1. Overview
RestauMate (“we,” “our,” or “us”) operates the RestauMate platform, which provides online ordering, marketing, and restaurant management tools to restaurant operators and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard personal information when you use our platform, whether as a restaurant owner, staff member, or a customer ordering from a restaurant that uses RestauMate.
By using RestauMate you agree to the terms of this Privacy Policy. If you do not agree, please do not use our services.
2. Information We Collect
Restaurant Account Holders: When you create a RestauMate account we collect your name, email address, phone number, business name, business address, and payment information processed securely through Stripe. We also collect usage data, menu content, order history, and marketing campaign data you create.
Restaurant Customers (End Users): When a customer places an order through a RestauMate-powered ordering page we collect their name, phone number, email address (if provided), order details, and payment information processed by Stripe. This data is collected on behalf of the restaurant and is subject to both this policy and the restaurant’s own privacy practices.
Automatically Collected Data: We automatically collect IP addresses, browser type, device information, pages visited, and time spent on pages through our analytics infrastructure. This data is used to improve our services and diagnose technical issues.
3. SMS Communications and TCPA Compliance
RestauMate enables restaurants to send SMS marketing messages to their customers. We take TCPA (Telephone Consumer Protection Act) compliance seriously.
Consent for SMS Marketing: When a customer provides their phone number during checkout, the restaurant is responsible for obtaining proper consent before sending marketing SMS messages. RestauMate provides the technical infrastructure but the restaurant operator is the sender of record and bears primary TCPA compliance responsibility.
Opt-Out: All SMS messages sent through RestauMate support STOP keyword opt-out. Customers who reply STOP to any SMS message will be immediately removed from future marketing communications from that restaurant. Transactional messages (order confirmations) are separate from marketing messages.
Message Frequency: Message frequency varies by restaurant. Standard message and data rates may apply.
4. Email Marketing and CAN-SPAM
RestauMate enables restaurants to send email marketing campaigns to their customers. All marketing emails sent through our platform include the restaurant’s name as the sender and include an unsubscribe mechanism as required by the CAN-SPAM Act.
Transactional emails such as order confirmations are not subject to the same opt-in requirements but still include restaurant contact information in the footer.
Restaurant operators are responsible for maintaining accurate subscriber lists and honoring unsubscribe requests promptly. RestauMate processes opt-out requests automatically within our platform.
5. How We Use Your Information
We use collected information to:
- Process and fulfill orders
- Operate and improve the RestauMate platform
- Process payments through Stripe
- Send transactional communications (order confirmations, receipts)
- Enable restaurants to send marketing communications to their opted-in customers
- Provide customer support
- Detect and prevent fraud and abuse
- Comply with legal obligations
- Generate anonymized analytics to improve our service
We do not sell personal information to third parties. We do not use restaurant customer data for cross-restaurant marketing.
6. Payment Processing (Stripe)
All payment processing is handled by Stripe, Inc. RestauMate does not store credit card numbers, CVV codes, or full payment card data on our servers. Payment data is transmitted directly to Stripe using industry-standard TLS encryption.
Stripe’s use of your payment information is governed by Stripe’s own Privacy Policy, available at stripe.com/privacy. RestauMate uses Stripe Connect to facilitate payments between customers and restaurant operators.
Platform fees are deducted automatically from each transaction as disclosed in our pricing.
7. Third-Party Service Providers
We share data with the following categories of service providers who process data on our behalf:
- Stripe — Payment processing and restaurant payouts
- Twilio — SMS delivery infrastructure
- Resend — Transactional and marketing email delivery
- Supabase — Database hosting and authentication
- Vercel — Application hosting and edge infrastructure
- Anthropic — AI-powered features including menu extraction and campaign copy generation
- PostHog — Product analytics
- Sentry — Error monitoring
Each provider is bound by data processing agreements. We do not authorize providers to use your data for their own marketing purposes.
8. Artificial Intelligence Features
RestauMate uses AI services (powered by Anthropic’s Claude) to generate marketing copy, campaign suggestions, and extract menu data from photos.
When you use AI-powered features, your prompts and context (such as restaurant name and campaign details) may be sent to Anthropic for processing. We do not send personally identifiable customer data to AI services.
AI-generated content is provided as a suggestion only. Restaurant operators are responsible for reviewing and approving all communications before sending.
9. Data Retention
We retain restaurant account data for the duration of the active subscription plus 90 days after cancellation to allow for account recovery.
Order data is retained for 7 years for tax and accounting compliance purposes.
Customer contact data collected for marketing purposes is retained until the customer opts out or the restaurant account is closed.
You may request deletion of your data by contacting us at privacy@restaumate.com. Note that some data may be retained for legal and accounting obligations.
10. GDPR and International Rights
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights regarding your personal data:
- Right to access your data
- Right to correct inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to data portability
- Right to object to processing
- Right to restrict processing
To exercise these rights contact privacy@restaumate.com. We will respond within 30 days.
11. Canadian Privacy (PIPEDA/CASL)
For Canadian residents, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy laws.
Canada’s Anti-Spam Legislation (CASL) requires express consent for commercial electronic messages. Restaurant operators using RestauMate to contact Canadian customers must ensure they have obtained CASL-compliant consent before sending marketing emails or SMS messages.
12. Security
We implement industry-standard security measures including TLS encryption in transit, encrypted data at rest, role-based access controls, and regular security reviews.
However, no method of transmission or storage is 100% secure. While we strive to protect your information we cannot guarantee absolute security. In the event of a data breach we will notify affected parties as required by applicable law.
13. Restaurant Operator Responsibility
RestauMate provides technology infrastructure to restaurant operators. Restaurant operators act as independent data controllers for the personal information of their customers.
Restaurant operators are solely responsible for:
- Obtaining proper consent from their customers before sending marketing communications
- Complying with applicable privacy laws in their jurisdiction
- Maintaining their own privacy policy for their customers
- Handling customer data access/deletion requests
- Food safety, order accuracy, and customer service
14. Contact Us
For privacy-related questions, data requests, or concerns:
RestauMate Privacy Team
Email: privacy@restaumate.com
Dearborn, Michigan, United States