Privacy Policy

Table of Contents

nWaiter ("we", "us", or "our") operates the nWaiter platform — an AI-powered restaurant management and ordering system accessible via nwaiter.com and associated mobile/desktop applications. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform. Please read it carefully. By using nWaiter, you agree to the collection and use of information described in this policy.

1. Information We Collect

1.1 Information You Provide

Account Registration: When a restaurant registers on nWaiter, we collect the business name, owner name, email address, phone number, address, and password.
Payment Information: Subscription payments are processed via PayU. We collect billing details (name, email, phone) necessary to complete transactions. We do not store full card or bank account numbers on our servers.
Menu & Business Data: Menu items, pricing, table configurations, and operational settings you input into the platform.
Support Communications: If you contact us, we retain records of your correspondence to resolve your queries.

1.2 Information Collected Automatically

Usage Data: Log files, IP addresses, browser type, pages visited, time spent on pages, and referring URLs.
Device Information: Device type, operating system, and browser version.
Order Data: Orders placed by restaurant guests via QR codes — including items ordered, order timestamps, and table number. This data belongs to the restaurant and is processed on their behalf.
Voice & Text Input: When a guest uses voice ordering, audio is processed in real-time via our AI engine (Deepgram / Whisper). Audio is not stored after processing. Text transcripts are retained temporarily for order fulfilment and system improvement.

1.3 Cookies & Similar Technologies

We use session cookies and local storage tokens for authentication. We do not use third-party advertising cookies. See Section 6 for details.

2. How We Use Your Information

To provide, maintain, and improve the nWaiter platform.
To process subscription payments and send payment confirmations and receipts.
To authenticate users and maintain account security.
To fulfil restaurant customer orders and communicate order status in real time.
To train and improve AI models for voice recognition and menu recommendations (only using anonymised, aggregated data).
To send transactional emails (e.g., subscription renewal reminders, invoices).
To respond to support requests and resolve disputes.
To comply with legal obligations under applicable Indian law.
To detect and prevent fraud, abuse, and security threats.

3. Information Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share data in the following limited circumstances:

Payment Processors: PayU India Pvt. Ltd. processes subscription payments. Your billing data is shared with PayU solely to complete transactions and is governed by PayU's privacy policy.
Cloud Infrastructure: We use cloud hosting providers to store data securely. These providers act as data processors under our instructions and are contractually bound to protect your data.
AI/Speech Services: Voice input is processed by third-party speech-to-text APIs (Deepgram / OpenAI Whisper) under data processing agreements that prohibit them from using your data for training without consent.
Legal Requirements: We may disclose information if required by law, court order, or governmental authority under Indian law (including the Information Technology Act, 2000 and its rules).
Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of the transaction. We will notify you via email or prominent notice on our website.

4. Data Retention

Account Data: Retained for the duration of your subscription and for 90 days after account closure, after which it is permanently deleted.
Order Data: Retained for 12 months to support analytics and dispute resolution, then deleted or anonymised.
Payment Records: Retained for 7 years as required by Indian financial regulations.
Voice Transcripts: Retained for up to 30 days for quality assurance, then automatically deleted.
Log Files: Retained for 90 days.

5. Security

We implement industry-standard technical and organisational measures to protect your data, including:

TLS/HTTPS encryption for all data in transit.
AES-256 encryption for sensitive data at rest.
Role-based access controls — restaurant data is strictly isolated between tenants.
Regular security audits and vulnerability assessments.
Hashed and salted passwords (bcrypt).
JWT-based authentication with short-lived tokens.

Despite these measures, no system is 100% secure. If you suspect a breach, contact us immediately at security@nwaiter.com.

6. Cookies & Tracking

We use the following types of cookies:

Strictly Necessary Cookies: Authentication tokens stored in localStorage to keep you logged in. These cannot be opted out of while using the platform.
Preference Cookies: Storing your UI theme preference (light/dark mode).
Analytics: We may use anonymised analytics (without personally identifiable information) to understand platform usage. No third-party advertising cookies are used.

You can clear cookies via your browser settings, which will log you out of the platform.

7. Third-Party Services

nWaiter integrates with the following third-party services, each governed by their own privacy policies:

PayU India: Payment processing — payu.in/privacy-policy
Razorpay: Payment gateway (Razorpay Software Pvt. Ltd.) — razorpay.com/privacy
Deepgram: Speech-to-text AI — deepgram.com/privacy
OpenAI: Language model & Whisper speech recognition — openai.com/privacy
Google Fonts: Typeface delivery — Google's privacy policy applies to font loading.

8. Your Rights

As a user of nWaiter, you have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you.
Correction: Request correction of inaccurate or incomplete data.
Deletion: Request deletion of your account and associated data (subject to legal retention obligations).
Portability: Request your data in a structured, machine-readable format.
Objection: Object to specific types of data processing.

To exercise any of these rights, email privacy@nwaiter.com with your registered email address. We will respond within 30 days.

9. Children's Privacy

nWaiter is a business-to-business (B2B) platform intended for restaurant owners and staff aged 18 and above. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal information, please contact us and we will delete it immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will:

Update the "Last updated" date at the top of this page.
Send an email notification to all registered account holders for material changes.
Display a banner on the platform for 30 days after significant changes.

Continued use of nWaiter after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

For any questions, concerns, or requests regarding this Privacy Policy or your personal data:

nWaiter (AI Waiter Technologies)

Bengaluru, Karnataka, India

Email: privacy@nwaiter.com

Support: support@nwaiter.com

Website: nwaiter.com

This policy is governed by and construed in accordance with the laws of India, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.