Privacy Policy

1. Roles and Scope

For Restaurant account and billing information, SmartServe AI typically acts as the Data Controller. For Guest Personal Data that Restaurants submit or generate through the service—such as guest names, phone numbers, reservation history, and messaging content—the Restaurant is the Data Controller and SmartServe AI acts as the Data Processor, handling that data only to provide, secure, and improve the service in accordance with the Restaurant’s instructions and applicable law. Guests who wish to exercise privacy rights regarding their reservation or communication data should generally contact the Restaurant directly; we will assist Restaurants in fulfilling lawful requests where required.

2. Information We Collect

We collect information necessary to operate the platform, deliver contracted features, and maintain security. The categories below may overlap depending on how you use the service.

Restaurant and administrator data. When you register or manage an account, we may collect your name, business name, email address, phone number, job title or role, login credentials (stored in hashed form), account preferences, support correspondence, and usage logs related to the dashboard and administrative features.

Billing and subscription data. For paid plans, we or our payment processors may collect billing contact details, subscription plan information, transaction history, invoices, and limited payment-related metadata. Full payment card numbers are handled by our payment gateway providers and are not stored by us in readable form where avoidable.

Guest Personal Data (processed on behalf of Restaurants). To provide automated reservation and messaging services, we process guest information submitted by or on behalf of the Restaurant, which may include names, phone numbers, email addresses, reservation dates and times, party size, special requests, messaging threads (including SMS and WhatsApp content), channel identifiers, and related operational metadata such as booking status or interaction history.

Technical and usage data. We automatically collect certain technical information, such as IP address, device and browser type, approximate location derived from IP, timestamps, API activity, error logs, and aggregated analytics about feature usage, to secure the service, troubleshoot issues, and understand product performance.

3. How We Use Information

We use personal information for legitimate business purposes connected to the service, including:

To provide and operate the automated reservation service, guest communications, AI-assisted messaging, integrations, and related restaurant workflows requested by the Restaurant; to authenticate users, administer accounts, and process subscriptions and payments; to send transactional notifications, service announcements, and security alerts to Restaurant administrators; and to deliver SMS, WhatsApp, or other channel messages to guests as directed by the Restaurant through the platform.

To maintain, secure, and improve the service, including monitoring for abuse, debugging errors, developing new features, and conducting internal analytics. Where we use data to improve artificial intelligence capabilities, we do so using aggregated or de-identified information where practicable, so that model improvement does not require identifying individual guests by name in our development processes. We do not use Guest Personal Data to build profiles for unrelated advertising purposes.

To comply with legal obligations, enforce our Terms of Use, respond to lawful requests from authorities, and protect the rights, safety, and integrity of SmartServe AI, our customers, and the public.

4. Legal Bases for Processing

Where applicable data protection laws require a legal basis, we rely on one or more of the following: performance of a contract with the Restaurant; legitimate interests in operating, securing, and improving a B2B SaaS platform (balanced against data subject rights); compliance with legal obligations; and, where required, consent obtained by the Restaurant or directly from the data subject. Restaurants are responsible for establishing an appropriate legal basis for transferring Guest Personal Data to us.

5. Data Storage and Security

Personal information is stored on secure cloud infrastructure, including databases hosted through providers such as Neon, with industry-standard safeguards designed to protect confidentiality, integrity, and availability. We use encryption in transit (such as TLS) for data transmitted over networks and apply encryption and access controls for data at rest where appropriate to the sensitivity of the information.

Access to production systems is restricted to authorized personnel and service accounts on a need-to-know basis. We maintain administrative, technical, and organizational measures intended to reduce the risk of unauthorized access, disclosure, alteration, or destruction. No method of transmission or storage is completely secure; we cannot guarantee absolute security, but we work to address identified vulnerabilities and incidents in line with our obligations.

6. Data Sharing and Subprocessors

We do not sell personal information. We do not rent or trade Guest Personal Data to third parties for their independent marketing purposes. We share information only as described below and subject to appropriate contractual or legal protections.

We may disclose information to trusted subprocessors and service providers that help us deliver the service, such as cloud hosting and database providers, payment gateways, SMS and WhatsApp or other communication API providers, email delivery services, analytics and monitoring tools, and customer support platforms. These parties process data on our instructions and for specified purposes. We may also share information with professional advisers, in connection with a merger or acquisition, or when required by law, regulation, legal process, or governmental request.

A current list of key subprocessors may be provided upon request. We require subprocessors handling personal data to implement appropriate security measures consistent with this Policy and applicable law.

7. Data Retention

We retain personal information for as long as necessary to provide the service, fulfill the purposes described in this Policy, comply with legal and accounting requirements, resolve disputes, and enforce our agreements. Retention periods may vary by data category and by Restaurant configuration. When a Restaurant terminates its account, we will delete or anonymize personal information within a reasonable period, except where retention is required by law or permitted for backup, security, or legitimate business continuity purposes for a limited time.

8. International Transfers

SmartServe AI and our subprocessors may process and store information in countries other than the country where the Restaurant or guest is located. Where personal data is transferred internationally, we implement appropriate safeguards as required by applicable law, such as standard contractual clauses or equivalent mechanisms, to help ensure an adequate level of protection.

9. Your Rights

Depending on your location and applicable law, you may have rights regarding your personal information, which may include the right to access, correct, update, delete, restrict, or object to certain processing, as well as the right to data portability and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

Restaurant administrators may submit requests relating to account or billing data by contacting us using the details below. Requests concerning Guest Personal Data should generally be directed to the relevant Restaurant in the first instance; we will cooperate with Restaurants to respond to valid requests within required timeframes. We may need to verify your identity before fulfilling a request and may decline requests that are manifestly unfounded, excessive, or prohibited by law.

10. Cookies and Similar Technologies

Our web application and marketing sites may use cookies, local storage, and similar technologies to maintain sessions, remember preferences, measure performance, and protect against fraud. You can control cookies through your browser settings; disabling certain cookies may affect functionality of the service.

11. Children’s Privacy

SmartServe AI is a business-to-business service directed at restaurants and hospitality operators, not at children. We do not knowingly collect personal information from individuals under the age required by applicable law to provide consent without parental authorization. If you believe we have inadvertently collected such information, please contact us so we can take appropriate steps.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or the service. When we make material changes, we will provide notice through the service, by email to Restaurant administrators, or by other reasonable means. The “last updated” date below indicates when this version became effective. Continued use of the service after an update constitutes acknowledgment of the revised Policy, to the extent permitted by law.

13. Contact Us

For privacy-related questions, requests, or complaints, contact SmartServe AI at smartserveaiask@gmail.com. Please include sufficient detail to identify your account or request and allow us to respond promptly.