Restaurant Technologies
Get started

Legal

Privacy Policy

Last updated: 2026-05-08

This Privacy Policy explains how Restaurant Technologies Inc. ("Restaurant Technologies," "we," "us") collects, uses, shares, and safeguards personal information when you use our platform. This policy applies to restaurant Tenants who use our admin dashboard, end-customers who order through a Tenant's site powered by us, and visitors to our marketing pages.

Important: this is a template starting point. Have qualified counsel in your jurisdiction review and customise before relying on it in production. Canadian operators should ensure PIPEDA compliance; EU/UK exposure requires GDPR/UK-GDPR compliance.

1. The roles we play

We process personal information in two different roles depending on the data:

  • Controllerfor: visitor and prospect data on our marketing site, Tenant account data (the restaurant owner's name, email, billing details), and aggregated platform analytics.
  • Processorfor: end-customer data submitted through a Tenant's storefront (orders, customer accounts, reservations, AI conversations). The Tenant is the controller; we process this data only to deliver the Service to that Tenant.

2. What we collect

Tenant account data

  • Name, email, phone, restaurant name, business address;
  • Authentication credentials (managed by Supabase Auth);
  • Stripe Connect account ID and onboarding state (we do not see card numbers or bank details — Stripe holds those);
  • Subscription plan, billing email, and usage events (orders, AI messages).

End-customer data (processed on behalf of Tenants)

  • Name, email, phone, delivery address;
  • Order items, totals, payment status, fulfilment type, scheduled time;
  • Optional reservation data (party size, date, special requests);
  • AI assistant conversation transcripts (when the Tenant has the customer concierge enabled).

Visitor / device data

  • IP address, browser/device type, pages viewed, referrer;
  • Cookies and similar technologies (see Cookies below).

We do not collect government IDs, biometrics, payment card numbers (Stripe handles those), or sensitive special-category data.

3. How we use it

  • To provide and operate the Service: authenticate you, fulfil orders, send transactional emails (welcome, magic-links, order confirmations, refunds, password resets), and route payments via Stripe;
  • To improve and secure the Service: monitor performance, detect abuse, fix bugs;
  • To support you when you contact us;
  • To bill you and meet our legal accounting obligations;
  • To send service announcements and, with explicit opt-in, product news.

We do notsell your personal information. We do not use end-customer data to train AI models. AI conversations are sent to model providers (Anthropic, OpenAI) via API calls under their zero-retention or short-retention enterprise terms; see those providers' policies for detail.

4. Legal bases (EEA / UK)

If you're in the EEA or UK, our legal bases for processing are:

  • Performance of a contract — to provide the Service;
  • Legitimate interests — to secure the platform, prevent fraud, and improve features;
  • Legal obligation — tax and accounting records;
  • Consent — for non-essential cookies and marketing communications.

5. Sub-processors and service providers

We use the following sub-processors to deliver the Service:

  • Supabase (Postgres database, Auth, Storage, Realtime) — primary hosting;
  • Vercel — application hosting and edge network;
  • Stripe — SaaS subscription billing + tenant Connect payments;
  • Resend — transactional email delivery;
  • Anthropic and/or OpenAI — AI model providers for the customer concierge and management consultant.

Each sub-processor is bound by data-protection terms commensurate with their role.

6. Cookies

We use a small set of cookies. Strictly-necessary cookies (auth session, cart token, CSRF) are loaded by default; non-essential cookies (analytics, etc., when configured) are loaded only after you accept them in the consent banner. You can change your choice anytime via your browser's cookie settings or by clearing storage for our domain.

7. International transfers

Personal information may be processed in Canada, the United States, or other regions where our sub-processors operate data centres. Where personal data is transferred out of the EEA/UK, transfers are protected by Standard Contractual Clauses or equivalent safeguards.

8. Retention

  • Tenant account data: retained while your account is active and for 7 years after closure for tax / audit purposes.
  • End-customer order data: retained per the controlling Tenant's instructions, default 7 years for tax records.
  • AI conversations: retained 90 days for support and quality monitoring, then anonymised or deleted.
  • Marketing-site analytics: aggregated; raw event data 13 months.

9. Your rights

Depending on where you live (PIPEDA in Canada, GDPR in the EEA, UK GDPR, CPRA in California), you have rights to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. Exercise these rights by emailing privacy@restauranttech.app; we'll verify your identity and respond within 30 days. End-customers should direct rights requests primarily to the Tenant they ordered from; we'll assist as that Tenant's processor where appropriate.

10. Security

We use TLS for all data in transit, encryption at rest (managed by Supabase / Stripe), Row Level Security for tenant isolation, role-based access in our internal admin tooling, and audit logs. We never store raw payment card numbers; all card data is tokenised by Stripe. Despite reasonable safeguards, no system can be guaranteed perfectly secure; we'll notify affected users of any data breach as required by law.

11. Children

The Service is not directed to children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If you believe a child has provided personal information, contact us and we'll delete it.

12. Changes

We may update this Privacy Policy from time to time. The "Last updated" date at the top reflects the most recent version. Material changes will be communicated by email or in-app notice.

13. Contact

Privacy enquiries: privacy@restauranttech.app. Postal address: Toronto, Ontario, Canada.