Privacy Policy

Mindweave Technologies Pvt. Ltd. ("we", "us", "our") is the Data Fiduciary responsible for processing your personal data under the Digital Personal Data Protection Act, 2023 (DPDPA). Contact Details: Company: Mindweave Technologies Pvt. Ltd. Email: privacy@mindweave.tech Address: Bengaluru, Karnataka, India Data Protection Officer: Email: dpo@mindweave.tech

We collect the following categories of personal data: Account Information: • Phone number (required for authentication) • Name (optional, for personalization) • Role designation (admin, team member) Business Data: • Cash session records (opening/closing balances) • Petty cash voucher details • Payment transaction records • Audit logs and activity history Device Information: • Device type and browser information • IP address • Session tokens and authentication data Usage Data: • Feature usage patterns • Login timestamps • Application interactions

We process your personal data for the following purposes: Service Delivery: • Authenticating users via SMS/WhatsApp OTP • Providing cash tracking and management features • Generating reports and analytics • Managing team member access Security: • Preventing unauthorized access • Detecting and preventing fraud • Maintaining audit trails • Ensuring data integrity Communication: • Sending OTP codes for authentication • Service updates and notifications • Support communications Legal Compliance: • Responding to legal requests • Maintaining records as required by law • Tax and regulatory compliance

By using Restaurant Daily, you provide consent for the processing of your personal data as described in this policy. You may: • Withdraw consent at any time • Request deletion of your data • Opt-out of optional communications Withdrawal of consent may affect your ability to use certain features of the Service. For team members: Your employer/restaurant administrator has added you to the system. Contact them or us to exercise your data rights.

We retain personal data for: Active Accounts: • Account data: Duration of account activity • Cash session data: 7 years (for financial audit compliance) • Audit logs: 3 years After Account Deletion: • Anonymized analytics: Indefinitely • Legal records: As required by law • Backup data: Up to 90 days You may request early deletion subject to legal retention requirements.

We may share your data with: Service Providers: • Supabase (database hosting) • Twilio (SMS/WhatsApp OTP delivery) • Cloud infrastructure providers Legal Requirements: • When required by law or court order • To protect our legal rights • To prevent fraud or security threats Business Transfers: • In case of merger or acquisition • With appropriate data protection agreements We do NOT: • Sell your personal data • Share data with advertisers • Use data for unrelated purposes

We implement technical and organizational measures including: Technical Safeguards: • TLS/HTTPS encryption in transit • Encrypted database storage • Secure OTP-based authentication • Role-based access controls • Regular security audits Organizational Measures: • Employee data protection training • Access limited to authorized personnel • Incident response procedures • Regular security reviews Despite our best efforts, no system is completely secure. Please protect your account credentials and report any suspicious activity immediately.

Your data may be processed in countries outside India where our service providers operate. We ensure: • Adequate data protection measures • Contractual safeguards with processors • Compliance with DPDPA requirements Primary data storage is in India with Supabase's regional infrastructure.

In the event of a personal data breach that poses risk to you, we will: • Notify the Data Protection Board of India as required • Inform affected users promptly • Provide details of the breach and remedial actions • Assist in mitigating potential harm Timeline: Notification within 72 hours of becoming aware of a significant breach.

Restaurant Daily is intended for users 18 years and older. We do not knowingly collect personal data from children. If you are a parent/guardian and believe your child has provided us with personal data, please contact us immediately for data deletion.

We use minimal cookies for: Essential Cookies: • Authentication session management • Security tokens • User preferences We do not use: • Third-party advertising cookies • Social media tracking pixels • Analytics cookies without consent

We may update this Privacy Policy periodically. We will notify you of significant changes via: • In-app notifications • SMS/WhatsApp messages • Website banner The "Last Updated" date at the top indicates the latest revision. Continued use of the Service after changes constitutes acceptance.

For privacy-related concerns: Step 1: Contact our Data Protection Officer Email: dpo@mindweave.tech Response Time: Within 30 days Step 2: If unsatisfied, you may file a complaint with: Data Protection Board of India (Contact details to be published by the Government) We are committed to resolving your concerns promptly and fairly.