Privacy Policy

Introduction

Restro OS (“we”, “us”, or “our”) is a Software-as-a-Service (SaaS) platform built specifically for the restaurant industry. We provide digital tools for menu management, order processing, table management, QR ordering, staff coordination, and business analytics — helping restaurants of every size operate more efficiently and serve their guests better.

This Privacy Policy governs how we collect, use, store, share, and protect your personal information when you access our website at restroos.com or use any feature of the Restro OS platform. It also explains your rights regarding your data and how you can exercise them. We are deeply committed to your privacy. We handle all information entrusted to us with care, transparency, and respect — because the trust of our restaurant partners and their customers is central to everything we do.

By creating an account or using Restro OS in any capacity, you acknowledge that you have read and understood this policy. If you do not agree with any part of it, please discontinue use of our services and contact us for assistance.

Information We Collect

We collect several categories of information to deliver and continuously improve our platform. The information we collect depends on how you use Restro OS.

Account & Registration Information

When you register for Restro OS, we collect your full name, email address, phone number, restaurant name, business address, cuisine type, and GST or business registration number (where applicable). This information is required to create and manage your account and to customise the platform for your specific restaurant setup.

Usage Data

As you navigate the platform, we automatically collect information about how you interact with it — including pages and features visited, buttons clicked, session duration, navigation paths, and error events. This data helps us identify pain points, prioritise feature development, and ensure a smooth user experience for all restaurant operators.

Payment Information

Subscription payments are processed securely through our payment partners — Razorpay and Stripe. We do not store your credit or debit card numbers, CVV codes, or full bank account details on our servers at any time. We only retain transaction identifiers, billing amounts, payment dates, and invoice references needed for accounting and support purposes.

Restaurant Operational Data

All data you create within the platform — including your menu items and pricing, order records, customer names and contact information you add, table configurations, staff profiles, and inventory entries — is your data. We store it on your behalf to power the platform's features. This data belongs to you, not to us.

Device & Technical Information

We collect IP addresses, browser type and version, operating system, screen resolution, referring URLs, and device identifiers. This information is used for security monitoring, fraud detection, and platform compatibility optimisation.

How We Use Your Information

We use the information we collect solely for legitimate business purposes that are necessary to operate Restro OS and serve you effectively:

• Providing our services: To set up your restaurant dashboard, manage your subscription, and ensure every feature of the platform functions correctly for your team and your guests.
• Processing payments & invoices: To charge subscription fees, generate GST-compliant invoices, handle refunds, and maintain accurate billing records in compliance with Indian financial regulations.
• Customer support & troubleshooting: To diagnose technical issues, respond to support tickets, and resolve billing or account disputes efficiently. Our support team accesses account data strictly on a need-to-know basis.
• Product updates & announcements: To inform you of new features, platform improvements, maintenance windows, and important policy changes via email. You may opt out of non-essential communications at any time.
• Analytics & platform improvement: To analyse aggregate usage patterns, identify performance bottlenecks, and prioritise our product roadmap. Analytics are processed on aggregated, anonymised data wherever possible.
• Legal & regulatory compliance: To comply with applicable laws including the IT Act 2000, GST regulations, and applicable data protection frameworks. We may retain certain records as required by law even after account closure.

Data Sharing and Disclosure

We never sell your personal data. We do not trade, rent, or exchange your information with advertisers or any third-party commercial entities for their own use. We share data only in the following strictly limited circumstances:

• Payment processors (Razorpay, Stripe): Billing and transaction data is shared with our payment partners solely to process your subscription payments. Both are PCI-DSS certified processors.
• Email delivery providers: We use transactional email services to send invoices, password reset links, and platform notifications. These providers process your email address on our behalf and are contractually prohibited from using it for any other purpose.
• Analytics tools (Google Analytics): Anonymised usage data is shared with analytics platforms to help us understand platform performance. No personally identifiable information is included in these reports.
• Legal requirements: We may disclose information if required to do so by law, court order, or a government authority, or when we believe in good faith that such disclosure is necessary to protect our rights or the safety of users.

Data Security

We implement a comprehensive, layered security programme to protect your information against unauthorised access, alteration, disclosure, or destruction. Our security measures include:

• AES-256 encryption for all data stored in our databases, ensuring that sensitive records are unreadable even in the event of a breach.
• SSL/TLS encryption for all data transmitted between your browser or app and our servers, protecting information in transit.
• Regular automated backups stored in geographically separate locations, ensuring business continuity and data recovery capability in the event of infrastructure failure.
• Strict access controls — internal team members can access user data only where operationally necessary, governed by role-based permissions and audit logging.
• GDPR-aligned practices including data minimisation, purpose limitation, and the right to erasure, even for users outside the European Union, as a global baseline standard.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to use the best available protections, we cannot guarantee absolute security. We will notify affected users promptly in the event of any data breach.

Your Rights

You have meaningful rights over your personal data. We respect and honour these rights regardless of your location:

• Right of Access: You may request a complete copy of all personal data we hold about you in a readable format at any time.
• Right to Correction: If any information we hold is inaccurate or outdated, you may request that we correct it. Most account data can be updated directly from your dashboard settings.
• Right to Deletion (“Right to be Forgotten”): You may request deletion of your personal data. Upon account closure, we will delete or anonymise your data within 60 days, except where retention is required by law (e.g. tax records).
• Data Portability: You may request an export of your restaurant data — including menu items, order history, and customer records — in CSV or JSON format.
• Opt-out of Marketing: You may unsubscribe from non-essential marketing emails at any time using the unsubscribe link included in every email, or by contacting us directly.

To exercise any of these rights, contact us at privacy@restroos.com. We will respond within 30 days of receiving your request.

Cookies Policy

We use cookies and similar tracking technologies to enhance your experience on the Restro OS platform. Cookies are small text files stored in your browser that allow us to recognise returning users and remember preferences.

We use the following types of cookies:

• Essential cookies: Required for the platform to function. These handle authentication sessions, security tokens, and core platform state. These cannot be disabled without impairing platform functionality.
• Preference cookies: Store your language, theme, and dashboard layout preferences between sessions.
• Analytics cookies: Used by Google Analytics to collect anonymised usage data that helps us improve the platform.

You can configure your browser to reject all cookies, alert you before a cookie is set, or delete existing cookies. Visit your browser's settings menu for these controls. Disabling non-essential cookies will not significantly impact your experience, but disabling essential cookies may prevent you from logging in.

Third-Party Links

Our platform may contain links to external websites, integrations, or partner services. These third-party services operate under their own independent privacy policies and terms. Restro OS is not responsible for the privacy practices, content, or security of any third-party websites. We encourage you to review the privacy policy of any external service before sharing personal information with them.

Children's Privacy

Restro OS is a professional business management platform intended solely for adults. Our services are not directed to, designed for, or intended to be used by individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently received data from a minor, we will delete that information promptly. If you believe a minor has provided us with information, please contact us at privacy@restroos.com immediately.

Changes to This Policy

We may update this Privacy Policy from time to time as our platform evolves, as legal requirements change, or as we introduce new features. When we make material changes, we will notify you via email and display a prominent notice on the platform dashboard at least 14 days before the changes take effect. The “Last Updated” date at the top of this page always reflects the most recent revision. Continued use of Restro OS after changes take effect constitutes your acceptance of the revised policy. We encourage you to review this page periodically.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data handling practices, our privacy team is here to help. We take all privacy inquiries seriously and commit to responding within 30 business days.