising (Google Ads) (may involve cross-border data flows — see section 13);
  • Meta Platforms Inc. — advertising and analytics (Meta Pixel) (may involve cross-border data flows — see section 13);
  • HubSpot — customer relationship management for sales and prospect data;
  • Klaviyo — email marketing platform (where we send marketing emails);
  • OneSignal Inc. — push notification delivery (non-identifying UUIDs only — see section 13);
  • Pushy.me — push notification delivery (non-identifying UUIDs only — see section 13);
  • Uber Direct — delivery dispatch where enabled by the Restaurant Partner (Australia);
  • DoorDash Drive — delivery dispatch where enabled by the Restaurant Partner (Australia).

11.2 Restaurant Partners

End Users' personal information is handled on behalf of the restaurant they have ordered from. We share that information with the relevant Restaurant Partner as part of providing the Services.

11.3 Professional advisers

We may disclose personal information to our legal, accounting, audit, insurance, and other professional advisers where reasonably necessary to obtain advice, manage risk, or pursue or defend legal claims.

11.4 Government, regulators, and law enforcement

We may disclose personal information where required by law, court order, regulatory direction, or to cooperate with law enforcement or regulatory investigations.

11.5 In connection with a business sale

If Appetite or its business is sold, merged, or restructured (in whole or in part), we may disclose personal information to actual or prospective acquirers and their advisers, subject to appropriate confidentiality protections. Any acquirer would be bound by this Policy (or an equivalent policy) in respect of the personal information transferred.

11.6 With your consent

We may otherwise disclose personal information with your consent.

We do not sell personal information.

12. How we protect personal information

We take the security of personal information seriously. The measures we apply include:

  • Australian data residency — all personal information is hosted on infrastructure in Sydney, Australia, except for the limited cross-border transfers described in section 13;
  • encryption — data is encrypted in transit (TLS) and at rest;
  • PCI DSS compliance — payment card data handling complies with PCI DSS SAQ A requirements (card numbers never touch our systems);
  • access controls — Appetite staff access to personal information held on the platform is limited to those who need it to perform their role (least-privilege access). Access is for support and platform operation only, and is logged;
  • secure infrastructure — firewalls, network segmentation, and security monitoring;
  • confidentiality obligations — all Appetite staff are bound by confidentiality obligations;
  • regular review — we review and improve our security practices on an ongoing basis.

While we apply strong security measures, no system is completely secure. If you become aware of a security issue, please email us at support@appetitepos.com.au.

13. Where personal information is stored, and cross-border data flows

Personal information collected through the Appetite platform is stored in Australia, on infrastructure operated by DigitalOcean in their Sydney region.

Limited information leaves Australia in the following circumstances:

  • Push notifications — to deliver push notifications, we send non-identifying device identifiers (UUIDs) to OneSignal (United States) and Pushy.me. No personal information, contact details, order content, or transaction data is transferred.
  • Google Analytics and Google Ads — Google may process analytics and advertising data on its global infrastructure, which includes servers outside Australia. This processing does not include order data, payment data, or identifying customer data.
  • Meta Pixel and Meta Ads — Meta processes advertising data on its global infrastructure, which includes servers outside Australia.

Where we transfer personal information outside Australia, we take reasonable steps to ensure the overseas recipient handles the information consistently with the Australian Privacy Principles.

14. How long we keep personal information

We retain personal information only for as long as we need it for the purposes set out in this Policy, or for as long as we are required to keep it by law.

As a general guide:

  • Restaurant Partner data — retained for the duration of the subscription, plus a 90-day grace period during which the Restaurant Partner can request data export, after which it is deleted from our active systems;
  • End User order data — retained according to the relevant restaurant's policy, but at least for the periods required by Australian tax and record-keeping laws;
  • Financial and transactional records — retained for at least 7 years to comply with the Income Tax Assessment Act 1936 (Cth), the Income Tax Assessment Act 1997 (Cth), and other applicable tax laws;
  • Sales and prospect information — retained in HubSpot for as long as we are actively engaging with the prospect, and for a reasonable period afterwards;
  • Marketing data — retained until you opt out, and deleted shortly thereafter;
  • Support and enquiry records — retained for as long as needed to provide support and address related issues, typically up to 7 years.

