Last Updated: June 17, 2026
1. Information We Collect
We collect information to provide better services to all our users. The types of information we collect include:
- Restaurant Profile Information: Restaurant name, business address, phone number, VAT/GST number, custom currency, operating hours, and floor layouts.
- User & Staff Data: Full names, email addresses, encrypted passwords, roles (Super Admin, Restaurant Admin, Waiter, Kitchen Staff, Delivery Executive), and phone numbers.
- Customer Data: Guest names, email addresses, phone numbers, and address details stored during reservations, dine-in POS orders, or delivery checkout.
- Transactional & Payment Data: Subscription records, order histories, payment status, and invoices. Payment details are processed directly by our integrated PCI-DSS compliant third-party payment gateways (Stripe, Razorpay, Paypal, Tap, Mollie, Xendit, Flutterwave, Payfast, Paystack, Epay, Paddle); we do not store raw card credentials on our servers.
2. How We Use Your Information
We use the collected information for the following purposes:
- To initialize, maintain, and secure your restaurant account, POS terminal, and branch data.
- To manage reservations, floor tables, and kitchen order tickets (KOT) in real-time.
- To process subscriptions and verify restaurant license payments.
- To send notifications (such as Pusher/Beams order alerts or transactional emails) to users and staff.
- To perform platform analytics, prevent fraudulent activities, and comply with tax and bookkeeping regulations.
3. Data Isolation, Multi-Tenancy & Security
We employ strict multi-tenant software architecture to guarantee the privacy and isolation of your data:
- Isolation: Each restaurant's database records (including menu items, floor layouts, staff details, customer lists, and revenue logs) are strictly scoped and accessible only to verified accounts belonging to that specific restaurant tenant.
- Security: All communication between users and the server is encrypted using TLS (HTTPS). Sensitive session keys and API access tokens are rotated regularly. System headers implement clickjacking protection, strict content security policies (CSP), and session-injection controls.
4. Your Rights Under GDPR, CCPA, and DPDP
Depending on your jurisdiction, you have the following data protection rights:
- Access and Portability: The right to request copies of your restaurant and customer records in a portable Excel/CSV format.
- Rectification: The right to edit or correct invalid profile, staff, or customer data instantly from the dashboard.
- Erasure ("Right to be Forgotten"): The right to permanently delete your account, staff profiles, or customer history.
- Processing Limitations: The right to restrict or object to how we process metadata and usage logs.
To exercise any of these rights, please contact our Data Protection Officer at support@res-tau-rant.com.
5. Third-Party Services & Subprocessors
To deliver our POS and booking services, we integrate with secure third-party subprocessors. These platforms only access data to execute specified billing, notification, or mapping tasks:
- Payment Processing: Stripe, Razorpay, Paypal, Mollie, and Xendit.
- Real-Time Synchronization: Pusher and Beams notification services.
- Local Delivery Maps: Google Maps Platform.
6. Contact Details
If you have any questions or concerns regarding our Privacy Policy or data processing practices, please contact us at:
Res-tau-rent POS Support Team
Web Arion, Kolkata, West Bengal, India
Email: support@res-tau-rant.com