Who We Are
RestoReho ("we", "us", "our") is the company behind the RestoReho suite of restaurant management applications — including RestoRehoManager, RestoReho KSF, RestoReho TM, and RestoReho Plus. Our mission is to help restaurants run smarter through connected, purpose-built technology.
This Privacy Policy applies to all personal data collected through our web applications, iOS apps, Android apps, and any other services that link to this policy (collectively, the "Services").
If you are a restaurant owner or operator using our Services on behalf of your business, you act as the data controller for your customers' and employees' data, while RestoReho acts as the data processor. We process that data only on your instructions and under our Terms of Service and any order form or written agreement between us.
Billing disputes, amounts owed, and when we may suspend service are governed by our Terms of Service (Fees & Billing) — not by this Privacy Policy.
What We Collect
We collect information in three ways: information you give us directly, information generated when you use our Services, and information received from your restaurant's systems.
Information you provide directly
- Full nameWhen creating an account or requesting a demo
- Email addressUsed for login, notifications, and support communications
- Phone numberFor account verification and business contact purposes
- Restaurant name & addressTo configure and identify your restaurant account
- Employee PIN codesHashed credentials for waiter/server login via RestoReho TM
- Menu contentItems, categories, descriptions, prices and images you upload
- Demo request notesAny information included when booking a demo via our website
Billing and payment-related information
To collect the one-time setup fee and per-order fees described in our Terms of Service and Pricing page, we may process:
- Billing contact & addressName, business address, and email for invoices and notices
- Tax & registration detailsWhere required for invoicing (for example VAT or company number)
- Invoice & payment recordsLine items, amounts paid or due, payment references, and correspondence about billing
- Payment credentialsWhen you pay by card or bank, our payment service providers collect and process payment details on our behalf. We do not store full card numbers on our own servers.
Information generated by your use
- Order dataItems ordered, quantities, table numbers, timestamps, and order status
- Transaction recordsRevenue figures and order totals for your dashboard and for billing. RestoReho does not process your diners' in-restaurant card payments unless we explicitly offer that capability to you and describe it in our agreement with you.
- Device informationDevice type, OS version, browser type, and IP address
- Usage logsFeature usage patterns, session duration, and error reports
- Location code / IDThe unique identifier linked to a restaurant, used for QR-based customer access
How We Use Your Data
We use the data we collect for the following purposes, each grounded in a lawful legal basis:
- Operate the platformProviding real-time order syncing across all four apps
- Account managementCreating and maintaining your restaurant's account and user profiles
- Order managementRouting orders from customers to kitchen to waiter seamlessly
- Dashboard analyticsShowing revenue, top-selling items, and order statistics to the manager
- Invoicing & fee collectionCalculating per-order usage, issuing invoices, collecting setup and order fees, and responding to billing enquiries
- Bug trackingIdentifying and fixing errors and performance issues
- Feature developmentUnderstanding how features are used to guide product decisions
- Security monitoringDetecting and preventing unauthorised access or abuse
- Support responsesReplying to enquiries via support@restoreho.com
- Demo follow-upsContacting you after a demo request to schedule your walkthrough
- Product updatesNotifying you of new features, changes, or important service notices
We never sell your personal data to third parties, and we do not use it for advertising purposes.
Data Collected by Each App
Each app in the RestoReho suite is purpose-built for a specific role. Here is a summary of what each app collects and why:
- Owner account credentials (email + password hash)
- Restaurant profile (name, address, location code)
- Full menu data (items, categories, pricing, images)
- Staff profiles and table configurations
- All order and revenue history for the dashboard
- Assignment logs (waiter → table)
- Location code and PIN for station sign-in
- Real-time incoming order data (items, table, time)
- Order status transitions (New → Cooking → Done)
- Table-to-waiter assignment records
- Daily order and revenue summaries
- Device type used to access the station
- Employee PIN (hashed, not stored in plain text)
- Tables assigned to the waiter's session
- Orders placed on behalf of customers
- Order history per assignment shift
- Device type (iOS or Android)
- Location ID / QR code to identify the restaurant
- Table number (self-selected or assigned)
- Menu items browsed and added to cart
- Customisations (add-ons, extras, preferences)
- Order history for the current session
- No account registration required
Sharing Your Data
RestoReho does not sell, rent, or trade your personal data. We share it only in the limited circumstances described below:
Service providers (processors)
We work with trusted third-party companies to operate our infrastructure — such as cloud hosting providers, error monitoring tools, and email delivery services. These providers are contractually bound to process data only on our instructions and to maintain appropriate security standards.
Payment processors
When you pay RestoReho by card, bank transfer, or another method we support, payment processors receive the data required to complete the transaction. They process that information under their own privacy notices and only as needed to process payments, subject to our agreements with them.
