Back to Home

Privacy Policy

Effective Date: November 27, 2025

1. Introduction

Welcome to Restolyt. We are committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform as a restaurant owner or staff member.

2. Data Controller

Restolyt is the data controller responsible for processing your personal data. For customer data collected through restaurant-specific ordering pages, the individual restaurant acts as the data controller, and Restolyt acts as a data processor on behalf of the restaurant.

3. Information We Collect

3.1 Restaurant Registration Data

  • Restaurant name, address, and contact information
  • Owner and staff names and email addresses
  • Phone numbers
  • Business registration details

3.2 Account Information

  • Login credentials (email and hashed passwords)
  • User roles and permissions
  • Account preferences and settings

3.3 Business Data

  • Menu items, categories, and pricing
  • Restaurant branding and images
  • Operating hours and delivery settings
  • VAT numbers and tax information

3.4 Payment Information

  • Stripe Connect account details
  • Transaction records and invoices
  • Payment processing data (handled by Stripe)

3.5 Usage Data

  • Order history and statistics
  • Login activity and access logs
  • Device information and IP addresses
  • Browser type and usage patterns

3.6 Customer Data (Processed on Behalf of Restaurants)

  • Customer names, email addresses, and phone numbers
  • Delivery addresses
  • Order details and preferences
  • Payment information (processed by Stripe)

4. How We Use Your Information

4.1 Platform Services

Legal basis: Performance of contract

  • Providing and maintaining your restaurant account
  • Processing orders and payments
  • Generating invoices and receipts
  • Managing your menu and business settings

4.2 Communication

Legal basis: Performance of contract and legitimate interest

  • Sending order notifications and updates
  • Providing customer support
  • Sending administrative messages about your account
  • Notifying you of platform updates and new features

4.3 Business Analytics

Legal basis: Legitimate interest

  • Providing sales reports and insights
  • Analyzing usage patterns to improve our services
  • Monitoring platform performance and security

4.4 Legal Compliance

Legal basis: Legal obligation

  • Complying with tax and accounting requirements
  • Preventing fraud and ensuring security
  • Responding to legal requests and enforcing our terms

5. How We Share Your Information

5.1 Service Providers

We share data with trusted third-party service providers who assist us in operating the platform:

  • Stripe: Payment processing and Stripe Connect accounts
  • Vercel: Hosting and infrastructure
  • Email service providers: Sending transactional emails
  • Cloud storage providers: Storing images and files

5.2 Legal Requirements

We may disclose your information if required by law, regulation, legal process, or government request, or to protect the rights, property, or safety of Restolyt, our users, or the public.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 With Your Consent

We may share your information for other purposes with your explicit consent.

6. Data Retention

6.1 Active Accounts

We retain your account and business data for as long as your account remains active.

6.2 Transaction Records

Order and payment data are retained for 7 years to comply with tax and accounting regulations.

6.3 Deleted Accounts

When you close your account, we delete or anonymize your data within 30 days, except for data we are required to retain for legal or regulatory purposes.

7. Your Rights (GDPR)

Under GDPR and applicable data protection laws, you have the following rights:

  • Right to access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data
  • Right to restriction: Limit how we process your data
  • Right to data portability: Receive your data in a structured format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent for data processing
  • Right to lodge a complaint: File a complaint with your data protection authority

To exercise these rights, please contact us at privacy@restolyt.com

8. International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States, where our service providers are located. We ensure appropriate safeguards are in place through:

  • Standard Contractual Clauses approved by the European Commission
  • Service providers certified under the EU-U.S. Data Privacy Framework
  • Adequate protection as determined by the European Commission

9. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption of data in transit (HTTPS/TLS) and at rest
  • Regular security assessments and updates
  • Access controls and authentication mechanisms
  • Secure password hashing using industry best practices
  • Monitoring and incident response procedures

However, no method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential cookies: Required for platform functionality (authentication, sessions)
  • Functional cookies: Remember your preferences and settings
  • Analytics cookies: Understand how you use the platform (with consent)

You can manage your cookie preferences through your browser settings or our cookie consent banner.

11. Children's Privacy

Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the platform. Your continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

Email: privacy@restolyt.com