Privacy Policy

Dinelyy Technologies Pvt. Ltd. ("Dinelyy", "we", "us", or "our") operates the Dinelyy platform — a QR-powered restaurant operations service. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit our website (https://www.dinelyy.com), use our platform, or interact with us in any other way.

By using the Service you consent to the practices described in this Privacy Policy. If you do not agree, please discontinue use of the Service. This Policy applies to all users, including restaurant owners, staff, and diners who interact with the platform.

Account & Business Information: When you register, we collect your name, email address, phone number, restaurant name, number of outlets, and subscription plan. This information is necessary to create and manage your account.

Transaction & Order Data: We collect records of orders placed through the platform, payment confirmations (not raw card numbers — these are handled by our payment processor), table assignments, and session timestamps to operate the core service.

Usage Data: We automatically collect information about how you access and use the Service — including IP addresses, browser type, device identifiers, pages visited, time spent, and referring URLs — to improve performance and security.

Communications: If you contact us via email, chat, or our enquiry form, we retain those communications to respond and improve our support.

Cookies & Tracking: We use essential cookies (for session management), analytics cookies (to understand product usage), and, where consented, marketing cookies. You can manage cookie preferences via your browser settings.

We use the information we collect to: (a) provide, maintain, and improve the Service; (b) process transactions and send related information such as confirmations and invoices; (c) respond to enquiries and provide customer support; (d) send administrative information such as changes to our Terms or policies; (e) send marketing communications where you have opted in — you may unsubscribe at any time; (f) monitor and analyse usage patterns to improve features and user experience; (g) detect and prevent fraud, abuse, or security incidents; and (h) comply with legal obligations.

We rely on the following legal bases for processing your personal data: (a) performance of a contract — to fulfil your subscription and deliver the Service; (b) legitimate interests — for fraud prevention, security, and product improvement; (c) consent — for optional marketing communications and non-essential cookies; and (d) compliance with legal obligations.

We do not sell your personal data. We may share information with: (a) Service providers — third parties that help us deliver the Service, including payment processors (Razorpay), cloud infrastructure providers, email delivery services, and analytics tools; each bound by data processing agreements; (b) Legal requirements — if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Dinelyy, our users, or the public; (c) Business transfers — in connection with a merger, acquisition, or sale of assets, in which case the successor will be bound by this Policy or will notify you before your data is transferred under a different policy; (d) With your consent — for any other purpose with your prior consent.

Our service providers are carefully selected and are contractually required to use your data only on our instructions, with appropriate confidentiality and security measures in place.

We retain personal data for as long as your account is active, or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

If you cancel your subscription, we retain your account data for 30 days to allow for any account recovery, after which it is permanently deleted, unless we are required to retain it for a longer period under applicable law. Anonymised, aggregated data (which cannot identify you) may be retained indefinitely for product analytics and improvement.

We implement industry-standard safeguards including TLS encryption in transit, AES-256 encryption at rest, role-based access controls, regular security audits, and vulnerability management. Our payment processing is handled by Razorpay, which is PCI-DSS compliant — we do not store raw card numbers or CVVs.

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours of becoming aware of it.

Under the Digital Personal Data Protection Act 2023 (India) and other applicable laws, you have the right to: (a) access — request a copy of the personal data we hold about you; (b) correction — request that inaccurate or incomplete data be corrected; (c) erasure — request deletion of your personal data, subject to our legal retention obligations; (d) withdrawal of consent — withdraw consent for processing based on consent at any time without affecting prior processing; (e) grievance redressal — raise a complaint with our Data Protection Officer or the applicable data protection authority.

To exercise any of these rights, contact us at dinelyytech@gmail.com. We will respond within 30 days. We may need to verify your identity before fulfilling your request.

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at dinelyytech@gmail.com and we will delete it promptly.

The Service may contain links to third-party websites or integrate with third-party services (such as payment gateways or analytics providers). This Privacy Policy applies only to Dinelyy's own data practices. We are not responsible for the privacy practices of third parties and encourage you to review their policies before sharing any personal data.

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or by posting a prominent notice in the Service at least 15 days before the changes take effect. The updated Policy will be effective as of the date stated at the top of this page. Your continued use of the Service after that date constitutes your acceptance of the updated Policy.

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact our Data Protection Officer: