Privacy Policy

For Restaurant Owners (account holders):

• Name, email address, and phone number (provided at sign-up)
• Restaurant details: name, address, GST number, UPI ID, logo, and business description
• Profile photo (optional)
• Payment information processed through Razorpay (we do not store full card numbers)
• Usage data: pages visited, features used, login times

For Customers (diners scanning QR codes):

• Mobile phone number (used for OTP-based authentication)
• Name and email address (provided optionally at checkout)
• Delivery address and location coordinates (only for delivery orders)
• Order history: items ordered, amounts paid, timestamps
• Marketing consent preference

Automatically collected data:

• IP address and browser/device type
• Session and page-view data (via cookies)
• Approximate geographic location (country/region level)

We use the information we collect for the following purposes:

• To create and manage your restaurant or customer account
• To process and fulfil orders placed through the platform
• To send OTP verification messages via WhatsApp
• To process subscription payments and issue invoices
• To send transactional emails (order confirmations, password resets, billing receipts)
• To provide analytics reports to restaurant owners on their own order and customer data
• To improve platform performance, reliability, and features
• To respond to support requests and resolve disputes
• To comply with applicable laws and regulations

We do not use customer data collected on behalf of a restaurant to market our own services to those customers, nor do we sell personal data to third parties.

We share personal data only with trusted third-party service providers that are necessary to operate the platform. All providers are contractually bound to protect data:

• Razorpay — Payment processing for subscription purchases. Razorpay's privacy policy governs their use of payment data.
• Twilio / WhatsApp Business API — Sending one-time passwords (OTPs) for customer authentication. Only the phone number and OTP message are shared.
• Firebase (Google) — Push notification infrastructure. Device tokens may be shared for notification delivery.
• Cloud hosting providers — Our servers may be hosted on third-party cloud platforms; data is encrypted in transit and at rest.

We may also disclose data if required by law, court order, or government authority, or to protect the rights, property, or safety of AhaarScan, our users, or the public.

AhaarScan uses essential cookies to maintain your login session and platform preferences. We may use analytics cookies (e.g., page views, feature usage) to understand how the platform is used and improve it.

You can disable cookies in your browser settings. Disabling essential cookies may affect your ability to use authenticated features of the platform.

• Restaurant account data — Retained for the duration of the active subscription, plus up to 12 months after account closure (for legal and billing record-keeping purposes).
• Customer order data — Retained for up to 24 months from the date of the last order, unless the restaurant requests earlier deletion.
• Payment records — Retained for 7 years as required by Indian tax and accounting regulations.
• OTP logs — Deleted within 24 hours of generation.

Under India's Digital Personal Data Protection Act, 2023, you have the following rights as a data principal:

• Right to Access — You may request a summary of the personal data we hold about you.
• Right to Correction — You may request correction of inaccurate or incomplete personal data.
• Right to Erasure — You may request deletion of your personal data, subject to our legal retention obligations.
• Right to Grievance Redressal — You may lodge a complaint with our Grievance Officer (see Section 10).
• Right to Nominate — You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, email admin@ahaarscan.com with the subject line “Data Rights Request”. We will respond within 30 days.

AhaarScan is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe a minor has provided us personal data, please contact us immediately and we will delete it.

We implement industry-standard technical and organisational measures to protect personal data, including:

• HTTPS/TLS encryption for all data in transit
• Encrypted storage for sensitive fields (passwords are hashed using bcrypt)
• Access controls limiting data access to authorised personnel only
• Regular security reviews of our platform and infrastructure

No system is completely secure. In the event of a data breach that is likely to result in harm, we will notify affected users and the relevant authorities as required by law.

We may update this Privacy Policy from time to time. When we do, we will revise the “Last Updated” date at the top of this page. If the changes are material, we will notify registered users by email. Continued use of the platform after changes are published constitutes acceptance of the updated policy.

In accordance with the Information Technology Act, 2000, and the DPDP Act, 2023, the name and contact details of the Grievance Officer are provided below:

For any general questions about this Privacy Policy or our data practices, please contact us at: