This Privacy Policy explains how DirectDine ("we", "us") handles personal data - both for the restaurants who use our platform and for the guests who order through it.
1. Overview
We believe your data is yours. Restaurants on DirectDine own their customer records and can export them at any time. We process personal data to provide the Service, not to sell it.
2. What we collect
- Account data — name, email, business details and login credentials for restaurant users.
- Guest data — names, contact details, order and reservation history that guests provide when ordering or booking.
- Usage data — device, browser and interaction information used to keep the Service secure and reliable.
- Payment data — handled by our payment provider; card details never touch our servers.
3. How we use it
We use personal data to operate the platform including processing orders and reservations, powering the CRM, providing support, securing accounts and improving the Service. Restaurants control marketing communications to their own guests, subject to each guest's opt-in.
4. Legal basis
Where applicable law requires it, we process personal data on the basis of performing our contract with you, our legitimate interests in running and securing the Service, your consent (for example, marketing opt-ins), and compliance with legal obligations.
5. Sharing
We do not sell personal data. We share it only with service providers who help us run the platform (such as hosting and payment processing), under contracts that require them to protect it, and where required by law.
6. Security
We protect data with bcrypt password hashing, HMAC-signed httpOnly session cookies, Postgres row-level security and encryption in transit. Card data is tokenised by our payment provider. Read more on our Security page.
7. Data retention
We keep personal data for as long as needed to provide the Service and meet legal obligations. When a restaurant cancels, it has a reasonable window to export data before it is removed from active systems.
8. Your rights
Depending on your location, you may have rights to access, correct, export or delete your personal data, and to object to or restrict certain processing. Restaurants can action most guest requests directly in the admin dashboard; for anything else, contact us.
9. Cookies
We use a small number of essential cookies to keep you signed in and the Service secure, plus a local preference (such as your light/dark theme) stored in your browser. We do not use advertising trackers.
10. Contact
For privacy questions or to exercise your rights, email hello@directdine.tech or visit our contact page.