Privacy Policy

Last Updated: January 24, 2026

Introduction

At Restrofi, we are committed to protecting the privacy and security of all data collected through our restaurant management platform. This Privacy Policy explains how we collect, use, store, and protect customer data when you use our services as a cafe owner.

By using Restrofi, you agree to comply with this Privacy Policy and ensure that customer data is handled in accordance with applicable data protection laws and regulations.

1. Data Collection

Customer Data Collected

When customers place orders through your cafe's QR code system, the following information may be collected:

  • Customer name (from Google authentication)
  • Email address (from Google authentication)
  • Profile picture (if provided by Google)
  • Order history and preferences
  • Table number and location data
  • Payment information (processed securely through third-party payment gateways)
  • Ratings and feedback provided by customers

Important Notice

As a cafe owner, you are responsible for ensuring that customer data is collected and used only for legitimate business purposes related to order processing and customer service.

2. Fair Data Usage Principles

Restrofi is committed to fair and ethical data usage. As a cafe owner using our platform, you agree to the following principles:

2.1 Purpose Limitation

Customer data shall only be used for the following legitimate purposes:

  • Processing and fulfilling customer orders
  • Providing customer support and service
  • Improving menu offerings based on customer preferences
  • Generating invoices and receipts
  • Analytics and reporting for business operations

2.2 Prohibited Uses

Customer data must NOT be used for:

  • Unsolicited marketing communications without explicit consent
  • Sharing with third parties without customer consent (except as required by law)
  • Discriminatory practices or profiling
  • Any purpose unrelated to restaurant operations
  • Sale or monetization of customer data

2.3 Data Minimization

Only collect and retain customer data that is necessary for the stated purposes. Regularly review and delete data that is no longer needed for business operations or legal compliance.

2.4 Transparency

Customers should be informed about what data is collected and how it is used. This information should be easily accessible through your cafe's ordering interface or website.

3. Data Security

Restrofi implements industry-standard security measures to protect customer data:

  • Encryption of data in transit using SSL/TLS protocols
  • Secure storage of sensitive information with encryption at rest
  • Regular security audits and vulnerability assessments
  • Access controls and authentication mechanisms
  • Secure payment processing through certified payment gateways

Your Responsibility: As a cafe owner, you must maintain the security of your account credentials and ensure that only authorized personnel have access to customer data through your Restrofi account.

4. Data Retention

Customer data will be retained only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required by law. Specifically:

  • Order data: Retained for accounting and business analysis purposes, typically up to 7 years as per tax regulations
  • Customer profiles: Retained while the customer remains active, or until account deletion is requested
  • Payment information: Not stored by Restrofi; processed securely through third-party payment processors

5. Customer Rights

Customers have the following rights regarding their personal data:

  • Right to Access: Customers can request access to their personal data
  • Right to Rectification: Customers can request correction of inaccurate data
  • Right to Erasure: Customers can request deletion of their data
  • Right to Data Portability: Customers can request their data in a portable format
  • Right to Object: Customers can object to certain processing activities

Your Obligation: As a cafe owner, you must honor customer requests regarding their data rights and assist Restrofi in fulfilling these requests promptly.

6. Third-Party Services

Restrofi may use third-party services for various functions, including:

  • Payment processing (stripe, razorpay, etc.)
  • Email services for notifications
  • Cloud hosting and storage
  • Analytics and monitoring tools

These third-party services are bound by their own privacy policies and data protection standards. Restrofi ensures that all third-party service providers comply with applicable data protection regulations.

7. Legal Compliance

Restrofi is designed to comply with applicable data protection laws, including but not limited to:

  • General Data Protection Regulation (GDPR) for EU customers
  • Personal Data Protection Bill (India)
  • Other applicable regional data protection laws

As a cafe owner, you are responsible for ensuring compliance with local data protection laws in your jurisdiction. Restrofi provides tools and features to help you maintain compliance, but ultimate responsibility lies with you.

8. Changes to This Policy

Restrofi reserves the right to update this Privacy Policy from time to time. Significant changes will be communicated to cafe owners via email or through the platform. Continued use of Restrofi after changes constitutes acceptance of the updated policy.

9. Contact Us

If you have questions or concerns about this Privacy Policy or how customer data is handled, please contact us:

Email: privacy@restrofi.com

Support: support@restrofi.com

By using Restrofi, you acknowledge that you have read and understood this Privacy Policy and agree to handle customer data in accordance with its terms.