Privacy Policy

1. Information We Collect

1.1 Information You Provide

When you create an OpenDine account or use our platform, you provide us with:

Account Information: Name, email address, phone number, and business details when you sign up.
Restaurant Profile: Restaurant name, address, logo, branding assets, outlet details, and configuration settings.
Staff & Personnel Data: Staff names, roles, contact details, shift schedules, and payroll information you enter into the system.
Customer Data: Customer names, phone numbers, addresses, and loyalty points — collected only when you explicitly add them to the system.
Financial Data: Order records, purchase invoices, expense entries, payroll records, and financial reports generated within the platform.
Menu & Inventory Data: Menu items, recipes, ingredient lists, supplier information, and stock levels.

1.2 Information Collected Automatically

When you use OpenDine, our servers automatically collect:

Usage Data: Pages visited, features used, time spent, click patterns, and device information.
Technical Data: IP address, browser type, operating system, device identifiers, and referring URLs.
Performance Data: API response times, error logs, crash reports, and application performance metrics.

1.3 Information from Third Parties

We may receive information from:

Authentication providers (e.g., Google, Apple, or other integrated identity providers) when you sign in via SSO.
Payment processors if you link payment features to OpenDine.
Publicly available business registries if you verify your restaurant identity.

2. How We Use Your Data

We use collected information to:

Provide the Service: Power the KOT system, order management, inventory tracking, finance reporting, and all core platform features.
Account Management: Create and maintain your account, authenticate you, send transactional emails (password resets, order notifications, shift alerts).
Improvements: Analyze usage patterns to improve features, fix bugs, and develop new capabilities. Aggregate, anonymized data may be used for product research.
Communications: Send you product updates, feature announcements, security notices, and relevant marketing (only with your consent). You can opt out at any time.
Legal Compliance: Maintain records as required by applicable tax, accounting, and regulatory laws.
AI Features: Power the AI procurement copilot — weather and event data may be passed to our AI inference layer to generate recommendations. No personal customer data is used for AI training.

⚠️ Important: OpenDine does not sell, trade, or rent your restaurant's operational data to third parties. Ever. Your data is used exclusively to power your restaurant's operations and our improvements to the service.

3. Data Storage & Security

Your data is stored on secure PostgreSQL database infrastructure hosted on Google Cloud Platform, with data centers primarily in Asia-Pacific (Mumbai region). Enterprise customers may request specific regional storage.

Security Measures

Encryption at rest: All data is encrypted at rest using AES-256 encryption.
Encryption in transit: All data transmitted to and from OpenDine uses TLS 1.2+ with strong cipher suites.
Row-level security: Database access is partitioned by tenant_id — your data is never accessible to other OpenDine customers.
Access controls: Role-based access control (RBAC) with principle of least privilege. API keys and database credentials are rotated regularly.
Audit logging: All admin-level access and data export events are logged with timestamps and actor identifiers.
Penetration testing: Annual third-party security audits and penetration testing.

Third-Party Sub-Processors

We use the following sub-processors:

Database and Auth Services: Managed PostgreSQL database, user authentication, and file storage services — compliant with international security standards
Google Cloud Platform: Hosting infrastructure — cloud.google.com/privacy
OpenAI (AI inference): AI procurement recommendations only — no training on customer data — openai.com/privacy

4. Data Sharing

OpenDine shares your data only in these specific circumstances:

With your permission: If you connect third-party integrations (e.g., accounting software, delivery platforms), data is shared only for those integrations.
Service providers: Trusted vendors who help us operate OpenDine (hosting, analytics, email delivery) — bound by strict data processing agreements.
Legal obligations: When required by law, court order, or to prevent fraud/abuse — we will notify you where legally permitted.
Business transfers: If OpenDine is acquired or merged, your data may transfer under the same privacy protections.

We do not sell personal data. We do not share customer data with AI training pipelines.

5. Cookies & Tracking

OpenDine uses cookies and similar technologies:

Necessary cookies: Required for authentication, session management, and security. These cannot be disabled without affecting platform functionality.
Preference cookies: Remember your theme, language, and display settings.
Analytics cookies: Anonymous, aggregated usage statistics to improve the product. We use privacy-first analytics that don't track individuals across sites.
Marketing cookies: Only set if you explicitly consent to marketing communications.

You can manage cookies through your browser settings. Disabling analytics cookies will not affect platform functionality.

6. Your Rights

Depending on your jurisdiction, you have the right to:

Access: Request a copy of all personal data we hold about you or your restaurant.
Correction: Update or correct inaccurate personal data through your account settings or by contacting us.
Deletion: Request deletion of your account and associated data. We will process deletion requests within 30 days.
Portability: Request your data in a machine-readable format (JSON/CSV).
Restrict processing: Request that we limit how we use your data in certain circumstances.
Object: Object to processing based on legitimate interests.
Withdraw consent: Withdraw consent for marketing communications at any time via the unsubscribe link in emails.

To exercise any rights, email privacy@opendine.com. We respond to all requests within 30 days.

7. Data Retention

We retain your data for as long as your account is active and as needed for the purposes described in this policy:

Account data: Retained until you delete your account, plus 90 days for recovery purposes.
Operational data (orders, inventory): Retained for 5 years for tax and accounting compliance.
Customer records: Retained as long as you maintain them in the system; deleted within 30 days of your deletion request.
Analytics data: Aggregated, anonymized analytics are retained indefinitely for product improvement.

After account closure, data is retained for 30 days before permanent deletion, unless a longer period is required by law.

8. Children's Data

OpenDine is not intended for use by individuals under 18 years of age. We do not knowingly collect personal data from children. If we discover that a child has provided us with personal data, we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes:

We will notify you via email to the address associated with your account.
We will update the "Last updated" date at the top of this page.
For significant changes, we will provide 30 days' notice before the new policy takes effect.

10. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

Email: privacy@opendine.com
Address: OpenDine Technologies Pvt. Ltd., 42 Tech Park Road, Bangalore, Karnataka 560001, India
Data Protection Officer: Available at dpo@opendine.com