Privacy Policy

Account and Business Information

• Name, email address, and phone number of the restaurant manager/owner
• Restaurant name, city, and owner details
• Subscription and billing information (processed securely via Cashfree Payments)

Operational Data

• Menu items, categories, pricing, and availability configured by the restaurant
• Orders placed by end customers including table number, items ordered, and order amounts
• Customer phone numbers provided voluntarily during the ordering process
• Payment method (UPI or cash) and UPI transaction reference IDs

Technical Data

• IP address, browser type, and device information
• Usage logs and activity within the dashboard
• Cookies and session tokens for authentication

We use the data collected to:

• Provide, operate, and maintain the ApneOrder platform
• Process subscription payments and manage billing
• Display real-time orders and analytics on your restaurant dashboard
• Send important service-related notifications (account, billing, and security alerts)
• Improve our platform features based on usage patterns
• Comply with legal obligations under Indian law
• Respond to customer support requests

We do not sell, rent, or trade your personal data to third parties for marketing purposes.

When your customers scan a QR code and place an order through ApneOrder, we may collect their phone number if provided. This data is:

• Stored on secure servers hosted by Supabase (PostgreSQL)
• Used solely to associate orders with customers for your restaurant's operational purposes
• Accessible only to you (the restaurant manager) and ApneOrder staff for support purposes
• Never shared with third parties or used for marketing without explicit consent

As a restaurant using ApneOrder, you are the data controller for your customers' information. You are responsible for informing your customers about data collection at your point of service.

All data is stored on secure cloud infrastructure provided by Supabase (hosted on AWS). We implement industry-standard security measures including:

• HTTPS encryption for all data in transit
• Encrypted database connections with access controls
• HMAC-signed authentication tokens for admin access
• HTTPOnly, Secure, and SameSite cookie attributes to prevent session hijacking

While we take reasonable precautions, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security of your data.

We use the following third-party services to operate the platform:

Each of these services has its own privacy policy governing the data they process. We encourage you to review them independently.

ApneOrder uses cookies and similar tracking technologies to maintain your authenticated session and improve the user experience. We use:

• Session cookies — to keep you logged in securely
• Functional cookies — to remember your preferences

We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but this may affect platform functionality.

We retain your account and business data for as long as your account is active. If you cancel your subscription and close your account, we will delete your personal data within 90 days, except where we are required by law to retain it (such as billing records for tax compliance).

Order data may be retained in anonymised form for platform analytics.

Under applicable Indian data protection laws, you have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal data (subject to legal obligations)
• Portability — request your data in a commonly used, machine-readable format
• Withdrawal of Consent — withdraw consent for data processing at any time

To exercise any of these rights, contact us at support@apneorder.com. We will respond within 30 days.

ApneOrder is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has provided personal data, we will delete it promptly.

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or a prominent notice on the platform. Continued use of the Service after changes are posted constitutes your acceptance of the revised policy.

If you have any questions, concerns, or requests regarding your privacy, please contact us: