Privacy Policy

Hrestro ("we", "us", or "our") is a digital restaurant management platform built and operated by its founding team based in Delhi/Chandigarh, India. We are committed to protecting the privacy of restaurant owners, administrators, and their customers who interact with our services.

This Privacy Policy explains what data we collect, how we use it, who we share it with, and what rights you have over your information when you use the Hrestro platform — including our admin dashboard, QR menu system, and ordering features.

We collect the following categories of information:

• Restaurant Registration Data: Name of the restaurant, outlet code, FSSAI license number, address, phone number, email address, logo, and plan details provided during onboarding.
• Admin Account Data: Email address and hashed password for restaurant administrator accounts. We never store passwords in plain text.
• Menu Content: Food item names, descriptions, prices, categories, images (stored via Cloudinary), dietary tags (veg/non-veg/egg), and availability status uploaded by restaurant owners.
• Customer Order Data: Customer name, mobile number, table number, selected items, customisations (add-ons), special instructions, order status, and payment-related metadata — collected on behalf of the restaurant for order fulfilment.
• Usage Analytics: Page views, session information, device type, browser, and IP address collected automatically to improve our service quality.
• Images: Images uploaded to Hrestro (e.g., restaurant logos, food photos) are stored on Cloudinary and associated with your restaurant account.

We use collected information to:

• Create and manage restaurant accounts, QR menus, and digital ordering experiences.
• Process and display customer orders to restaurant administrators in real time.
• Calculate and present revenue analytics, cancellation reports, and order trends in the admin dashboard.
• Deliver platform-related communications such as account verification, password resets, and important service updates.
• Detect and prevent fraudulent use, security breaches, and abuse of our platform.
• Improve our features, fix bugs, and understand how restaurants use Hrestro to build better product experiences.

We do not use customer order data for advertising, profiling, or any purpose unrelated to operating the Hrestro service.

We do not sell your personal information. We may share data only in the following limited circumstances:

• Cloudinary: Food and logo images are stored via Cloudinary (a third-party media management service). Images are subject to Cloudinary's own privacy policy.
• MongoDB Atlas: All structured data (restaurant profiles, menus, orders) is stored on MongoDB Atlas servers. Data is processed under applicable data agreements.
• Legal Compliance: We may disclose information when required to do so by applicable law, court order, or governmental authority in India.
• Business Transfers: In the unlikely event of a merger, acquisition, or asset sale, user data may be transferred. We will notify registered restaurant owners in advance.

We use industry-standard security practices including hashed passwords (bcrypt), JWT authentication with expiry, HTTPS-only data transmission, and role-based access control across all admin routes. While we take every reasonable precaution to protect your data, no system is 100% immune to breaches. We strongly recommend restaurant owners use strong, unique passwords and keep their access tokens secure.

We retain restaurant data (menus, profiles, orders) for as long as your account remains active. Customer order data is retained to support analytics and fulfilment history. If you close your account or request deletion, we will remove your data within 30 days, except where retention is required for legal or regulatory reasons.

To request deletion of your account and associated data, please email us at hrestro.official@gmail.com.

As a restaurant owner or administrator on Hrestro, you have the right to:

• Access the data we hold about your restaurant and account.
• Correct inaccurate profile, menu, or contact information via your admin dashboard.
• Delete your account and request erasure of your data.
• Withdraw consent for any optional data processing we may conduct.

Customer privacy — including protection of order-related personal details — is the restaurant's responsibility, as Hrestro processes that data on your behalf.

Hrestro is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from minors. If you believe a minor has submitted information through our platform, please contact us immediately and we will remove it promptly.

We may revise this Privacy Policy from time to time to reflect changes in our product, applicable laws, or best practices. The updated date will be displayed at the top of this page. Continued use of Hrestro after changes take effect constitutes your acceptance of the revised policy. For material changes, we will notify registered restaurant owners via email.

If you have any questions, concerns, or data-related requests regarding this Privacy Policy, please reach out to us at: hrestro.official@gmail.com. We aim to respond to all privacy inquiries within 5 business days.