Security is foundational to Restaurant Platforms ("Restaurant Platforms"). This page summarises how we protect your data and your guests' data. We are happy to discuss our practices in more detail during a sales or onboarding conversation.

Encryption

Data is encrypted in transit using TLS and encrypted at rest by our infrastructure providers. Payment card data is handled by Stripe and never stored on our servers.

Tenant data isolation

Every restaurant's data is segregated by a tenant identifier and protected by database row-level security, so one restaurant's data is never accessible to another. AI features are tenant-scoped and cannot mix data across restaurants.

Access controls

Access to the platform uses role-based permissions, so staff only see what their role allows. Internal administrative access is limited, logged, and used only to operate and support the Service.

Audit logs

Important and sensitive actions — including data exports, deletions, and AI-executed actions — are recorded in an append-only audit trail capturing who did what, and when.

Backups and resilience

Data is backed up regularly by our database provider, and the application runs on a resilient, globally distributed hosting platform.

AI safeguards

AI recommendations are advisory and, for sensitive actions, require human approval before anything runs. AI activity is logged and auditable. We do not use your customer data to train public AI models — see our AI Advisory & Learning Policy.

Infrastructure providers

We build on trusted infrastructure including Supabase (database, auth, storage), Vercel (hosting), Stripe (payments), and others listed in our Data Processing Addendum.

Responsible disclosure

If you believe you have found a security vulnerability, please contact us at privacy@restaurantplatforms.com. See also our published security.txt. We appreciate responsible disclosure and will work with you to resolve genuine issues.