Skip to main content

Privacy Policy

Effective date: 1 April 2025 · Last updated: 25 April 2026

Restrofi ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform and related services.

1. Information We Collect

We collect information you provide directly — such as your name, email address, phone number, and restaurant details when you register for Restrofi. We also collect information about how you use the platform, including orders placed, menu interactions, and dashboard activity. Restrofi does not process customer food payments — customers pay at the counter using the restaurant's own payment methods. For Restrofi SaaS subscription billing, payments are processed by our billing partner; Restrofi does not store full card numbers.

2. How We Use Your Information

We use your information to: provide and improve our services; process orders and payments; send transactional communications (order confirmations, invoices); send service updates and product announcements (you may opt out); comply with legal obligations; and prevent fraud and abuse.

3. Data Sharing

We do not sell your personal data. We share data only with: service providers who process data on our behalf (cloud infrastructure, payment processors, email delivery); legal authorities when required by law; and successors in the event of a merger or acquisition (with appropriate notice).

4. Customer Data and Restaurant Guests

When your restaurant guests place orders via Restrofi, their data (name, phone, order history) is processed on your behalf. You are the data controller for your guests' data. You are responsible for your own privacy notices to guests. We process guest data only as instructed by you and as necessary to provide the service.

5. Cookies and Tracking

We use essential cookies to operate the service (session management, authentication). We use analytics cookies to understand usage patterns and improve the product. You can opt out of analytics cookies in your browser settings. We do not use advertising or third-party tracking cookies.

6. Data Retention

We retain your account data for as long as your account is active. Order and transaction data is retained for 7 years to comply with Indian tax regulations. You may request deletion of your personal data by contacting us; some data may be retained for legal compliance purposes.

7. Security

We use industry-standard security measures including TLS encryption in transit, encrypted storage for sensitive fields, and access controls. We perform regular security reviews. However, no system is completely secure; please use strong passwords and report any suspected security issues to [email protected].

8. Your Rights

Subject to applicable law, you have the right to: access the personal data we hold about you; correct inaccurate data; request deletion of your data; object to processing; and data portability. To exercise these rights, contact us at [email protected].

9. Children's Privacy

Restrofi is not directed at children under 18. We do not knowingly collect personal information from minors. If you believe we have inadvertently collected such data, please contact us immediately.

10. WhatsApp Business Integration

Restrofi provides a WhatsApp Business messaging integration that allows restaurants and food businesses (“Merchants”) to send order updates, delivery notifications, and other operational messages to their customers through their own WhatsApp Business Accounts.

What data we receive from Meta

When a Merchant connects their WhatsApp Business Account to Restrofi through Meta's Embedded Signup flow, we receive:

  • WhatsApp Business Account ID (WABA ID) and phone number ID
  • The connected phone number's display name and verified business name
  • Message delivery and read status for messages the Merchant sends through Restrofi
  • Inbound messages sent by the Merchant's customers to the Merchant's WhatsApp number, when those messages relate to a Restrofi-tracked conversation
  • Account quality ratings and messaging tier limits assigned by Meta

We refer to all such data collectively as “Platform Data.”

How we use Platform Data

Platform Data is used solely to operate the WhatsApp messaging service on behalf of the Merchant. Specifically:

  1. To send order confirmations, status updates, delivery notifications, payment reminders, and feedback requests from the Merchant's WhatsApp number to the Merchant's customers, triggered by events in the Merchant's Restrofi account.
  2. To display message status (sent, delivered, read, failed) in the Merchant's Restrofi dashboard.
  3. To route customer replies received via WhatsApp into the Merchant's conversation view alongside the relevant order or delivery.
  4. To monitor account health (quality rating, sending limits) and notify the Merchant of issues that may affect message deliverability.
  5. To compute usage for billing and to enforce per-tier message limits under our pricing terms.

What we do not do with Platform Data

We do not:

  • Use Platform Data for advertising or marketing purposes
  • Share, sell, or transfer Platform Data to third parties for their own use
  • Profile WhatsApp users (the Merchant's customers) for purposes outside the messaging service
  • Use Platform Data to train machine learning models
  • Retain Platform Data longer than operationally necessary

Data ownership and control

The Merchant retains full ownership of their WhatsApp Business Account at all times. Restrofi acts as a Tech Provider authorized by the Merchant under Meta's WhatsApp Business Platform Tech Provider program. The Merchant may disconnect their account at any time through their Restrofi dashboard, after which we cease access to Platform Data associated with their account.

Customer rights

Customers receiving WhatsApp messages from a Merchant via Restrofi may:

  • Reply STOP to opt out of further messages from that Merchant
  • Block the Merchant's WhatsApp number, which stops all messages immediately
  • Contact Restrofi at [email protected] to request information about data we hold related to a specific WhatsApp number, or to request deletion

We respond to such requests within 30 days, subject to verification of identity and the Merchant's data ownership.

Data retention

Message metadata (sender, recipient, timestamp, status) is retained for 24 months for billing reconciliation, dispute handling, and operational debugging. Message content is retained for 90 days. Platform Data relating to disconnected accounts is purged within 30 days of disconnection, except where required for billing reconciliation or legal compliance.

Sub-processors

We use Meta Platforms, Inc. (and its affiliates) as a sub-processor for all WhatsApp Business Cloud API operations. Messages and Platform Data flow through Meta's infrastructure. Meta's privacy practices are governed by their own privacy policy and the WhatsApp Business Solution Terms.

Compliance with WhatsApp Business Solution Terms

Restrofi operates within the bounds of Meta's WhatsApp Business Solution Terms and the WhatsApp Business Messaging Policy. Merchants using the integration agree to comply with these terms as a condition of use. We do not facilitate messaging that violates Meta's policies, including but not limited to: unsolicited marketing, illegal goods or services, deceptive content, or messaging without prior customer consent.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 30 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance.

12. Contact

For privacy-related queries or data requests, contact us at [email protected]. For general support, write to [email protected]. For legal matters, [email protected]. Restrofi is operated by Navtechy, based in India.