โ† Back to Home

Privacy Policy

Last Updated: November 28, 2025

Introduction

RestoPort ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our digital menu platform service. This policy complies with the General Data Protection Regulation (GDPR) for users in the European Union, the California Consumer Privacy Act (CCPA) for users in California, and the Act on the Protection of Personal Information (APPI) for users in Japan.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Email address, password, restaurant name
  • Restaurant Information: Restaurant details, contact information, menu content, pricing
  • Payment Information: Processed securely through Stripe (we do not store full credit card details)
  • Communications: Messages you send us, support tickets, feedback

1.2 Automatically Collected Information

  • Usage Data: Pages viewed, features used, time spent, menu views
  • Device Information: IP address, browser type, device type, operating system
  • Cookies: See our Cookie Policy below for details
  • Analytics: Aggregated data on dish popularity, language preferences

1.3 Third-Party Information

  • OAuth Providers: If you sign in with Google, we receive basic profile information (name, email)
  • Payment Processors: Stripe processes payment information on our behalf

2. How We Use Your Information

  • Provide Services: Deliver and maintain our digital menu platform
  • Account Management: Create and manage your account
  • AI Features: Process menu images for OCR, generate translations
  • Payment Processing: Process subscription payments and manage billing
  • Analytics: Understand usage patterns and improve our service
  • Communications: Send service updates, security alerts, and support messages
  • Legal Compliance: Comply with applicable laws and regulations
  • Security: Detect, prevent, and address fraud and security issues

3. Legal Basis for Processing (GDPR)

For EU users, we process your personal data under the following legal bases:

  • Contract Performance: To provide the services you requested
  • Consent: For marketing communications and non-essential cookies
  • Legitimate Interest: To improve our services, prevent fraud, and ensure security
  • Legal Obligation: To comply with laws (e.g., tax, accounting)

4. How We Share Your Information

We do not sell your personal information. We may share your data with:

  • Service Providers: Supabase (database), Stripe (payments), Google Cloud (AI services)
  • Legal Requirements: When required by law, court order, or government request
  • Business Transfers: In case of merger, acquisition, or sale of assets
  • With Consent: When you explicitly consent to sharing

5. Data Storage and Security

Storage Location: Your data is stored on secure servers provided by Supabase, primarily located in the United States. For EU users, we ensure appropriate safeguards through Standard Contractual Clauses.

Security Measures: We implement industry-standard security measures including:

  • Encryption in transit (TLS/SSL) and at rest
  • Regular security audits and updates
  • Access controls and authentication
  • Secure password hashing (bcrypt)
  • Regular backups and disaster recovery plans

Retention: We retain your data as long as your account is active or as needed to provide services. After account deletion, data is anonymized or deleted within 90 days, except where required by law.

6. Your Rights

For EU Users (GDPR)

  • Right to Access: Request a copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data ("right to be forgotten")
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a machine-readable format
  • Right to Object: Object to processing based on legitimate interests
  • Right to Withdraw Consent: Withdraw consent at any time

For California Users (CCPA)

  • Right to Know: What personal information we collect and how we use it
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt-out of sale of personal information (we do not sell data)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

For Japanese Users (APPI)

  • Right to Disclosure: Request disclosure of your personal information
  • Right to Correction: Request correction of inaccurate data
  • Right to Suspension: Request suspension of use or deletion

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (GDPR), 45 days (CCPA), or as required by applicable law.

7. Cookie Policy

We use cookies and similar tracking technologies to improve your experience:

๐Ÿ”’ Necessary Cookies (Always Active)

Required for authentication, security, and core functionality. Cannot be disabled.

๐Ÿ“Š Analytics Cookies (Optional)

Help us understand visitor behavior and improve our service. You can opt-out anytime.

๐Ÿ“ข Marketing Cookies (Optional)

Used to deliver personalized advertisements. You can opt-out anytime.

You can manage your cookie preferences at any time using the cookie settings button at the bottom of any page. You can also configure your browser to block cookies, but this may affect functionality.

8. Children's Privacy

Our service is not directed to individuals under 16 years of age (13 in the US). We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately at [email protected].

9. International Data Transfers

Your data may be transferred to and processed in countries outside your residence, including the United States. We ensure appropriate safeguards through Standard Contractual Clauses (SCCs) approved by the European Commission and other mechanisms as required by law.

10. Third-Party Links

Our service may contain links to third-party websites (e.g., social media, payment processors). We are not responsible for the privacy practices of these sites. Please review their privacy policies.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through a prominent notice on our service. Your continued use after changes indicates acceptance of the updated policy.

12. Contact Us

Email: [email protected]

Data Protection Officer (EU): [email protected]

Mailing Address: RestoPort, [Your Address]

EU Users: You have the right to lodge a complaint with your local data protection authority.

Data Processing Information

Data Controller: RestoPort (for your restaurant account and menu data)

Data Processors: Supabase (database), Stripe (payments), Google Cloud (AI services)

Processing Purpose: Provide digital menu platform services

Data Categories: Contact data, account data, menu content, usage analytics

Data Subjects: Restaurant owners, staff, and end customers (menu viewers)