Privacy Policy

What We Collect

• Phone number (for order tracking, reservations, and loyalty programs)
• Name (for personalized service and reservation management)
• Email address (optional, for digital receipts and communications)
• Order history (for loyalty rewards, analytics, and service improvement)
• Payment information is processed securely by our payment partners (Razorpay / PhonePe) — we do not store card details, UPI PINs, or any sensitive financial data
• Table reservation details (date, time, party size, special requests)

Why We Collect It

• To process and deliver your food orders (dine-in and takeaway)
• To manage table reservations
• To provide loyalty rewards and personalized offers
• To send order status updates via WhatsApp or SMS
• To generate GST-compliant invoices and digital bills
• To improve our food quality, service, and menu offerings
• To comply with legal and regulatory requirements

Legal Basis for Processing

Under the DPDP Act 2023, we process your personal data based on:

• Consent: You provide your data voluntarily when placing orders, making reservations, or signing up for loyalty programs
• Legitimate Use: Processing necessary to fulfill your orders and provide our services
• Legal Obligation: Compliance with GST, FSSAI, and other regulatory requirements

How We Store and Protect Your Data

Your data is stored securely on encrypted cloud infrastructure with industry-standard security measures including:

• Encryption at rest and in transit (TLS 1.3)
• Row-level security ensuring tenant data isolation
• Access restricted to authorized restaurant staff only
• Regular security audits and vulnerability assessments
• Secure authentication with hashed credentials (bcrypt)

Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this policy:

• Order and billing data: retained as per GST regulations (minimum 6 years)
• Contact information: retained while you are an active customer
• Reservation data: retained for 90 days after the reservation date
• You may request earlier deletion of non-mandatory data by contacting the restaurant

Your Rights Under DPDP Act 2023

As a Data Principal, you have the right to:

• Access: Request a summary of your personal data we hold
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal retention requirements)
• Grievance Redressal: Lodge a complaint regarding data processing
• Withdraw Consent: Withdraw previously given consent at any time

Third-Party Services

We use the following third-party services that may process your data:

• Razorpay / PhonePe: Payment processing (governed by their respective privacy policies)
• WhatsApp (Meta): Order status notifications (governed by Meta's privacy policy)

We do not sell, rent, or share your personal data with any third party for marketing purposes.

Cookies and Tracking

Our website uses minimal, essential cookies for session management and cart functionality. We do not use tracking cookies or analytics that identify individual users.

Contact Us

For privacy-related queries, data access requests, or to exercise your rights under the DPDP Act, please contact us: