Skip to main content

Privacy Policy

Effective date: 1 April 2025 · Last updated: 6 June 2026

Restrofi ("we", "our", "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform and related services.

1. Information We Collect

From restaurant owners and staff: your name, email, phone, password (stored only as a salted hash), and restaurant details at sign-up, plus how you use the dashboard. From your guests when they order through a Restrofi QR menu: name and phone number (used only to send order updates/alerts), the items ordered and order history, a device identifier and a hashed network address used to prevent fraud, and — where the guest's browser permits — approximate geolocation (latitude/longitude and accuracy). The location is used only to verify the order was placed at the table (an anti-fraud "geofence") and to compute a security/trust score for the order. Restrofi does not process customer food payments — guests pay using the restaurant's own methods. For Restrofi subscription billing, payments are processed by our billing partner; we never store full card numbers.

2. How We Use Your Information

We use your information to: provide and improve the service; process and verify orders; detect and prevent fraud and abuse (including the geolocation and device checks above); power RestroAI features (e.g. menu import, daily summaries, and the analytics assistant), which send the relevant menu or order text to our AI provider to generate your result; send transactional messages (order confirmations, invoices); send service updates and product announcements (you may opt out); and comply with legal obligations.

3. Data Sharing and Sub-processors

We do not sell your personal data. We share it only with the service providers ("sub-processors") that operate the platform on our behalf, and only for that purpose: Google LLC (Gemini AI for RestroAI features; Google Analytics; Google Maps and Business Profile import), Meta Platforms (WhatsApp Business messaging — see section 10), our payment partner Razorpay (subscription billing), and our transactional-email provider. Some of these providers are located outside India; we share data with them only under agreements that require appropriate safeguards. We also disclose data to legal authorities when required by law, and to a successor in a merger or acquisition (with notice).

4. Customer Data and Restaurant Guests

When your restaurant guests place orders via Restrofi, their data (name, phone, order history, and the fraud-prevention signals above) is processed on your behalf — you are the data controller for your guests' data and are responsible for your own notices to them. Restrofi provides the tools (in-menu notices and a guest data-request flow) to help you meet that responsibility, and processes guest data only as needed to provide the service.

5. Cookies and Analytics

We use essential cookies to operate the service (session management, authentication). To understand usage and improve the product we use Google Analytics, which sets analytics cookies. We do not use session-recording tools, and we do not use advertising or cross-site tracking cookies. You can block analytics cookies through your browser settings.

6. Data Retention

We keep account data while your account is active, and we follow a defined retention schedule. Order and invoice data is retained for 7 years to meet Indian GST and tax rules. Inactive customer records — a guest with no order or activity for 24 months — are automatically anonymized: the guest's name, phone, and email are scrubbed while the underlying order/invoice records (without identifying personal details) are kept for the 7-year tax window. Precise location is not retained at all: any geolocation we use for the order is coarsened to roughly 110 metres before it is stored. Short-lived data is purged automatically: dining sessions and one-time passcodes expire and are deleted within hours. WhatsApp data follows the schedule in section 10. After account cancellation we retain data for 30 days (so you can export it) before deletion, except where law requires longer. You can request deletion of your personal data at any time as described in section 8.

6a. Data Minimization

We collect and retain only what we need. We never store precise GPS coordinates: location captured to verify an order (our anti-fraud "geofence") is checked at full precision in the moment and then coarsened to about 110 metres before it is persisted, so a stored point cannot pinpoint a guest. Device and network identifiers are stored only as one-way hashes. Personal details on inactive customer records are anonymized on the schedule in section 6.

7. Security

We use industry-standard safeguards: TLS encryption in transit; passwords, one-time passcodes, reset tokens, and network/device identifiers stored only as hashes; encrypted storage for sensitive fields; and access controls. We log and review security events. No system is perfectly secure — please use a strong password and report suspected issues to [email protected]. If a personal-data breach occurs, we will act per section 12.

8. Your Rights

Subject to applicable law (including India's DPDP Act), you may: access the personal data we hold about you; correct inaccurate data; request erasure of your data; withdraw a consent you previously gave (as easily as you gave it); nominate another person to exercise your rights; and request portability. Restaurant owners and staff can export and delete their account from the dashboard or by emailing [email protected]. Restaurant guests can raise an access or deletion request for their own data, verified by a one-time passcode to their phone. To exercise any right or raise a grievance, contact our Grievance Officer (section 11).

9. Children's Privacy & Age

Restrofi is not directed at children under 18 and we do not knowingly collect their personal data without verifiable parental consent. If you believe a minor's data has been collected, contact us and we will delete it. Where a venue serves alcohol, the ordering flow asks the guest to confirm they are 18 or older before an order can be placed; the legal responsibility for verifying age and serving alcohol rests with the restaurant.

