Privacy Policy

RestoReho ("we", "us", "our") is the company behind the RestoReho suite of restaurant management applications — including RestoRehoManager, RestoReho KSF, RestoReho TM, and RestoReho Plus. Our mission is to help restaurants run smarter through connected, purpose-built technology.

This Privacy Policy applies to all personal data collected through our web applications, iOS apps, Android apps, and any other services that link to this policy (collectively, the "Services").

If you are a restaurant owner or operator using our Services on behalf of your business, you act as the data controller for your customers' and employees' data, while RestoReho acts as the data processor. We process that data only on your instructions and under our Terms of Service and any order form or written agreement between us.

Billing disputes, amounts owed, and when we may suspend service are governed by our Terms of Service (Fees & Billing) — not by this Privacy Policy.

We collect information in three ways: information you give us directly, information generated when you use our Services, and information received from your restaurant's systems.

Information you provide directly

• Full nameWhen creating an account or requesting a demo
• Email addressUsed for login, notifications, and support communications
• Phone numberFor account verification and business contact purposes
• Restaurant name & addressTo configure and identify your restaurant account
• Employee PIN codesHashed credentials for waiter/server login via RestoReho TM
• Menu contentItems, categories, descriptions, prices and images you upload
• Demo request notesAny information included when booking a demo via our website

Billing and payment-related information

To collect the one-time setup fee and per-order fees described in our Terms of Service and Pricing page, we may process:

• Billing contact & addressName, business address, and email for invoices and notices
• Tax & registration detailsWhere required for invoicing (for example VAT or company number)
• Invoice & payment recordsLine items, amounts paid or due, payment references, and correspondence about billing
• Payment credentialsWhen you pay by card or bank, our payment service providers collect and process payment details on our behalf. We do not store full card numbers on our own servers.

Marketing website (restoreho.com)

When you browse our public website (landing, pricing, demo, FAQ, and similar pages), we use Firebase Analytics (provided by Google) to collect aggregated statistics such as pages viewed, approximate geography, device and browser type, and referral source. This helps us understand traffic and improve the site. It is separate from operational data inside the RestoReho restaurant apps.

Information generated by your use

• Order dataItems ordered, quantities, table numbers, timestamps, and order status
• Transaction recordsRevenue figures and order totals for your dashboard and for billing. RestoReho does not process your diners' in-restaurant card payments unless we explicitly offer that capability to you and describe it in our agreement with you.
• Device informationDevice type, OS version, browser type, and IP address
• Usage logsFeature usage patterns, session duration, and error reports
• Location code / IDThe unique identifier linked to a restaurant, used for QR-based customer access

We use the data we collect for the following purposes, each grounded in a lawful legal basis:

We never sell your personal data to third parties, and we do not use it for advertising purposes.

Each app in the RestoReho suite is purpose-built for a specific role. Here is a summary of what each app collects and why:

RestoReho does not sell, rent, or trade your personal data. We share it only in the limited circumstances described below:

Service providers (processors)

We work with trusted third-party companies to operate our infrastructure — such as cloud hosting providers, error monitoring tools, and email delivery services. These providers are contractually bound to process data only on our instructions and to maintain appropriate security standards.

Website analytics (Firebase / Google)

On our public marketing website, Google LLC processes analytics data on our behalf through Firebase Analytics (which uses Google Analytics technology). Google may process identifiers and usage data as described in their notices: Google Privacy Policy and Firebase Privacy and Security. We do not use this tool to run personalised advertising on our behalf.

Payment processors

When you pay RestoReho by card, bank transfer, or another method we support, payment processors receive the data required to complete the transaction. They process that information under their own privacy notices and only as needed to process payments, subject to our agreements with them.

Restaurant operators

When a customer uses RestoReho Plus at a restaurant, their order data is shared with that restaurant's RestoRehoManager account and KSF station. This is the core function of the service and is necessary to process the order.

Legal requirements

We may disclose data if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of RestoReho, our users, or the public.

Business transfers

If RestoReho is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify affected users before any such transfer.

We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by applicable law.

• Active account dataKept while your RestoReho account is active (including during any suspension for non-payment until the account is closed or reactivated), plus 30 days after closure
• Billing, invoice & payment recordsRetained as long as necessary for accounting, tax, and legal obligations — often up to seven years depending on jurisdiction — and to resolve billing disputes
• Order & transaction historyRetained for up to 3 years for analytics and dispute resolution
• Demo request dataKept for 12 months from submission, then deleted unless you become a customer
• Support communicationsRetained for 2 years to provide consistent support history
• Usage logs & analyticsAggregated and anonymised after 90 days; raw logs deleted after 30 days
• Employee PINsStored as irreversible hashes; deleted within 30 days of account closure

When data is no longer required, it is securely deleted or anonymised so it can no longer be linked to you.

Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all users, regardless of geography.

To exercise any of these rights, email us at support@restoreho.com. We will respond within 30 days and may need to verify your identity before fulfilling a request.

Our restaurant web applications and our public marketing site use cookies, local storage, and similar technologies to keep you signed in, remember your preferences, record cookie choices, and measure how the site is used.

On the marketing website, you can use our cookie banner to limit non-essential cookies. You can also control cookies through your browser settings. Blocking essential cookies will prevent you from logging in to the restaurant apps. Disabling analytics cookies limits measurement on the public site but does not block core app features.

We do not use third-party advertising cookies or social ad pixels. We do use Firebase Analytics (Google) for audience measurement on the public website, as described in Sharing Your Data and above.

The security of your data is important to us. We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction.

No system is entirely secure. If you discover a potential security vulnerability, please disclose it responsibly to support@restoreho.com before making it public. We will acknowledge your report within 48 hours.

In the event of a data breach likely to result in risk to your rights or freedoms, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.

The RestoReho suite is designed for use by restaurant businesses and their adult employees and customers. Our Services are not directed at children under the age of 13 (or 16 in certain jurisdictions within the European Union).

We do not knowingly collect personal data from children. If you believe a child has provided us with personal information without appropriate parental consent, please contact us at support@restoreho.com and we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:

• Update this pageThe "Last updated" date at the top will reflect the most recent revision
• Notify account holdersFor material changes, we will email the address on your account at least 14 days before the change takes effect
• In-app noticeA banner will appear within RestoRehoManager for significant policy updates

Your continued use of our Services after the effective date constitutes acceptance of the updated policy. If you do not agree, you should discontinue use and contact us to request deletion of your data.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, we want to hear from you. Our team is committed to responding to all privacy-related enquiries within 30 days.

If you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.