FSSAI Ready Eresto digiMenu is fully FSSAI Mandate compliant — calorie, portion & allergen display built in. Learn more →
Legal

Privacy Policy

Effective Date: January 1, 2026

This Privacy Policy describes how Restrosoft Solutions Private Limited ("we", "us", "our", or "eresto") collects, uses, processes, secures, and shares data in connection with your use of the eresto website, mobile applications, offline POS software (eresto Edge), QR ordering systems (digiMenu), waitlist systems (eresto Queue), and related business services (collectively, the "Platform").

We operate as a B2B service provider. If you are a restaurant owner, manager, or corporate user, you are our "Customer". If you are a guest dining at a Customer's restaurant, you are an "End-User". We act as a Data Processor with respect to End-User data collected on behalf of our Customers, who act as the Data Controllers.

1. Information We Collect

We collect information to provide, secure, and improve our services. The types of data we collect include:

A. Customer Account Information

When a restaurant registers for an account on eresto, we collect business and profile details including:

  • Authorized contact name, email address, and phone number.
  • Restaurant name, physical location, billing address, and tax identification details (such as GSTIN).
  • Payment details and transaction records for subscription billing.

B. Restaurant Operational & Transactional Data

As part of running the restaurant operating system, the Platform processes transaction logs including:

  • Menu lists, items, pricing configurations, and stock inventory levels.
  • Sales logs, transaction totals, billing receipts, tax configurations, and payment modes used (cash, card, UPI).
  • Staff profile configurations, roles, shift timings, and system access logs.
  • Kitchen Order Tokens (KOTs), status of preparation, and delivery/dispatch times.

C. End-User/Guest Information

When guests interact with a restaurant using eresto services (like scanning a digiMenu QR code or signing up for eresto Queue), we process:

  • Guest phone number (for FSSAI compliance, waitlist registration, SMS receipts, and WhatsApp ordering verification).
  • Waitlist queue parameters (number of covers, estimated wait times, seating preferences).
  • Dish choices, specific dietary requests, or feedback responses.

D. System & Usage Information

When users interact with our applications (like eresto Edge POS or eresto Captain), we collect system parameters to maintain offline state and ensure synchronization:

  • IP addresses, hardware model, operating system versions, and unique device identifiers.
  • Platform crash logs, speed metrics, and usage analytics.

2. How We Use Data

We process collected data for the following business purposes:

  • Service Delivery: To generate bills, manage waitlists, route orders to kitchens, update inventories, and keep offline local POS databases (eresto Edge) synchronized with our cloud servers.
  • FSSAI & GST Compliance: To enable restaurants to accurately display nutritional, allergen, and portion details, and to format tax declarations as required under local laws.
  • Customer Support: To troubleshoot issues, diagnose synchronization conflicts, and answer technical support requests.
  • Transactional Notifications: To dispatch automated queue status updates, SMS invoices, and order status alerts to End-Users on behalf of the restaurant.
  • Platform Security: To prevent fraud, detect unauthorized access, and protect against security threats.

3. Data Sharing & Disclosure

We do not sell restaurant transaction data, operational metrics, or guest databases to third-party marketing companies. We only share information under these conditions:

  • With Sub-Processors: We share data with authorized infrastructure providers (such as cloud hosting servers, SMS delivery gateways, and database backup facilities) that help us run our systems.
  • Integrations: If a Customer configures third-party integrations (such as Swiggy, Zomato, or payment terminals), we exchange the necessary transaction payloads to execute those orders.
  • Legal Obligations: We may disclose information if required under statutory regulations, tax audits, law enforcement directives, or to protect our legal rights.

4. Data Security

We maintain enterprise-grade security protocols to protect all operational and personal data:

  • All data in transit is encrypted using Transport Layer Security (TLS 1.3).
  • Sensitive databases and daily offline backups are encrypted at rest using AES-256 standards.
  • Our cloud infrastructure is hosted in secure, ISO-certified tier-3 data centers within India (AWS Mumbai region).
  • Local POS systems (eresto Edge) store databases locally in secure sandboxed filesystems to prevent cross-app data leaks.

5. Data Retention

We retain Customer business records and operational transactional logs for the duration of the active subscription service agreement. Upon termination, we purge or anonymize data within 90 days, except where statutory regulations (like tax accounting laws) require longer storage periods.

End-User waitlist history and digiMenu feedback logs are retained in accordance with the policies set by the respective Data Controller (the restaurant Customer).

6. Updates to This Policy

We may update this Privacy Policy periodically to reflect changes in our operational procedures or compliance mandates. We will notify Customers of any significant revisions via the administrator dashboard or email.

7. Contact Information

If you have any questions or data protection inquiries regarding this Privacy Policy, please reach out to us at:

Data Protection Desk
Restrosoft Solutions Private Limited
H-1002, Sorrel, Applewoods Township, South Bopal,
Ahmedabad, Gujarat 380058, India
Email: contact@eresto.in