1. Who this policy covers
DineFlow is a restaurant operations platform operated by Haroo Technologies. It includes tools for branded digital menus, QR and table ordering, point of sale, inventory, kitchen operations, analytics, branches, tables, shifts, and staff workflows.
This policy applies to restaurant owners, managers, staff members, customers who place orders through a DineFlow-powered menu, and visitors to DineFlow websites. A restaurant may also be responsible for how it uses customer information in its own workspace. Questions about a specific restaurant's practices should be directed to that restaurant.
2. Information we collect
Account and identity information
Name, email address, phone number, authentication and verification records, profile information, staff role, account status, and restaurant membership.
Restaurant and operational information
Restaurant profiles, branches, addresses, contact details, tables, branded menu settings, categories, menu items, prices, uploaded images, QR codes, inventory, suppliers, recipes, stock movements, shifts, waiter calls, and related operational records.
Orders and customer information
Order contents, quantities, notes, table or order type, customer name and phone number, phone verification status, order status, amounts, payment method and payment status. DineFlow does not require full payment-card numbers to provide its current application features.
Device, usage, and security information
IP address, browser and device type, app version, timestamps, notification tokens, QR scan activity, menu views, request and security logs, and diagnostic information needed to operate and protect the service.
Information you choose to upload
Restaurant logos, cover images, menu-item photographs, and other images selected through your device's system photo picker.
3. How we use information
- Create, verify, secure, and administer user accounts.
- Provide restaurant menus, QR ordering, POS, inventory, kitchen, analytics, branch, table, shift, and notification features.
- Publish restaurant-approved information on public branded menu and discovery pages.
- Process and communicate orders between customers and authorized restaurant staff.
- Send OTP verification, transactional, operational, security, and support communications.
- Measure QR scans, menu engagement, order performance, reliability, and feature usage.
- Detect misuse, investigate incidents, enforce our terms, and maintain service security.
- Comply with applicable accounting, tax, legal, and regulatory obligations.
We do not use information from DineFlow restaurant workspaces to sell third-party advertising profiles.
4. Public menu information
Restaurants can choose to publish branded menu pages and restaurant discovery information. Published content may include the restaurant name, logo, cover image, address, contact details, branches, menu categories, item names, descriptions, prices, dietary information, and photographs. Public pages may be indexed by search engines.
Account credentials, private inventory records, staff records, internal analytics, and private operational data are not intended to appear on public menu pages.
6. Mobile app permissions
| Permission or access | Why DineFlow uses it |
|---|---|
| Internet access | Connects the app to DineFlow services, synchronizes restaurant data, and processes requests. |
| Notifications | Shows order, kitchen, waiter-call, account, and operational alerts when you allow notifications. |
| Photos or media selection | Lets you choose restaurant branding and menu images using the device's system picker. DineFlow does not request unrestricted access to your entire photo library through its Android manifest. |
| Secure local storage | Stores authentication tokens and limited session information on the device so you can remain signed in securely. |
You can manage notification permission in your device settings. Disabling notifications does not prevent you from viewing information inside the app.
7. Security
We use administrative, technical, and organizational safeguards designed to protect information, including authenticated access, role and restaurant-level authorization, secure token storage, access logging, and protected production connections. No system can guarantee absolute security, and users should protect their devices and account verification methods.
8. Data retention
We keep information only for as long as reasonably needed for the purposes described in this policy. Retention depends on the type of information and legal or operational requirements.
| Information | Typical retention approach |
|---|---|
| Account and restaurant workspace data | While the account or workspace is active, and for a limited period afterward to support recovery, security, and deletion processing. |
| Orders, POS, shift, and transaction records | As needed by the restaurant for operations and by applicable accounting, tax, dispute, fraud-prevention, or legal requirements. |
| OTP and security records | For short operational or security periods, unless longer retention is required to investigate abuse. |
| Public menu content | Until the restaurant removes it, unpublishes it, closes its workspace, or requests deletion, subject to search-engine caching outside our direct control. |
| Backups and logs | For limited backup, continuity, troubleshooting, and security cycles before routine deletion or replacement. |
When deletion is appropriate, information is deleted or anonymized. Some records may be retained where required for security, fraud prevention, legal compliance, or legitimate restaurant accounting obligations.
9. Your privacy choices
Depending on your location and relationship with DineFlow, you may request access to, correction of, deletion of, or a copy of eligible personal information. You may update certain account and restaurant information directly in the app.
- Manage notification permission through your device settings.
- Update profile, restaurant, menu, and branding information through authorized app features.
- Contact the restaurant directly regarding information submitted to that restaurant through an order.
- Contact DineFlow for account or privacy requests using the details below.
We may need to verify your identity and authority before completing a request.
10. Account and data deletion
DineFlow users can initiate an account deletion request from the app or through our public account deletion page. Eligible account data will be deleted or anonymized after verification, except information that must be retained for legitimate security, fraud-prevention, accounting, tax, dispute, or legal reasons.
Visit the DineFlow account deletion page for the request process and a description of information that may be retained.
11. Children's privacy
DineFlow restaurant management accounts are intended for adults and authorized restaurant staff. DineFlow is not directed to children under 13, and we do not knowingly create management accounts for children. If you believe a child has provided personal information improperly, contact us so we can investigate and take appropriate action.
12. International processing
DineFlow and its service providers may process information in countries other than the country where you live. Where required, we use appropriate safeguards for these transfers and continue to protect information as described in this policy.
13. Changes to this policy
We may update this policy as DineFlow changes or legal requirements evolve. We will publish the revised policy on this page and update the effective date. If a change materially affects how we handle personal information, we may provide an additional notice through the app, website, or account contact information.
14. Contact us
For privacy questions, rights requests, or concerns about DineFlow's handling of information, contact Haroo Technologies using the details below.