SnapDiner Privacy Policy

1. Introduction

At SnapDiner, we respect your privacy and are committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our business website building platform and related services.

By using SnapDiner, you consent to the data practices described in this Privacy Policy.

2. Information We Collect

Business Information

We collect business information that you provide directly to us, including:

• Business owner and contact information (name, email, phone number, address)
• Business details (name, location, hours, menu details, photos)
• Google Business Profile information (via Google Places API)
• Account credentials (username, password, security questions)
• Payment and billing information (credit card details, tax ID)
• Website content and customizations you create
• Business licensing and regulatory information

Customer Data Processing

Through our services, we process your customers' data on your behalf:

• Customer orders and transaction data
• Call transcriptions from AI phone assistant interactions
• Customer contact information (names, phone numbers, addresses)
• Payment information processed through our POS system
• Self-checkout and digital ordering activity
• Website usage analytics for your business site
• Customer preferences and order history

Automatically Collected Information

We automatically collect certain information when you use our platform:

• Device and browser information (IP address, browser type, operating system)
• Platform usage data and analytics
• AI system performance and error logs
• POS transaction metadata (excluding sensitive payment data)
• System access logs and security monitoring data
• Cookies and similar tracking technologies

Third-Party Data Sources

We may collect information from third-party sources:

• Google Places API for business verification and information
• Payment processors for transaction processing
• Public business directories and review platforms
• Social media platforms (with your permission)
• Business credit and verification services

3. How We Use Your Information

We use the information we collect for the following purposes:

Platform Services

• Website Creation: Generate and maintain your business website
• AI Phone Assistant: Process customer calls and generate transcriptions
• POS System: Process transactions and manage orders
• Digital Ordering: Manage self-checkout and online ordering systems
• Order Management: Kitchen displays and customer status tracking
• Analytics: Provide business insights and performance metrics

Business Operations

• Account Management: Maintain your business account and provide support
• Payment Processing: Handle subscription billing and transaction fees
• Communication: Send service updates, newsletters, and promotional materials
• Customer Support: Respond to inquiries and resolve technical issues
• Platform Improvement: Analyze usage patterns to enhance our services
• Security: Protect against fraud, unauthorized access, and system abuse

Legal and Compliance

• Legal Compliance: Comply with applicable laws and regulations
• Tax Reporting: Generate necessary tax documents and reports
• Dispute Resolution: Resolve billing disputes and customer complaints
• Law Enforcement: Respond to lawful requests from authorities

4. Information Sharing and Disclosure

We may share your information in the following circumstances:

Service Providers

We work with trusted third-party service providers who assist us in operating our platform:

• Cloud Infrastructure: AWS, Google Cloud, or similar hosting providers
• Payment Processing: Stripe, PayPal, or other payment processors
• AI Services: Voice recognition and natural language processing providers
• Communication: Email service providers and SMS gateways
• Analytics: Google Analytics and business intelligence platforms
• Security: Monitoring and cybersecurity service providers

Customer Data Processing

We process your customer data as a data processor on your behalf:

• Customer data remains under your control as the data controller
• We process data only according to your instructions and our service agreement
• We implement appropriate technical and organizational measures to protect customer data
• We assist with data subject requests and compliance obligations

Legal Requirements

We may disclose information when required by law or to:

• Comply with legal process, court orders, or government requests
• Protect our rights, property, and intellectual property
• Prevent fraud, illegal activities, or system abuse
• Protect the safety and security of our users and the public
• Respond to lawful requests from law enforcement

Business Transfers

In the event of a merger, acquisition, bankruptcy, or sale of assets, your information may be transferred as part of the business transaction. We will provide notice and ensure continued protection of your data.

With Your Consent

We may share information with other parties when you provide explicit consent or direct us to do so.

5. Data Security and AI Processing

We implement comprehensive security measures to protect your information:

Technical Safeguards

• Encryption: All data encrypted in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Multi-factor authentication and role-based access
• Network Security: Firewalls, intrusion detection, and DDoS protection
• Secure Infrastructure: SOC 2 compliant hosting with 24/7 monitoring
• Regular Audits: Penetration testing and security assessments
• Data Backups: Encrypted, geographically distributed backups

AI and Call Processing Security

• Call Transcription: Audio processed in secure, isolated environments
• Data Minimization: Only necessary audio data is processed and stored
• Retention Limits: Call transcriptions automatically deleted after specified periods
• AI Model Security: Proprietary models protected from unauthorized access
• Processing Isolation: Customer data processed in isolated, secure containers

Organizational Measures

• Employee Training: Regular privacy and security training for all staff
• Background Checks: Security clearance for personnel with data access
• Incident Response: Established procedures for security breaches
• Vendor Management: Security requirements for all third-party providers

Important: While we implement industry-leading security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using best practices.

