Privacy Policy

1. Who We Are

SmartTable Technologies ("SmartTable", "we", "us", "our") operates the SmartTable restaurant management platform at smarttable.space. We provide software-as-a-service (SaaS) tools to restaurant businesses including QR-code ordering, kitchen display systems, analytics, GST reporting, and staff management.

Contact: supportsmarttable@gmail.com · WhatsApp: +91 83200 85289

2. What Data We Collect

From Restaurant Partners (business users):

• Business name, email address, phone number
• GST number and business registration details
• Payment details for subscription billing (processed via Razorpay we do not store card numbers)
• Menu items, pricing, and outlet information
• Staff details (names, roles, attendance records)
• Order and sales data

From Customers (restaurant diners):

• Table number (from QR code scan)
• Optional: name provided when placing an order
• Order items and preferences
• Location data (only when placing an order, to verify proximity to the restaurant not stored)

Automatically collected:

• IP address (for security and rate limiting)
• Browser type and device information
• Usage logs (page visits, API calls no personal content)

3. How We Use Your Data

• To provide and operate the SmartTable platform
• To process subscription payments via Razorpay Payment Gateway
• To generate GST reports and analytics for Restaurant Partners
• To send subscription renewal reminders and service notifications
• To improve our services and fix technical issues
• To prevent fraud and ensure platform security
• To comply with applicable Indian laws and regulations (IT Act 2000, GST Act)

4. We Do Not Sell Your Data

SmartTable does not sell, rent, or trade your personal data to any third party for marketing purposes.

We share data only with the following service providers, strictly for operating the platform:

• Razorpay Payments India Pvt. Ltd. for processing subscription payments. Razorpay is PCI-DSS compliant. We do not store card or UPI details.
• Supabase / AWS (Asia Pacific region) for secure database hosting.
• DeepSeek AI for AI-powered analytics features. Unlimited usage enabled for all restaurants.
• Cloudflare for CDN, DDoS protection, and tunnel services.

5. Payment Processing (Razorpay)

Subscription payments are processed by Razorpay Payments India Pvt. Ltd., a licensed payment aggregator regulated by the Reserve Bank of India (RBI).

• SmartTable does not store credit/debit card numbers or UPI IDs
• All payment data is handled directly by Razorpay on their PCI-DSS certified infrastructure
• Razorpay's privacy policy: razorpay.com/privacy
• Payment receipts and transaction IDs are stored for GST compliance and audit purposes

6. Data Security

We implement industry-standard security measures:

• HTTPS/TLS encryption for all data in transit
• bcrypt password hashing (12 rounds) passwords are never stored in plain text
• JWT-based authentication with short-lived access tokens
• Role-based access control (RBAC) staff can only access their own outlet's data
• Audit logs for all sensitive operations
• No database credentials stored on restaurant PCs only scoped API tokens
• Rate limiting and brute-force protection on all authentication endpoints

7. Data Retention

• Order and payment records: 60 days in active storage, then aggregated into analytics
• Audit logs: 60 days
• Notifications: 7 days
• Restaurant and user accounts: retained while subscription is active + 30 days after termination
• Aggregated analytics (no personal data): retained indefinitely for business reporting

8. Restaurant Partner Responsibilities

Restaurant Partners who use SmartTable agree to:

• Keep their login credentials confidential and not share them with unauthorised persons
• Not share the SmartTable desktop application (.exe) with third parties
• Not attempt to extract, reverse-engineer, or redistribute SmartTable software
• Not share API tokens, sync credentials, or any SmartTable system credentials
• Inform SmartTable immediately if credentials are compromised
• Use the platform only for lawful restaurant management purposes
• Comply with applicable Indian laws including GST filing obligations

9. Your Rights

You have the right to:

• Access the data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data (subject to legal retention requirements)
• Export your restaurant data before account termination
• Opt out of non-essential communications

To exercise these rights, email supportsmarttable@gmail.com

10. Cookies

The SmartTable customer web app uses minimal browser storage (localStorage) for session management (JWT tokens). We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

11. Children's Privacy

SmartTable is a B2B platform intended for restaurant businesses. We do not knowingly collect personal data from children under 18 years of age.

12. Changes to This Policy

We may update this policy from time to time. We will notify Restaurant Partners of significant changes via email or in-app notification at least 7 days before the change takes effect. Continued use of the platform after changes constitutes acceptance.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Any disputes shall be subject to the jurisdiction of courts in India.