Privacy Policy

Introduction

Smart Dining ("we," "our," or "us") is committed to protecting your privacy and ensuring the highest standards of data protection. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our AI-powered reservation, waitlist management, point-of-sale (POS), ordering, and marketing services (collectively, the "Services").

By using our Services, you consent to the data practices described in this Privacy Policy. If you do not agree with these practices, please discontinue use of our Services.

Information We Collect

Personal Identification Information: full name, phone number, email address, account credentials, payment information (processed securely via PCI-DSS compliant third-party processors), profile preferences.

Reservation and Service Data: reservation details (party size, date, time, restaurant, seating preferences), waitlist status, order history, menu preferences, special dietary requirements, loyalty program data.

AI-Enhanced Data Processing: behavioral patterns and preferences derived from AI analysis, predictive analytics, machine learning insights, voice data (with consent).

Technical and Device Information: IP address, browser type, device identifiers, operating system, usage analytics (access times, pages viewed), location data (when enabled), cookies and tracking technologies.

Communication Data: SMS and email consent preferences, marketing subscription settings, customer support interactions, feedback and survey responses.

Legal Basis for Processing

Contract Performance (GDPR Article 6(1)(b)): processing necessary to provide reservation, ordering, and payment services.

Legitimate Interest (GDPR Article 6(1)(f)): service improvement, fraud prevention, security measures.

Consent (GDPR Article 6(1)(a)): marketing communications, location services, non-essential data processing.

Legal Obligation (GDPR Article 6(1)(c)): compliance with laws and regulations.

Special Category Data (GDPR Article 9(2)(a)): processed with explicit consent.

How We Use Your Information

Process and manage reservations, orders, waitlist requests, loyalty rewards, and POS transactions.

Send transactional messages: confirmations, reminders, updates, waitlist notifications, order status alerts.

Provide customer support and respond to inquiries.

Generate personalized recommendations and optimize services using AI and machine learning.

Prevent fraud, abuse, and unauthorized access; ensure platform security.

Send marketing communications only with explicit opt-in consent.

Comply with legal obligations and regulatory requirements.

SMS and Communication Consent

SMS notifications are optional and require explicit opt-in via checkbox, keyword, or signup form.

Transactional messages include reservation confirmations, waitlist updates, and order alerts.

Promotional SMS requires separate opt-in consent.

Users may opt out at any time by replying STOP or via account settings.

Help information available by replying HELP or contacting support.

Data Sharing and Disclosure

We do not sell personal information.

Restaurant Partners: share reservation, order, and waitlist details to fulfill services.

Service Providers: payment processors, hosting providers, SMS/email vendors, analytics, AI, and IT security partners.

Legal Compliance: when required by law, regulation, or government request.

Business Transfers: in the event of merger, acquisition, or sale, subject to equivalent privacy protections.

International Data Transfers

Transfers may occur to countries including the United States.

Safeguards: Standard Contractual Clauses, adequacy decisions, Binding Corporate Rules, encryption and access controls.

Data Security Measures

Technical safeguards: end-to-end encryption, authentication controls, security audits, AI-powered monitoring.

Administrative safeguards: employee training, role-based access, data processing agreements, incident response procedures.

Physical safeguards: secure data centers, environmental controls, backup and disaster recovery, secure disposal of media.

Data Retention and Deletion

Account Data: retained while active plus 3 years after closure.

Transaction Records: retained 7 years for compliance.

Marketing Data: until consent is withdrawn or account deletion.

Technical Logs: retained 12 months.

AI Training Data: anonymized data may be retained indefinitely.

Users may request deletion; requests are honored within 30 days, subject to legal requirements.

Your Data Protection Rights

Right to Access: obtain confirmation and copies of personal data.

Right to Rectification: correct inaccurate or incomplete data.

Right to Erasure: request deletion of personal data.

Right to Restrict Processing: limit processing activities.

Right to Object: object to processing based on legitimate interests or for marketing.

Right to Data Portability: receive data in a structured, machine-readable format.

Right to Withdraw Consent: for marketing, SMS, and non-essential processing.

Right to Object to Automated Decision-Making: request human review of automated decisions.

Automated Decision-Making and AI

We use AI for recommendations, demand forecasting, dynamic pricing, and fraud detection.

Users have the right to know when decisions are automated and to request human intervention.

Profiling rights: users may object to profiling that produces significant effects.

AI fairness: models trained with privacy-preserving techniques, audited for bias and compliance.

Cookies and Tracking Technologies

Essential Cookies: authentication, security, and functionality.

Analytics Cookies: usage analytics, performance monitoring, A/B testing.

Marketing Cookies: targeted advertising, social media integration (with consent).

Cookie Management: browser controls, granular consent via banner, withdrawal via account settings.

Children’s Privacy

Services are not intended for children under 16 years old.

We do not knowingly collect data from children under 16; such data will be deleted upon discovery.

Parents or guardians may request review or deletion of their child’s data.

Marketing and Promotional Communications

All marketing requires explicit opt-in consent, separate for email, SMS, and push notifications.

Clear descriptions of message types and frequency are provided.

Unsubscribe instructions included in every marketing message; requests processed within 24 hours.

Transactional messages (confirmations, receipts) cannot be unsubscribed.

Data Breach Notification

We will investigate and contain breaches immediately.

Regulatory authorities notified within 72 hours as required by law.

Affected users will be notified without undue delay if there is high risk to their rights.

Third-Party Links and Integrations

Our Privacy Policy applies only to Smart Dining services; third-party services have their own policies.

We are not responsible for external websites’ privacy practices.

Review third-party privacy policies before providing personal information.

Changes to This Privacy Policy

Material changes will be communicated via email or prominent notice and reflect a revised "Last Updated" date.

Continued use after updates constitutes acceptance of the changes.

Previous versions are available upon request; annual reviews ensure ongoing compliance.

Supervisory Authority Contact

EU/EEA residents may lodge complaints with their national data protection authority.

UK residents can contact the Information Commissioner’s Office (ICO).

US residents have state-specific privacy rights with relevant contact information provided upon request.

Contact Information

Email: privacy@smartdining.co (response within 2 business days).

Postal Address: Smart Dining Privacy Team, Fort Collins, CO, USA.

Data Protection Officer: dpo@smartdining.co for EU inquiries.

24/7 Privacy Hotline: provided upon account creation for urgent matters.