10. WhatsApp Business Integration

Restrofi provides a WhatsApp Business messaging integration that allows restaurants and food businesses (“Merchants”) to send order updates, delivery notifications, and other operational messages to their customers through their own WhatsApp Business Accounts.

What data we receive from Meta

When a Merchant connects their WhatsApp Business Account to Restrofi through Meta's Embedded Signup flow, we receive:

  • WhatsApp Business Account ID (WABA ID) and phone number ID
  • The connected phone number's display name and verified business name
  • Message delivery and read status for messages the Merchant sends through Restrofi
  • Inbound messages sent by the Merchant's customers to the Merchant's WhatsApp number, when those messages relate to a Restrofi-tracked conversation
  • Account quality ratings and messaging tier limits assigned by Meta

We refer to all such data collectively as “Platform Data.”

How we use Platform Data

Platform Data is used solely to operate the WhatsApp messaging service on behalf of the Merchant. Specifically:

  1. To send order confirmations, status updates, delivery notifications, payment reminders, and feedback requests from the Merchant's WhatsApp number to the Merchant's customers, triggered by events in the Merchant's Restrofi account.
  2. To display message status (sent, delivered, read, failed) in the Merchant's Restrofi dashboard.
  3. To route customer replies received via WhatsApp into the Merchant's conversation view alongside the relevant order or delivery.
  4. To monitor account health (quality rating, sending limits) and notify the Merchant of issues that may affect message deliverability.
  5. To compute usage for billing and to enforce per-tier message limits under our pricing terms.

What we do not do with Platform Data

We do not:

  • Use Platform Data for advertising or marketing purposes
  • Share, sell, or transfer Platform Data to third parties for their own use
  • Profile WhatsApp users (the Merchant's customers) for purposes outside the messaging service
  • Use Platform Data to train machine learning models
  • Retain Platform Data longer than operationally necessary

Data ownership and control

The Merchant retains full ownership of their WhatsApp Business Account at all times. Restrofi acts as a Tech Provider authorized by the Merchant under Meta's WhatsApp Business Platform Tech Provider program. The Merchant may disconnect their account at any time through their Restrofi dashboard, after which we cease access to Platform Data associated with their account.

Customer rights

Customers receiving WhatsApp messages from a Merchant via Restrofi may:

  • Reply STOP to opt out of further messages from that Merchant
  • Block the Merchant's WhatsApp number, which stops all messages immediately
  • Contact Restrofi at [email protected] to request information about data we hold related to a specific WhatsApp number, or to request deletion

We respond to such requests within 30 days, subject to verification of identity and the Merchant's data ownership.

Data retention

Message metadata (sender, recipient, timestamp, status) is retained for 24 months for billing reconciliation, dispute handling, and operational debugging. Message content is retained for 90 days. Platform Data relating to disconnected accounts is purged within 30 days of disconnection, except where required for billing reconciliation or legal compliance.

Sub-processors

We use Meta Platforms, Inc. (and its affiliates) as a sub-processor for all WhatsApp Business Cloud API operations. Messages and Platform Data flow through Meta's infrastructure. Meta's privacy practices are governed by their own privacy policy and the WhatsApp Business Solution Terms.

Compliance with WhatsApp Business Solution Terms

Restrofi operates within the bounds of Meta's WhatsApp Business Solution Terms and the WhatsApp Business Messaging Policy. Merchants using the integration agree to comply with these terms as a condition of use. We do not facilitate messaging that violates Meta's policies, including but not limited to: unsolicited marketing, illegal goods or services, deceptive content, or messaging without prior customer consent.

11. Grievance Officer & Exercising Your Rights

The Grievance Officer is our Grievance Officer for data-protection matters. To exercise any right in section 8, or to complain about how we handle your data, email [email protected] (or [email protected]). We acknowledge requests promptly and resolve grievances within 90 days, after verifying your identity. Restrofi is operated by Navtechy Labs, Bangalore, Karnataka, India.

12. Data Breach Notification

If a personal-data breach occurs that is likely to affect you, we will notify the relevant authority and the affected individuals without undue delay, with the information required by law, and take prompt steps to contain and remediate the incident.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 30 days before the change takes effect. Continued use of the service after the effective date constitutes acceptance.

14. Contact

For privacy-related queries or data requests, contact us at [email protected]. For general support, write to [email protected]. For legal matters, [email protected]. Restrofi is operated by Navtechy Labs, Bangalore, Karnataka, India.

RestroLegal · Compliance add-on

FSSAI, GST, Swiggy/Zomato contracts & POSH — handled.

Restrofi's legal & compliance add-on for Indian restaurants. Licence renewals tracked, GST notices answered, aggregator and vendor agreements reviewed by experts.

  • FSSAI & licence renewals
  • Contract & POSH review
  • GST notice replies
Explore RestroLegal