Privacy Policy

1. Information We Collect

We collect the following types of information to operate our services effectively:

• Personal Information: Name, email, phone number, business name, billing address, and login details.
• Restaurant & Business Data: Menu items, pricing, customers, orders, tables, staff information, and settings.
• Device & Technical Data: IP address, browser type, device ID, operating system, app version, and device identifiers.
• Usage Data: Pages viewed, clicks, time spent, features used, system logs, crash reports, and performance metrics.
• Payment Information: Processed securely through third-party payment gateways; we do not store card details.
• Media Files: Images, logos, menu photos, and other business-related media uploaded to our platform.

2. How We Use Your Information

We use the data we collect to:

• Provide and improve our CRM/POS/digital restaurant services.
• Facilitate order processing, QR menu access, and real-time updates.
• Communicate with you regarding support, updates, and notifications.
• Monitor system performance, diagnose issues, and secure the platform.
• Personalize user experience and optimize workflows.
• Analyze user behavior to improve features and functionality.
• Comply with legal and regulatory requirements.

3. Sharing of Information

We do not sell your personal data. We only share necessary information with:

• Service Providers: Hosting, analytics, support, payment partners, cloud storage, and authentication services who assist in our operations.
• Legal Authorities: If required by law, court order, or to enforce our Terms.
• Business Transfers: In case of mergers, acquisitions, or asset sales, in compliance with privacy laws.

4. Data Security

We implement strong industry-standard measures including:

• End-to-end encryption for sensitive data.
• Secure cloud hosting and firewalls.
• Role-based access permissions and authentication controls.
• Regular security audits and vulnerability checks.
• Encrypted database connections and secure session management.

However, no system is 100% secure, and we cannot guarantee absolute protection against unauthorized access or data breaches.

5. Data Retention

We retain your information as long as your account is active or as needed to provide services. You may request deletion at any time by contacting us. Upon deletion, we will remove your data from active systems within 30 days, though some data may be retained in backups for a limited period as required by law or for legitimate business purposes.

6. Your Rights

Depending on your region, you may have the right to:

• Access, update, or delete your data.
• Request a copy of stored data in a portable format.
• Withdraw consent for specific processing activities.
• Opt out of marketing communications.
• Object to automated decision-making or profiling.
• Lodge a complaint with your local data protection authority.

To exercise these rights, please contact us at [email protected].

7. Cookies & Tracking

We use cookies and tracking technologies to operate our platform, maintain secure user sessions, and analyze user behavior for improving our services.

Types of Cookies We Use

• Essential Cookies (Required for Login):We use authentication cookies to maintain secure user sessions and allow continuous access to the dashboard and other features. These cookies are strictly necessary for the operation of the platform. Without them, you cannot log in or use core features.
• Analytics Cookies:We use third-party analytics tools such as Microsoft Clarity, Google Analytics, and Firebase Analytics to measure traffic, understand user interactions, and improve performance. These tools may collect anonymized behavioral data such as pages viewed, scroll depth, time spent, click patterns, device information, and browser type.
• Functional Cookies:These cookies help remember user preferences, improve UI experience, and optimize loading and performance. We store preferences such as your theme selection (light/dark mode).
• Marketing & Performance Tracking:These cookies help measure the effectiveness of marketing campaigns and track user engagement across platforms.

Third-Party Tracking

Third-party analytics tools may collect user behavior data. However, they do not receive authentication session cookies or any sensitive account data such as passwords or payment information.

• Microsoft Clarity: Used for session recordings, heatmaps, and behavior analysis. Clarity collects anonymized usage data and does not capture sensitive text fields like passwords or credit card numbers.
• Google Analytics: Collects aggregated behavioral data such as session duration, device type, and visited pages. Policy: https://policies.google.com/technologies/partner-sites
• Google Tag Manager: Helps load tracking scripts dynamically. GTM itself does not collect personal data but enables other tracking tools to function.
• Firebase Analytics: Collects app usage events, crash reports, and performance data to improve stability and user experience.

