Privacy Policy

Account Information: Name, email address, phone number, restaurant name, and billing details provided during registration.

Usage Data: Information about how you use the Platform, including features accessed, timestamps, and device/browser information.

Restaurant Data: Menu items, categories, pricing, and operational data you upload to the Platform.

Order Data: Orders created through the Platform, including items, amounts, and order status.

End User Data: Personal data of your restaurant customers processed through the Platform, including phone numbers, order history, and payment status.

Technical Data: IP addresses, browser type, operating system, and cookies (see our Cookie Policy).

Communication Data: Messages and requests sent to our support team.

We use collected information to:

• Provide, maintain, and improve the ROS Platform
• Process transactions and send related communications
• Authenticate users and manage account security
• Send transactional notifications about orders and system events
• Respond to support requests and inquiries
• Analyse usage patterns to improve the Platform
• Comply with legal obligations
• Detect and prevent fraud or abuse

We do not sell your personal information to third parties. We do not use your data for behavioural advertising.

We process personal data on the following legal bases:

• Contract performance: Processing necessary to provide the Platform services you have contracted for.
• Legitimate interests: Improving our services, preventing fraud, and maintaining platform security.
• Legal obligation: Complying with applicable laws and regulations.
• Consent: Where you have provided explicit consent for specific processing activities.

We may share your information with:

• Payment processors (Razorpay): For processing payments. Governed by Razorpay's Privacy Policy.
• Meta (WhatsApp): For WhatsApp ordering integration. Governed by Meta's Privacy Policy.
• Delivery providers: When delivery integrations are enabled, relevant order data is shared with the selected provider.
• Cloud infrastructure providers: Hosting and computing services for the Platform.
• Law enforcement or regulators: When required by law, court order, or government authority.

All third-party processors are required to handle data according to applicable data protection laws.

We retain your data for as long as your account is active or as needed to provide services. Specifically:

• Active account data: Retained for the duration of your subscription
• Order and transaction data: Retained for 7 years for legal and accounting purposes
• Account data after termination: Available for export for 30 days, then deleted within 90 days
• Technical logs: Retained for up to 90 days

We implement industry-standard security measures including:

• Encryption of data in transit (TLS/HTTPS)
• Encryption of sensitive data at rest
• Row-level data isolation between tenants (restaurants)
• JWT-based authentication with token expiry
• Bcrypt password hashing
• Regular security audits and vulnerability assessments
• Access control and least-privilege principles

No system is completely secure. If you discover a security vulnerability, please disclose it responsibly to security@omney.tech.

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data.
• Erasure: Request deletion of your data (subject to legal retention requirements).
• Restriction: Request restriction of processing in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact us at privacy@omney.tech. We will respond within 30 days.

Your data may be processed in data centres located in India or other countries. When transferring data internationally, we ensure appropriate safeguards are in place in accordance with applicable data protection laws.

The Platform is not directed at or intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

We may update this Privacy Policy periodically. We will notify you of material changes by email or in-platform notification. The “Effective date” at the top indicates when the Policy was last updated. Continued use of the Platform after changes constitutes acceptance of the updated Policy.

For privacy-related queries, to exercise your rights, or to report a concern: