RestaurantOS
Loading...
Legal Agreements

Privacy Policy

Last Updated: July 2, 2026 • Compliant with Digital Personal Data Protection (DPDP) Act, 2023

1. DPDP Act, 2023 Compliance Overview

Under the Digital Personal Data Protection (DPDP) Act, 2023, RestaurantOS acts as both a Data Fiduciary (for registration details of restaurant owners) and a Data Processor (for order histories, customer details, and employee profiles processed on behalf of restaurant tenants).

We process personal data strictly on the grounds of clear, specific, unconditional, and unambiguous consent. By accepting our Terms and Policy, you consent to the processing of personal data necessary for setting up your restaurant digital workspaces, billing customer menus, and generating operational analytics.

2. Data We Collect & Specific Purpose

We limit data collection to the minimum required to provide our restaurant operations features. This includes:

  • Restaurant Tenant Data: Restaurant Name, Owner Name, Business Email Address, Business Location, Contact details. Used for workspace deployment and tax billing.
  • Staff Information: Name, Email, and role assignments (Manager, Waiter, Chef). Processed to assign operational permissions within the tenant workspace.
  • End-Customer Ordering Data: Customer name, Mobile Number (optional for receipt delivery/billing), Table sessions, and Order detail logs. Processed solely to route orders to the kitchen KDS and verify transaction completions.

3. Consent Manager & Rights of Data Principal

Under Section 6 of the DPDP Act, you (as the Data Principal) have the right to withdraw your consent at any time. Withdrawal of consent can be requested by emailing us at restaurantos@navneettechlabs.com (cc: official@navneettechlabs.com).

You also have the:

  • Right to access summaries of personal data processed by us.
  • Right to correction, completion, and updating of your data.
  • Right to nominate another individual to act on your behalf in case of death or incapacity.

4. Data Processors & Localization

We do not sell, rent, or trade personal data to third parties. Data is shared only with verified sub-processors necessary to run the platform (e.g., Razorpay for payment routing, Cloudinary for menu image hosting, and Ably for real-time kitchen display syncing).

Data Localization Guard:

All relational database records, transaction logs, and user backups are hosted securely on Tier-III data centers located in the Mumbai, India Region (AWS/Azure/GCP) to ensure absolute compliance with local regulations.

5. Data Retention Limits

We retain personal data only for as long as necessary to fulfill the operational business purposes defined in Section 2.

If a restaurant subscription is cancelled or terminated, we will retain tenant transaction logs for a maximum period of 30 days. After this grace period, all tables, staff files, categories, menu dishes, and customer databases will be wiped permanently from our MongoDB servers, except where retention is legally mandated for tax audit logs (GST logs).

6. Data Breach Notification

In the event of a personal data breach or cyber attack, Section 8 of the DPDP Act mandates that we notify both the Data Protection Board of India (DPBI) and the affected users immediately. We have active security monitoring protocols, encryption-at-rest, and role-based access tokens to prevent unauthorized leakage.

7. Right to Erasure ("Right to be Forgotten")

As a restaurant owner, you can trigger a full account deletion directly. This executes a complete DB wipe in parallel, deleting: user logins, staff profiles, tables, sessions, menu dishes, orders, reviews, website builders, and configuration models. You can also request erasure of specific customer details by contacting restaurantos@navneettechlabs.com.

8. Grievance Redressal Mechanism

In accordance with the DPDP Act, 2023, we have appointed a Grievance Officer. If you have any complaints regarding data processing, consent withdrawal, or privacy breaches, please reach out directly:

Designated Data Grievance Officer

Officer Name: Grievance Officer, Data Protection Unit

Jurisdiction: Indore, Madhya Pradesh, India

Email: restaurantos@navneettechlabs.com (cc: official@navneettechlabs.com)