Cookie Control Options

You may disable non-essential cookies through your browser settings. However, disabling essential authentication cookies will prevent login and access to core platform features. Most browsers allow you to refuse cookies or delete existing cookies through their settings menu.

8. Third-Party Services

We integrate with several third-party providers to deliver essential platform features including authentication, analytics, hosting, file storage, database management, and payment operations. Each third-party processes data under its own privacy policies.

Authentication & User Management

• Authentication Services:We use secure authentication services to handle login, logout, account creation, and encrypted session management. These services process data such as email, encrypted passwords, IP address, session metadata, and user preferences.

Analytics & Monitoring

• Google Analytics (Usage Analytics):Google Analytics processes device data, pages visited, clicks, interactions, and browser details to help us understand user behavior and improve our platform.
  Policy: https://policies.google.com/technologies/partner-sites
• Google Tag Manager (Tag Management):GTM helps load and manage tracking scripts. GTM itself does not collect identifiable data but may load scripts that do.
• Microsoft Clarity (Heatmaps & Session Replay):Clarity collects anonymized interaction data such as page scrolls, clicks, mouse movements, and UI behavior. Sensitive data like passwords or payment fields are automatically masked.
  Privacy Policy: https://privacy.microsoft.com/en-us/privacystatement
• Firebase (Analytics, Crash Reporting & Performance):Firebase processes analytics events, device data, crash logs, performance metrics, and authentication metadata. This helps us monitor app stability, diagnose issues, and improve performance.
  Privacy Policy: https://firebase.google.com/support/privacy

Cloud Storage & File Management

• Cloud Storage Services:We use secure cloud storage providers for media uploads such as menu images, restaurant logos, QR codes, business assets, and generated documents. Temporary secure access URLs are generated to provide controlled file access.

Database & Backend Infrastructure

• Database Services:We use secure database management systems to store restaurant data, orders, menu items, customer information, and business records. All databases use encrypted connections and follow industry security standards.
• Hosting Provider:Our application is hosted on cloud infrastructure where operational logs, error reports, and technical data may be processed for performance monitoring and debugging.

Payment Processing

• Payment Gateways:Payments are handled by certified third-party payment processors. We never store full card information on our servers. All payment data is transmitted directly to the payment processor using secure, encrypted connections.

Document Generation & QR Codes

• Document Generation:We generate PDF documents (like invoices, receipts, or reports) and convert content to images for download or sharing. This processing happens locally in your browser; no document data is sent to external servers during generation.
• QR Code Generation:QR codes for table ordering and menu access are generated client-side in your browser and do not transmit data to external services.

All third-party services are required to follow industry-standard security practices and process only the data necessary for their intended function. We regularly review our third-party integrations to ensure they maintain appropriate security and privacy standards.

9. International Data Transfers

Your data may be transferred to and processed in countries other than your own. We ensure that all international data transfers comply with applicable data protection laws and that appropriate safeguards are in place, such as standard contractual clauses or adequacy decisions.

10. Children's Privacy

Our services are not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child without parental consent, we will take steps to delete that information promptly.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. The updated version will be posted on this page with a revised "Last Updated" date. We encourage you to review this policy regularly. If we make material changes, we may notify you via email or through a notice on our platform.

12. Data Processing Legal Basis (For EU/EEA Users)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data based on the following legal grounds:

• Contract Performance: To provide services you've requested and fulfill our agreement with you.
• Legitimate Interests: To improve our services, ensure security, and communicate important updates.
• Consent: For marketing communications and optional tracking (you can withdraw consent at any time).
• Legal Obligation: To comply with applicable laws and regulations.

13. Contact Us

If you have any questions about this Privacy Policy, wish to exercise your data rights, or have concerns about how we handle your information, please contact us at:

• Email: [email protected]
• Website: www.tfptechnologies.com
• Company: TFP Technologies

We will respond to your inquiry within 30 days.