Privacy Policy

1.1 Restaurant Information

When restaurants register with ServeNow, we collect:

• Business Details: Restaurant name, business registration number, GST number, address, phone number, email address
• Owner/Manager Information: Name, contact details, identification for verification purposes
• Menu Data: Food items, descriptions, prices, categories, images, dietary information, allergen details
• Operational Data: Operating hours, table numbers, seating capacity, special instructions
• Banking Information: Bank account details for payment settlements (processed securely through Cashfree)

1.2 Staff User Information

For restaurant staff accounts, we collect:

• Personal Details: Name, email address, phone number, role/position
• Account Information: Username, encrypted password, role permissions
• Activity Logs: Login times, actions performed, order updates, system usage

1.3 Customer Information

When customers place orders through our QR code system, we collect:

• Order Details: Name, phone number, table number, order items, quantities, special instructions
• Payment Information: Payment method, transaction ID (payment details are processed by Cashfree, not stored by us)
• Device Information: IP address, browser type, device type, operating system (for security and analytics)
• Usage Data: Pages visited, time spent, menu items viewed, ordering patterns

1.4 Automatically Collected Information

• System Logs: Server logs, error reports, performance metrics
• Analytics Data: Order volumes, popular items, peak hours, revenue statistics
• Security Data: Failed login attempts, suspicious activities, access patterns

2.1 Service Provision

• Process and manage restaurant orders in real-time
• Facilitate communication between customers, kitchen staff, and service staff
• Generate QR codes for table-specific menu access
• Manage digital menus and real-time availability updates
• Process payments through our integrated Cashfree gateway
• Provide order tracking and status updates to customers

2.2 Business Operations

• Generate sales reports, analytics, and business insights for restaurants
• Monitor system performance and optimize service delivery
• Manage user accounts and role-based access permissions
• Process monthly subscription payments and billing
• Provide customer support and technical assistance

2.3 Legal and Security

• Comply with applicable laws and regulations
• Detect and prevent fraudulent transactions and activities
• Maintain system security and prevent unauthorized access
• Resolve disputes and investigate complaints
• Maintain records for tax and accounting purposes

3.1 Within the Restaurant Ecosystem

• Restaurant Staff: Order details are shared with authorized kitchen and service staff to fulfill orders
• Restaurant Management: Analytics and performance data are provided to restaurant owners and managers
• Customer Updates: Order status and notifications are sent to customers who placed orders

3.2 Third-Party Service Providers

• Cashfree Payment Gateway: Payment processing and transaction management (they have their own privacy policy)
• Supabase: Database hosting and management services with enterprise-grade security
• Cloud Storage Providers: For secure storage of menu images and system backups
• Email Service Providers: For sending notifications, receipts, and support communications

3.3 Legal Requirements

We may disclose information when required by law or to:

• Comply with legal processes, court orders, or government requests
• Enforce our terms of service and protect our rights
• Investigate fraud, security issues, or technical problems
• Protect the safety and rights of our users and the public

4.1 Technical Safeguards

• Encryption: All data transmission uses 256-bit SSL/TLS encryption
• Database Security: Row-level security (RLS) ensures data isolation between restaurants
• Authentication: Multi-factor authentication available for sensitive accounts
• Access Controls: Role-based permissions limit data access to authorized personnel only
• Regular Backups: Daily automated backups with secure, encrypted storage

4.2 Operational Security

• Staff Training: Regular security awareness training for all employees
• Access Monitoring: Continuous monitoring of system access and user activities
• Incident Response: Established procedures for security incident detection and response
• Regular Audits: Periodic security assessments and vulnerability testing
• Data Minimization: We collect and retain only necessary information

4.3 Payment Security

• PCI Compliance: Cashfree payment gateway is PCI DSS Level 1 compliant
• No Card Storage: We do not store credit card or payment details on our servers
• Secure Tokens: Payment processing uses secure tokenization
• Fraud Detection: Real-time monitoring for suspicious payment activities

5.1 Retention Periods

• Order Data: Retained for 7 years for tax and accounting purposes
• Customer Information: Deleted after 2 years of inactivity unless required for legal compliance
• Payment Records: Retained for 7 years as required by Indian financial regulations
• System Logs: Retained for 1 year for security and troubleshooting purposes
• Analytics Data: Aggregated, anonymized data may be retained indefinitely

5.2 Account Deletion

• Restaurant accounts: Data retained for 90 days after cancellation, then permanently deleted (except legally required records)
• Staff accounts: Deleted immediately upon removal by restaurant management
• Customer data: Automatically deleted after 2 years of no ordering activity

6.1 For Restaurant Owners and Staff

• Access: View and download all data associated with your restaurant account
• Correction: Update incorrect or outdated information through your dashboard
• Deletion: Request deletion of your account and associated data (subject to legal retention requirements)
• Data Portability: Export your restaurant data in standard formats
• Restriction: Limit processing of your data for specific purposes

6.2 For Customers

• Access: Request information about data collected during your orders
• Deletion: Request deletion of your personal information (contact us directly)
• Opt-out: Choose not to receive promotional communications
• Correction: Update incorrect information in your order history

7.1 Types of Cookies We Use

• Essential Cookies: Required for basic platform functionality (login sessions, security)
• Analytics Cookies: Help us understand how users interact with our platform
• Preference Cookies: Remember user settings and preferences
• Security Cookies: Detect suspicious activity and prevent fraud

7.2 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may affect platform functionality.