1. Introduction
TableOS ("we", "our", "us") operates the tableos.co platform, providing restaurant management software including online ordering, reservation systems, and QR menu solutions. This Privacy Policy explains how we collect, use, and protect your personal data in compliance with the General Data Protection Regulation (GDPR) and Romanian data protection law (Law 190/2018).
2. Data Controller
The data controller for this platform is TableOS. For questions about your data, contact us at [email protected].
3. Data We Collect
3.1 Restaurant Owners (B2B Customers)
- Account information: name, email, phone, password (hashed)
- Restaurant details: name, address, menu, working hours
- Payment information: processed securely via Stripe (we do not store card numbers)
- Usage data: login times, feature usage for service improvement
3.2 Restaurant Customers (End Users)
- Order information: name, phone, email (if provided), delivery address
- Reservation information: name, phone, email (if provided), date, time, guest count
- Payment data: processed via Stripe on behalf of the restaurant
4. Legal Basis for Processing
- Contract performance: Processing orders, reservations, and managing your account
- Legitimate interest: Service improvement, security, fraud prevention
- Consent: Marketing communications (opt-in only)
- Legal obligation: Tax records, regulatory compliance
5. How We Use Your Data
- Process and deliver orders and reservations
- Send transactional emails (order confirmations, status updates)
- Provide customer support
- Improve our services and user experience
- Comply with legal obligations
6. Data Sharing
We share data only with:
- Stripe: Payment processing (PCI DSS compliant)
- Resend: Transactional email delivery
- The restaurant: Customer order and reservation data is shared with the restaurant you ordered from
We do not sell your personal data to third parties.
7. Data Retention
- Account data: retained while account is active, deleted upon request
- Order/reservation data: retained for 3 years for legal/tax purposes
- Analytics data: aggregated and anonymized after 12 months
8. Your Rights (GDPR)
Under GDPR, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Restrict processing of your data
- Portability: Receive your data in a structured, machine-readable format
- Object: Object to processing based on legitimate interest
- Withdraw consent: Withdraw previously given consent at any time
To exercise these rights, contact [email protected]. We will respond within 30 days.
9. Cookies
We use the following cookies:
- Essential cookies: Authentication sessions, locale preferences (no consent required)
- Functional cookies: Remember user preferences
We do not use advertising or tracking cookies.
10. Security
We implement appropriate technical and organizational measures including encrypted data transmission (TLS/SSL), hashed passwords (bcrypt), role-based access control, and regular security reviews.
11. Supervisory Authority
You have the right to lodge a complaint with the Romanian data protection authority: Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP), B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, Bucharest, Romania. Website: dataprotection.ro
12. Changes
We may update this policy from time to time. Material changes will be communicated via email or a notice on our website. Continued use of the service after changes constitutes acceptance.