Privacy Policy

Effective July 12, 2026

1. Who we are

BistroWise ("we", "us") provides a restaurant operating system: a web platform for restaurant management and ordering, and the BistroWise POS mobile application for registers, server pads, and kitchen displays. This policy explains what data we collect, why, and the choices you have. It applies to www.bistrowise.com, all BistroWise web surfaces, and the BistroWise POS app.

2. Data we collect

Account data — when a restaurant signs up we collect the owner’s and staff members’ names, email addresses, roles, and sign-in credentials. Passwords and staff PINs are stored only as secure cryptographic hashes — we cannot read them.

Restaurant business data — the content you create to run your restaurant: menus and photos, tables and service zones, orders and checks, inventory counts and recipes, expenses, wages and timecards, and reports derived from them. This data belongs to the restaurant.

Customer order data — when a diner places an order (by QR code at the table, online pickup, or delivery) we collect the order contents and, where the order type needs it, a name, contact number, and delivery address. Diners are not required to create accounts.

Device and security data — the POS app and web KDS pair with a restaurant using a device identifier we generate. We log IP addresses and security events (such as failed PIN attempts) to protect accounts, and keep audit logs of privileged actions.

Payment data — card payments are processed by Stripe. Full card numbers never touch our servers; we receive only payment status and the last-four digits/receipt metadata Stripe provides. Cash and bank-terminal payments are recorded as amounts only. Stripe’s handling of payment data is described in Stripe’s own privacy policy.

Technical data — essential session cookies to keep you signed in (no advertising or cross-site tracking cookies), and error/diagnostic reports (via Sentry) when something breaks, which may include technical context about the request that failed.

3. The BistroWise POS mobile app

The mobile app is a staff tool. It collects and stores on the device: its pairing credential, the restaurant’s menu, and orders entered on it. Orders created while the device is offline are kept on the device until they can be securely delivered to our servers, then processed like any other order.

  • The app does not access your contacts, photos, camera, microphone, or precise location.
  • The app does not show third-party ads and contains no advertising SDKs.
  • Staff PINs entered on the app are verified against hashes on our servers and are not stored on the device.
  • Unpairing a device removes its stored credential and cached data.

4. How we use data

We use data solely to provide and improve the service: operating orders and kitchens in real time, syncing devices, generating the restaurant’s own reports, securing accounts (rate-limiting, PIN lockouts, audit trails), providing support, sending transactional email such as receipts and account notices, and meeting legal obligations.

We do not sell personal data. We do not share personal data with advertisers. We do not use your data to train AI models.

5. Who we share data with

We share data only with the processors that run the service, under their own contractual and privacy commitments:

  • Stripe — payment processing and payouts.
  • Supabase — our database and file storage.
  • Vercel — application hosting and delivery.
  • Amazon Web Services (SES) — transactional email delivery.
  • Sentry — error monitoring.

We may also disclose data where the law requires it, or to protect the rights, safety, and integrity of BistroWise and its users. If BistroWise is ever acquired, data may transfer with the business under this same policy.

6. International transfers

Our infrastructure is hosted in secure data centers which may be located outside your country (including the United States and Australia). Wherever data is processed, it is protected by the safeguards described in this policy and encrypted in transit using TLS.

7. Retention and deletion

We keep data for as long as the restaurant’s account is active. Restaurants can delete menu items, staff, and other records inside the product at any time. When an account is closed, we delete or irreversibly anonymize its personal data within 90 days, except records we must keep for legal, tax, or fraud-prevention purposes. Diners can request deletion of their order-related personal data at any time via the contact below.

8. Your rights

Depending on where you live (including under the GDPR if you are in the EU/EEA), you may have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise any of these rights, contact us at the address below — we respond to verified requests within 30 days. If you believe we have not resolved your concern, you may lodge a complaint with your local data-protection authority.

9. Security

All traffic is encrypted in transit (TLS). Passwords and PINs are hashed with modern algorithms. Access inside the product is role-based, privileged actions are audit-logged, and repeated failed PIN attempts lock the credential. No system is perfectly secure, but security is designed into the product, not added on.

10. Children

BistroWise is a business tool and is not directed at children under 13. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

11. Changes to this policy

If we make material changes to this policy we will update this page, change the effective date at the top, and notify account owners by email. Continued use of the service after a change takes effect constitutes acceptance of the updated policy.

12. Contact

For any privacy question or request: support@bistrowise.com. We aim to answer every message within two business days.