HosFin / Policies
Privacy Policy
We collect only what we need to run your booking and keep our promises. Here is exactly what that means, who else sees your information, and the rights you have under UAE law.
Who is the data controller
HosFin ("we", "us", "our") is the controller of the personal information described in this policy. HosFin is the trading name of HOSFIN FOR EVENTS MANAGING CO. L.L.C S.O.C, a Limited Liability Company (Single Owner) registered in the Emirate of Dubai, United Arab Emirates, under trade licence number 1614269 issued by the Government of Dubai Department of Economy and Tourism. Our registered office is Office 43-44, owned by Dubai Municipality, Al Fahidi, Bur Dubai. To contact us about your data, email support@hosfin.ae and put "Privacy" in the subject line.
Information we collect from you
When you browse the site, reserve a seat, book a session, or contact support, we collect: your name, mobile number, email address, the address where the session will take place, party size, dietary preferences and allergies, any notes you give us about the booking, the menu you select, and the messages you exchange with our team on WhatsApp or email. When you pay, our regulated payment processor collects your card or wallet details directly — HosFin does not see or store your full card number, only the last four digits and a token used for refunds.
Information we collect automatically
When you visit the site we automatically collect basic technical information: your IP address, device and browser type, the pages you view, the actions you take, the page that referred you, and timestamps. We also use Microsoft Clarity to record anonymised session replays and generate heatmaps that show how visitors move through the site — this helps us identify usability issues and improve the booking flow. We mask all sensitive form fields (your full name, WhatsApp number, payment details, and verification codes) before they reach Clarity so they are never visible in playback. This information is collected through cookies, similar technologies, and our hosting, analytics, and session-replay providers, and is used to keep the site working, prevent fraud, and improve the product.
How we use your information
We use your information to: (a) confirm and deliver your booking; (b) coordinate with the chef assigned to your session; (c) process payments, refunds, and chargebacks; (d) send you booking confirmations, reminders, and operational updates by WhatsApp, SMS, and email; (e) respond to your support requests; (f) detect and prevent fraud and abuse of the service; (g) comply with our legal, tax, and accounting obligations in the UAE; and (h) improve the service and develop new features. We use your information for marketing only with your consent (see below). We do not sell your personal information.
Lawful basis for processing
We rely on the following lawful bases under UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data (PDPL): performance of the contract you enter into with us when you book a session; compliance with our legal obligations (for example, tax records); your consent for marketing communications and non-essential cookies; and our legitimate interests in running, securing, and improving the service in a way that is balanced against your rights.
Sharing with chefs and partners
We share the minimum information chefs need to deliver your session — typically your first name, mobile number, address, party size, dietary notes and allergies, and the menu you selected. We share information with service providers acting on our behalf: payment processing (Stripe and our acquiring bank), messaging (Meta WhatsApp Business and Twilio), email delivery, hosting (Vercel, Supabase), product analytics and session replay (Google Analytics, Vercel Analytics, Microsoft Clarity), advertising attribution (Meta, TikTok, Google), and customer support tools. We may share information when required by law, court order, or a competent UAE authority, or where necessary to protect the safety, rights, or property of HosFin, our users, or the public.
International data transfers
Some of our service providers (including Stripe, Twilio, Meta, Microsoft, Vercel, and Supabase) host or process data outside the UAE — typically in the United States and the European Union. Where we transfer your personal data outside the UAE, we rely on the safeguards set out in the PDPL: transfers to jurisdictions with adequate protection, standard contractual clauses with our processors, or your explicit consent where required. You can ask us for a copy of the safeguards we use.
Marketing communications
We will send you marketing messages only if you opted in (for example by ticking a box at sign-up or replying YES to a WhatsApp prompt). You can unsubscribe at any time using the link in our emails, by replying STOP to a marketing message, or by emailing support@hosfin.ae. Operational messages — booking confirmations, payment receipts, schedule changes, refund updates — are part of the service and are not affected by your marketing preferences.
Cookies and similar technologies
We use a small number of cookies. Strictly necessary cookies keep you signed in, remember your booking in progress, and protect against fraud — the site cannot function without these. Analytics cookies help us understand how visitors use the site so we can improve it. Where the law requires consent for non-essential cookies, we will ask for it on first visit. You can clear or block cookies in your browser; some parts of the booking flow may not work if you do.
Data retention
We keep booking records, invoices, and payment records for as long as needed to provide the service and to meet our tax, accounting, and legal obligations in the UAE — typically up to seven years from the date of the transaction, in line with UAE tax record-keeping requirements. We keep account profile data while your account is active and for a reasonable period afterwards in case you return. Support conversations are retained for up to three years for quality and dispute resolution. Once retention periods expire, we delete or anonymise the data.
Your rights
Subject to UAE law, you have the right to: (a) access the personal information we hold about you; (b) ask us to correct information that is inaccurate; (c) ask us to delete information we no longer need to keep; (d) restrict or object to certain processing; (e) ask for a portable copy of information you provided; (f) withdraw any consent you previously gave us, without affecting processing already carried out; and (g) lodge a complaint with the UAE Data Office. To exercise these rights, email support@hosfin.ae from the address on your account. We will respond within 30 days and may ask you to verify your identity.
Security
We protect your information with industry-standard measures — encrypted connections (TLS), encrypted storage, role-based internal access, audit logging, and audited payment infrastructure provided by our payment processor. No system is perfectly secure. Use a strong, unique password, never share login codes, and contact us immediately at support@hosfin.ae if you suspect any unauthorised activity on your account. Where the law requires it and where there is a meaningful risk to you, we will notify you and the relevant UAE authority of a personal data breach without undue delay.
Children
HosFin is intended for adults aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe a child has provided us with information, contact us and we will delete it.
Third-party links
Our site may link to third-party websites — for example, payment pages or partner menus. This policy does not cover those websites. Please read their own privacy notices before sharing personal information with them.
Changes to this policy
We may update this policy from time to time. When we make material changes, we will update the date below and, where appropriate, notify you by email or WhatsApp before the change takes effect. Your continued use of HosFin after the change means you accept the updated policy.
Questions about your data?
Email support@hosfin.ae from the address on your account and we will get back to you within two business days.
Last updated: May 2026. HosFin is operated from the United Arab Emirates and complies with UAE Federal Decree-Law No. 45 of 2021 on the Protection of Personal Data. For questions not covered here, contact support@hosfin.ae.