Privacy Policy
Last updated: July 1, 2026
QRDine ("we", "us", "our") respects your privacy and is committed to protecting personal data. This Privacy Policy explains what personal information we collect, how we use and share it, the choices you have, and how we safeguard it. It applies to our websites, mobile interfaces, APIs, and services (collectively, the "Service"). Where a restaurant ("Tenant") uses QRDine to interact with its guests or staff, the Tenant is the controller of that personal data and QRDine acts as a processor on the Tenant's behalf.
1. Information We Collect
Account information — name, email address, phone number, password hash, profile photo, role, restaurant name, business address.
Operational data — menu items, categories, prices, tables, QR codes, orders, order status, receipts, inventory levels, staff schedules, payroll, feedback, loyalty balances.
Guest data (submitted by Tenants or guests) — guest name, phone, order history, dietary preferences, feedback, loyalty membership.
Payment data — transaction identifiers, gateway references, amounts, currency, and status. Card numbers and full bank credentials are handled directly by our PCI-compliant payment processors; we do not store them.
Technical data — IP address, device type, browser, operating system, referrer, timestamps, session identifiers, error logs, and diagnostic telemetry.
Cookies & similar technologies — see our Cookie Policy.
2. How We Use Personal Data
3. Legal Bases
4. How We Share Personal Data
Service providers (subprocessors): Supabase (database, authentication, storage), Cloudflare (hosting, CDN, security), Resend (transactional email), WhatsApp Cloud API / Meta (messaging), Stripe, bKash, Nagad, ZiniPay, SSLCommerz (payment processing), OpenRouter / model providers (AI features), and analytics vendors — each under contractual data-processing terms.
Tenants: If you are a guest or staff member, your data is shared with the Tenant operating the restaurant.
Legal & safety: We may disclose data when required by law, subpoena, or to protect the rights, property, or safety of QRDine, our users, or the public.
Business transfers: In connection with a merger, acquisition, financing, or sale of assets, personal data may be transferred subject to standard confidentiality protections.
We do not sell personal data.
5. International Data Transfers
6. Data Retention
7. Security
8. Your Privacy Rights
9. Children
10. Automated Decisions
11. Marketing Preferences
12. Changes to This Policy
13. Contact Us
Security: security@qrdine.io
Postal address available on request.