Privacy Policy

Effective date: {{EFFECTIVE_DATE}} Last updated: {{EFFECTIVE_DATE}}

{{COMPANY_LEGAL_NAME}} ("we", "us", "our") operates {{POS_BRAND}}, a restaurant point-of-sale and ordering platform available at {{DOMAIN}} (the "Service"). This Privacy Policy explains what personal information we collect, why we collect it, how we use and share it, and the rights you have over it.

We act as a data controller for account and billing information of the restaurant businesses that subscribe to the Service, and as a data processor on behalf of those businesses for the order, customer, and transaction data they process through the Service.

1. Who we are

Legal entity: {{COMPANY_LEGAL_NAME}}
Country of registration: {{COUNTRY_OF_REGISTRATION}}
Registered address: {{COMPANY_ADDRESS}}
Privacy contact: {{CONTACT_EMAIL}}

If you are in a jurisdiction that requires a designated contact for data protection matters, you can reach our privacy team at {{CONTACT_EMAIL}}.

2. Information we collect

a. Information you give us directly

Account and onboarding data: name, business/restaurant name, email address,

password (stored only as a salted hash, never in plain text), preferred language, country, and tax registration identifiers you choose to enter.

Staff records you create: staff names, roles, and login credentials for your

team members.

Support and communications: messages you send us by email or through the

Service.

b. Information generated by using the Service

Operational data: menu items, prices, orders, tables, branches, tax

configuration, receipts, and similar records your business creates.

Guest ordering data: order contents and any details a guest provides when

placing an order through a QR / guest link.

Technical data: IP address, device and browser type, session identifiers, and

log data needed to operate, secure, and debug the Service.

c. Payment information

We do not intentionally collect special-category data (such as health, biometric, or precise location data) and ask that you do not enter such data into the Service.

3. How we use information (purposes of use)

We use personal information to:

create and operate your account and provide the Service;
process and display orders, receipts, and tax calculations;
authenticate users and keep accounts secure;
provide customer support and respond to your requests;
send service-related notices (for example, security or billing notices);
bill for paid plans and prevent fraud;
comply with legal, tax, and accounting obligations; and
improve the Service through aggregated, non-identifying analysis.

We will not use your personal information for a new, unrelated purpose without notifying you or, where required by law, obtaining your consent. (For users in Japan, this reflects the APPI requirement to specify the purpose of use; for users in Thailand, the lawful-basis requirements of the PDPA.)

4. Legal bases for processing

Depending on your jurisdiction, we rely on one or more of the following: your consent; performance of a contract with you; compliance with a legal obligation; and our legitimate interests in operating and securing the Service, where those interests are not overridden by your rights.

5. How we share information

We share personal information only as described here:

Service providers (sub-processors) who host and support the Service,

including {{HOSTING_PROVIDER}} (hosting and database) and {{AI_PROVIDER}} (AI features, where applicable). These providers process data on our instructions under contractual confidentiality and security obligations.

Payment processing via {{PAYMENT_PROVIDER}}, where applicable.
Legal and safety reasons: when required by law, regulation, legal process,

or to protect the rights, safety, and property of users or the public.

Business transfers: in connection with a merger, acquisition, or sale of

assets, subject to this Policy.

We do not sell personal information.

6. International data transfers

The Service may store or process data on servers located outside your country, including through {{HOSTING_PROVIDER}}. Where we transfer personal information across borders, we take steps required by applicable law to protect it. Users in Japan: cross-border transfers are made in accordance with the APPI. Users in Thailand: transfers are made in accordance with the PDPA.

7. Data retention

We retain personal information for as long as your account is active and as needed to provide the Service, then for the period required to meet legal, tax, and accounting obligations, after which we delete or anonymize it. Restaurant businesses control the operational and customer data they enter and may delete it through the Service or by contacting us.

8. Your rights

Subject to your local law, you may have the right to access, correct, update, delete, or restrict the processing of your personal information, to object to certain processing, to withdraw consent, and to request a copy of your data. To exercise these rights, contact {{CONTACT_EMAIL}}. We will respond within the time required by applicable law. You may also have the right to lodge a complaint with your local data protection authority.

9. Security

We use technical and organizational measures to protect personal information, including encryption in transit, hashed passwords, access controls, and tenant isolation between businesses. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Children's privacy

The Service is intended for businesses and is not directed to children. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact {{CONTACT_EMAIL}}.

11. Changes to this Policy

We may update this Privacy Policy from time to time. We will post the updated version at {{DOMAIN}} with a new effective date and, where required by law, notify you of material changes.

12. Contact us

Questions or requests about this Privacy Policy can be sent to: