Back to home

Privacy Policy

This starter policy reflects the current QR food ordering SaaS implementation. Review it with qualified counsel and replace placeholders before production launch.

Submit a data request

Data We Collect

For guest food ordering, we collect order details such as room or table, selected items, guest name, phone number, and optional order notes. For tenant operations, we collect property details, owner/admin/kitchen account details, subscription activity, and audit logs.

How We Use Data

We use this data to process food orders, show order status, operate admin/kitchen/owner/superadmin portals, manage subscriptions, prevent QR misuse, protect tenant accounts, and maintain security audit logs.

Where Data Is Stored

The current deployment runs the application on Vercel and stores application data in Supabase PostgreSQL. The production database region should match the configured Supabase project region. Backups, retention settings, and subprocessors must be reviewed in the Vercel and Supabase dashboards before commercial launch.

Cookies

The app uses essential authentication cookies for staff and platform portal sessions. These cookies are HTTP-only and are used to keep users signed in. Analytics or marketing cookies should not be added without updating this policy and adding consent where required.

Data Sharing

Tenant staff can access order and room data for their own property. Platform superadmins can access tenant and subscription data for platform support and administration. Data is not sold.

Retention And Deletion

Order, account, subscription, and audit data are retained while needed for operations, accounting, security, and dispute handling. Deletion requests are reviewed before action because some records may need to be kept for accounting, fraud prevention, dispute handling, or legal obligations.

Data Request Process

Users can submit access, export, correction, or deletion requests through the data request form. The platform operator should verify the requester's identity, locate related tenant/order/staff records, record the outcome, and respond through the submitted contact details.

Security Monitoring

The app records operational audit events and exposes health-check endpoints for uptime monitoring. Security logs and provider dashboards should be reviewed regularly for failed logins, suspicious request volume, and unusual tenant activity.

Your Rights

Depending on location, users may have rights to access, correct, export, or delete personal data. Add the final legal entity name, support contact, and jurisdiction before accepting commercial customers.