Restaurant operators
When a customer uses RestoReho Plus at a restaurant, their order data is shared with that restaurant's RestoRehoManager account and KSF station. This is the core function of the service and is necessary to process the order.
Legal requirements
We may disclose data if required by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of RestoReho, our users, or the public.
Business transfers
If RestoReho is involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We will notify affected users before any such transfer.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes set out in this policy, or as required by applicable law.
- Active account dataKept while your RestoReho account is active (including during any suspension for non-payment until the account is closed or reactivated), plus 30 days after closure
- Billing, invoice & payment recordsRetained as long as necessary for accounting, tax, and legal obligations — often up to seven years depending on jurisdiction — and to resolve billing disputes
- Order & transaction historyRetained for up to 3 years for analytics and dispute resolution
- Demo request dataKept for 12 months from submission, then deleted unless you become a customer
- Support communicationsRetained for 2 years to provide consistent support history
- Usage logs & analyticsAggregated and anonymised after 90 days; raw logs deleted after 30 days
- Employee PINsStored as irreversible hashes; deleted within 30 days of account closure
When data is no longer required, it is securely deleted or anonymised so it can no longer be linked to you.
Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honour these rights for all users, regardless of geography.
Request a copy of all personal data we hold about you, in a portable format.
Ask us to correct any inaccurate or incomplete information we hold about you.
Request deletion of your personal data, subject to any legal retention obligations.
Ask us to limit how we use your data while a dispute or complaint is being resolved.
Receive your data in a structured, machine-readable format to transfer to another provider.
Object to processing based on legitimate interests, including direct marketing at any time.
Where processing is based on consent, withdraw it at any time without affecting prior lawful processing.
File a complaint with your local data protection authority if you feel your rights have been violated.
To exercise any of these rights, email us at support@restoreho.com. We will respond within 30 days and may need to verify your identity before fulfilling a request.
Cookies & Tracking
Our web applications use cookies and similar technologies to keep you signed in, remember your preferences, and understand how our services are used.
| Cookie | Type | Purpose | Duration |
|---|---|---|---|
| rr_session | Essential | Keeps you authenticated during your session | Session |
| rr_auth_token | Essential | Persistent login token (if "Remember me" is selected) | 30 days |
| rr_location | Functional | Stores your last-used restaurant location for RestoReho Plus | 7 days |
| rr_prefs | Functional | UI preferences (layout view, date range settings) | 90 days |
| rr_analytics | Analytics | Anonymous usage statistics to help us improve the product | 12 months |
You can control cookies through your browser settings. Blocking essential cookies will prevent you from logging in. Analytics cookies can be disabled without affecting core functionality.
We do not use third-party advertising cookies or tracking pixels. Our analytics are processed by our own infrastructure and are not shared with external platforms.
Security
The security of your data is important to us. We implement appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction.
- Encryption in transitAll data is encrypted using TLS 1.2 or higher between apps and our servers
- Encryption at restSensitive data fields are encrypted at the database level
- Password hashingEmployee PINs and passwords are stored as one-way hashes — we cannot read them
- Access controlsStrict role-based access: each app sees only the data it needs to function
- Audit loggingSystem-level access logs are maintained and reviewed regularly
- Regular reviewsSecurity practices are reviewed periodically to address emerging threats
No system is entirely secure. If you discover a potential security vulnerability, please disclose it responsibly to support@restoreho.com before making it public. We will acknowledge your report within 48 hours.
In the event of a data breach likely to result in risk to your rights or freedoms, we will notify you and the relevant supervisory authority within the timeframes required by applicable law.
Children's Privacy
The RestoReho suite is designed for use by restaurant businesses and their adult employees and customers. Our Services are not directed at children under the age of 13 (or 16 in certain jurisdictions within the European Union).
We do not knowingly collect personal data from children. If you believe a child has provided us with personal information without appropriate parental consent, please contact us at support@restoreho.com and we will take steps to delete that information promptly.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make changes, we will:
- Update this pageThe "Last updated" date at the top will reflect the most recent revision
- Notify account holdersFor material changes, we will email the address on your account at least 14 days before the change takes effect
- In-app noticeA banner will appear within RestoRehoManager for significant policy updates
Your continued use of our Services after the effective date constitutes acceptance of the updated policy. If you do not agree, you should discontinue use and contact us to request deletion of your data.
Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, we want to hear from you. Our team is committed to responding to all privacy-related enquiries within 30 days.
Get in touch with our team
Whether you want to exercise your data rights, report a concern, or simply ask a question — we're here. A real person will respond.
support@restoreho.comIf you are located in the European Economic Area and are not satisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (DPA). A list of EU DPAs is available at edpb.europa.eu.