JOUZU上手DOHA
Join Rewards

JOUZU Doha · Legal · Privacy

プライバシー · puraibashīPrivacy Policy

We collect the minimum we need to bake your cake, get it to your door, and remember you next time. Nothing is sold to third parties. Here is exactly what that means in practice.

Last updated · May 1, 2026

Who we are

The data controller is Jouzu™ Bakery W.L.L. (ﻣﺨﺒﺰ ﺟﻮﺯﻭ), registered in Qatar (CR No. 138290). Our Data Protection Officer can be reached at privacy@jouzu.qa.

What we collect

When you create an account or place an order, we collect:

  • Identity: name, phone number, email address.
  • Delivery: Qatar Blue Plate address (Zone, Street, Building), apartment, optional landmark.
  • Payment: a secure token from our PCI-DSS payment partner. We do not store card numbers or CVVs on our servers.
  • Order history: what you bought, when, and how it was delivered, so we can run rewards and answer support questions.
  • Device data: IP address, device type, app version, and crash logs — used only to keep the site secure and the app working.

How we use it

Strictly for the purposes you’d expect:

  • Fulfilling your order and giving the courier the right address.
  • Running JOUZU Rewards — points, tier upgrades, free birthday cake.
  • Sending order updates, receipts, and (only if you opt in) seasonal-flavour announcements.
  • Preventing fraud and improving our service through aggregate analytics.

Sharing

We share data only with vendors who help us run the service, under written contract:

  • Our payment processor (for card authorisation).
  • Our delivery dispatch platform (for the courier to find you).
  • Our cloud hosting provider (which stores data in encrypted form).
  • Qatari authorities, where we are legally required to do so.

We never sell your personal information, and we don’t run third-party advertising trackers on the site.

Cookies & analytics

We use a small number of essential cookies for cart and login state, and a privacy-respecting analytics tool that records anonymised page views. You can decline non-essential cookies via the banner shown on first visit; the site will still work normally.

Your rights

Under Qatar’s Personal Data Protection Law (Law No. 13 of 2016) and best-practice GDPR principles, you may at any time:

  • Request a copy of the data we hold about you.
  • Correct any data that is inaccurate.
  • Ask us to delete your account and associated data.
  • Withdraw marketing consent (one-tap from any email).
  • Lodge a complaint with the Compliance and Data Protection Department of the Ministry of Communications and Information Technology (MCIT).

Retention

Order records are retained for seven years to satisfy Qatari tax and accounting law. Marketing preferences are retained until you change them. Account data is deleted within 30 days of a verified deletion request, except where retention is legally required.

Security

All traffic to and from JOUZU is encrypted with TLS 1.2 or higher. Data at rest is encrypted on our hosting provider’s servers. Access to production systems is restricted to a small engineering team using two-factor authentication.

Changes

If we materially change this policy, we will email registered users at least 30 days before the change takes effect. The current version is always available on this page with a “last updated” date.

Questions about this policy?

Our team in Doha replies within one business day. Trade enquiries welcome.

Contact us