Where we are required to retain information by law (for example, tax records), we will retain it for the required period regardless of the above.

15. Your privacy rights

You have the following rights in relation to your personal information.

15.1 Access

You can ask us to give you a copy of the personal information we hold about you.

15.2 Correction

You can ask us to correct personal information that is inaccurate, out of date, or incomplete.

15.3 Deletion

You can ask us to delete your personal information. We may need to retain some information where we are required to do so by law (for example, financial records), but we will explain this if it applies to your request.

15.4 Withdrawal of consent

Where our handling of personal information relies on your consent, you can withdraw your consent at any time. Withdrawal does not affect handling that has already occurred.

15.5 Marketing opt-out

You can opt out of marketing communications at any time (see section 8).

15.6 Complaint

If you are concerned about how we have handled your personal information, you have the right to make a complaint to us (see section 16) or to the Office of the Australian Information Commissioner.

16. How to exercise your rights, or make a complaint

To exercise any of the rights above, or to make a privacy complaint, please email us at:

support@appetitepos.com.au

To protect your privacy, before we respond to a request we will ask you to verify your identity by providing:

  • a valid government-issued photo ID; and
  • proof that you control the email address on file with us.

This is to make sure we do not disclose your personal information to someone pretending to be you.

We aim to acknowledge your request within 7 business days and to respond substantively as quickly as practicable thereafter. Access to your own personal information is free of charge.

If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):

  • Website: https://www.oaic.gov.au
  • Phone: 1300 363 992
  • Mail: GPO Box 5288, Sydney NSW 2001

17. Data breaches

We have procedures in place to detect, contain, investigate, and respond to data breaches.

If a data breach occurs that is likely to result in serious harm to affected individuals, we comply with the Notifiable Data Breaches scheme under the Privacy Act 1988 (Cth):

  • For personal information Appetite is responsible for (Restaurant Partner data, marketing site data, sales and prospect data): we notify affected individuals directly, and we notify the OAIC as required.
  • For personal information Appetite handles on behalf of a Restaurant Partner (End User order data and similar): we notify the Restaurant Partner without undue delay and within 72 hours of becoming aware of the breach. The Restaurant Partner is then responsible for notifying affected individuals, with our reasonable assistance.

We will not delay notification where notification is required by law.

18. Children

The Appetite platform is not directed at children. We do not knowingly collect personal information from anyone under 18 years of age.

If we become aware that we have collected personal information from someone under 18, we will delete that information promptly. If you believe we have collected information from a person under 18, please contact us at support@appetitepos.com.au.

19. Job applicants and careers

We do not currently collect job applications, but we may add a careers page to our website in the future. If we do, we will update this Policy to explain how we handle applicant information.

If you contact us about working at Appetite, we will collect and use the information you share with us solely to consider your application and communicate with you about it. We will not use it for any other purpose without your consent.

20. Changes to this Policy

We may update this Policy from time to time. The current version is always available on our website at https://appetitepos.com.au/privacy, and the "Last updated" date at the top of the Policy reflects the most recent version.

For material changes that affect Restaurant Partners' rights or obligations, we will provide notice in accordance with the Appetite Terms of Service.

For changes affecting End Users, the updated Policy applies from the date it is published.

21. Definitions

In this Policy:

  • APPs means the Australian Privacy Principles set out in Schedule 1 of the Privacy Act 1988 (Cth).
  • Appetite, we, us, our means Mango Digital Pty Ltd (ABN 25 674 715 336), trading as Appetite Point of Sale.
  • End User means an individual who interacts with the Services as a customer of a Restaurant Partner, including diners placing orders through a Restaurant Partner's online ordering page or white-label mobile app.
  • Personal information has the meaning given in section 3.
  • Restaurant Partner means a business that has subscribed to the Appetite platform.
  • Services means the Appetite Point of Sale platform and related products, as described in the Appetite Terms of Service.

22. Contact us

Mango Digital Pty Ltd
Trading as Appetite Point of Sale
Email: support@appetitepos.com.au
Phone: +61 481 827 738
Mail: PO Box 6162, Halifax Street, South Australia 5000, Australia

Other Legal Documents

Privacy PolicyTerms of ServiceEnd-User Policy

Questions about this policy?

Contact our team for clarification

support@appetitepos.com.au