6. Your Privacy Rights and Customer Data Control

Your Rights as a Business User

You have the following rights regarding your business information:

• Access: Request a copy of the personal information we hold about your business
• Correction: Request correction of inaccurate or incomplete business information
• Deletion: Request deletion of your business account and associated data
• Portability: Request transfer of your data to another service provider
• Restriction: Request limitation of processing in certain circumstances
• Opt-out: Unsubscribe from marketing communications

Customer Data Controller Responsibilities

As the data controller for your customer data, you are responsible for:

• Obtaining proper consent for data collection and processing
• Implementing a privacy policy for your customers
• Handling customer data subject requests (access, deletion, portability)
• Ensuring compliance with applicable privacy laws (GDPR, CCPA, etc.)
• Notifying customers of data breaches as required by law
• Determining the purpose and means of customer data processing

Our Support as Data Processor

We assist you with customer data compliance by:

• Providing tools to manage customer data requests
• Implementing technical measures to support data subject rights
• Assisting with data deletion and portability requests
• Providing privacy policy templates and guidance
• Maintaining records of processing activities
• Notifying you of any data security incidents

To exercise your rights or get assistance with customer data compliance, please contact us using the information provided in Section 12.

7. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Remember your preferences and settings
• Analyze website usage and performance
• Provide personalized content and features
• Prevent fraud and improve security

You can control cookie settings through your browser preferences. However, disabling cookies may affect the functionality of our services.

8. Data Retention and Deletion

We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy. Specific retention periods include:

Business Data

• Account Information: Retained while your account is active plus 30 days
• Website Content: Retained for 90 days after account deletion
• Business Documentation: 7 years for tax and legal compliance
• Payment Records: 7 years for financial and tax purposes

Customer Data (Processed on Your Behalf)

• Call Transcriptions: 90 days unless longer retention required by law
• Order Data: 3 years for business analytics and tax purposes
• Payment Information: Not stored; processed through secure third-party processors
• Customer Profiles: Retained per your instructions or legal requirements

System and Analytics Data

• Usage Analytics: Aggregated data retained for 2 years
• Security Logs: 1 year for security monitoring
• Error Logs: 90 days for system improvement
• AI Training Data: Anonymized data may be retained for model improvement

Data Deletion: Upon account termination or data deletion request, we will securely delete your data within the specified timeframes, except where longer retention is required by law.

9. International Data Transfers and Cross-Border Processing

Your information may be transferred to and processed in countries other than your country of residence, including:

• United States (where SnapDiner servers are primarily located)
• Countries where our service providers operate (cloud hosting, AI processing)
• Jurisdictions required for payment processing and fraud prevention

Safeguards for International Transfers

We ensure appropriate safeguards for international data transfers:

• Standard Contractual Clauses: EU-approved data transfer agreements
• Adequacy Decisions: Transfers to countries with adequate data protection
• Certification Programs: Privacy Shield and similar frameworks where applicable
• Technical Measures: Encryption and security controls for all transfers

AI Processing Locations

Call transcription and AI processing may occur in secure data centers located in the United States and European Union. All AI processing complies with applicable data protection laws and is subject to strict security controls.

10. AI and Automated Processing Transparency

AI Phone Assistant Processing

Our AI phone assistant processes customer calls as follows:

• Real-time speech-to-text conversion for order processing
• Natural language understanding to interpret customer requests
• Order generation and confirmation based on transcribed conversations
• Quality monitoring to improve AI accuracy and performance

Automated Decision Making

We use automated systems for:

• Fraud Detection: Automated analysis of payment transactions
• Content Moderation: Automated review of uploaded business content
• Service Optimization: Automated resource allocation and performance tuning
• Support Routing: Automated categorization of customer support requests

Human Oversight and Appeal Rights

You have the right to request human review of automated decisions that significantly affect your business. Our AI systems include human oversight mechanisms and appeal processes for contested decisions.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable laws. We will notify you of material changes by:

• Posting the updated policy on our website
• Sending email notifications to registered users
• Displaying prominent notices on our platform

Your continued use of our services after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

12. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: