This Privacy Policy explains how Bookify SARL-S processes personal data for DineHub, a QR ordering, pay-at-table, and restaurant operations platform.
Controller details
- Legal entity
- Bookify SARL-S, operating the DineHub product
- Registered office
- [LEGAL ADDRESS]
- Company registration
- [RCS NUMBER]
- VAT number
- [VAT NUMBER]
- Privacy contact
- privacy@dinehub.io
Roles
For restaurant staff accounts, demo requests, billing, security, and DineHub product administration, Bookify SARL-S acts as data controller. For guest ordering, table sessions, receipts, and operational restaurant data processed for a restaurant, Bookify SARL-S generally acts as processor and the restaurant acts as controller.
Data we process
- Guests: table/session identifiers, order/request activity, payment status, receipt preferences, and receipt email only when provided. Receipt emails are hashed where used for deduplication.
- Restaurant staff: name, email, role, restaurant association, login metadata, onboarding state, and operational dashboard actions.
- Restaurants: restaurant profile, tables, menus, operating modes, Stripe Connect state, subscription/billing information, POS configuration, audit events, and support history.
- Leads and website visitors: contact details submitted through demo or contact forms, basic technical logs, and cookie or analytics data where enabled.
Purposes and legal bases
- Providing DineHub: contract performance and legitimate interests in operating a reliable restaurant platform.
- Payments and fraud prevention: contract performance, legal obligations, and legitimate interests in secure payment processing.
- Receipts and communications: contract performance, consent where a guest provides an email for a receipt, and legitimate interests for service messages.
- Security, logging, and abuse prevention: legitimate interests and legal obligations.
- Marketing and sales follow-up: consent or legitimate interests, depending on the context and applicable law.
Sub-processors
DineHub uses carefully selected providers to host, secure, deliver, and operate the service. Current providers include:
- Supabase: Database, authentication, storage, and realtime infrastructure.
- Stripe: Payment processing, Stripe Connect onboarding, disputes, payouts, and billing.
- Railway: Backend API, worker, and POS integration hosting.
- Vercel: Frontend hosting and edge delivery.
- Resend: Transactional email delivery for receipts and operational emails.
- Sentry: Error monitoring and reliability diagnostics, when enabled.
- Anthropic: Internal lead outreach drafting, when enabled by the DineHub admin team.
Hosting, transfers, and safeguards
Core application data is hosted in the European Union where available, including the primary Supabase project in Frankfurt. Some providers may process limited personal data outside the EEA. Where that happens, Bookify SARL-S relies on appropriate GDPR transfer safeguards, such as adequacy decisions, Standard Contractual Clauses, data processing terms, access controls, encryption, and data minimisation.
Retention
- Guest table/session data: retained for restaurant operations, audit, and support.
- Payment, invoice, tax, and accounting records: retained for the legally required period.
- Security logs and audit logs: retained for fraud prevention, abuse investigation, and platform reliability.
- Demo leads: retained until follow-up is complete or deletion is requested.
- Exact retention schedules are maintained internally and can be provided in the DPA or on request.
Your rights
Depending on your role and the processing context, you may have rights to access, rectify, erase, restrict, object to, or port personal data. You may also withdraw consent where processing is based on consent.
Guests should first contact the restaurant for restaurant-controlled guest/order data. You can also contact DineHub at privacy@dinehub.io, and we will route the request appropriately.
Supervisory authority
You may lodge a complaint with the Luxembourg National Commission for Data Protection (CNPD) or another competent EU/EEA data protection authority.
Cookies
DineHub uses necessary cookies and local storage for login, security, session continuity, and payment flow operation. Optional analytics or marketing cookies should only be used with a consent mechanism where required.