zipdineTerms of Service

Privacy Policy

Effective: April 1, 2026

1. Who We Are

Zipdine ("we," "us," "our") operates a scan-to-order platform for restaurants. This Privacy Policy explains how we collect, use, and protect information in connection with our services. Contact us at privacy@zipdine.net.

2. Information We Collect

From Restaurant Owners

  • Account information: email address, password (hashed via Supabase Auth).
  • Restaurant profile: name, address, phone, logo, menu content.
  • Payment account data: Stripe Connect account identifiers (we never store full bank account numbers).

From Diners

  • Order data: items ordered, quantity, table number, tip amount.
  • Email address (optional): if provided for a receipt, used only to send that receipt.
  • Payment data: processed entirely by Stripe. Zipdine never receives, stores, or has access to full card numbers, CVVs, or banking credentials. Stripe is PCI DSS Level 1 compliant.

Automatically Collected

  • Log data: IP address, browser type, pages visited, referrer URL.
  • Cookies: session management and authentication (Supabase Auth). We do not use advertising or tracking cookies.

3. How We Use Information

  • To operate and provide the platform (process orders, display menus, authenticate accounts).
  • To send email receipts when a Diner provides their address.
  • To process payments and disburse funds to Restaurants via Stripe.
  • To send service notifications to Restaurant owners (account changes, policy updates).
  • To comply with legal obligations.
  • To detect and prevent fraud or abuse.

We do not sell personal data to third parties. We do not use Diner order data for advertising purposes.

4. Data Sharing

We share data only as necessary:

  • Stripe: Payment processing. Subject to Stripe's Privacy Policy.
  • Supabase: Database, authentication, and file storage hosting. Servers located in the United States.
  • Resend: Transactional email (receipts only). No marketing use.
  • Vercel: Platform hosting (Next.js). Standard server logs may be retained per Vercel's policy.
  • Legal requirements: We may disclose data when required by law, court order, or to protect the safety of our users.

5. Data Retention

  • Order data is retained for a minimum of 12 months to support dispute resolution and tax record-keeping.
  • Restaurant owner account data is retained until account deletion is requested.
  • Diner email addresses provided for receipts are stored on the order record and retained with order data.

6. Security

We use industry-standard security measures including HTTPS, encrypted database connections, row-level security (Supabase RLS), and hashed passwords. No internet transmission is 100% secure, and we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have rights to access, correct, or delete your personal data. Restaurant owners can update most profile information directly in the Settings page. For account deletion or other data requests, contact us at privacy@zipdine.net.

California residents (CCPA): You have the right to know what personal information we collect, to request deletion, and to opt out of sale (we do not sell personal information).

EU/EEA residents (GDPR): Our lawful basis for processing is contract performance (for order and payment processing) and legitimate interests (for fraud prevention and platform security). We are not currently established in the EU; if you are an EU resident and have concerns, please contact us.

8. Children

Zipdine is not directed to children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us information, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify Restaurant owners of material changes by email. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

10. Contact

Questions or requests regarding this policy: privacy@zipdine.net