Privacy Policy

1. The short version

We collect only the data we need to run your digital menu and your account. We never sell, rent, or share your personal data with third parties for marketing. You can ask us to show you, correct, export, or delete every piece of information we hold about you at any time, by emailing hello.dynnr@gmail.com. We respond within seven days.

2. Who this policy applies to

This policy covers two groups of people: restaurant owners and staff who hold a Dynnr account, and dinerswho scan a Dynnr QR code at a participating restaurant. Different sections apply to each — we've called out where.

3. What we collect from restaurant accounts

When you sign up for a Dynnr account, we collect:

• Identity: restaurant name, owner/manager name, business address, GSTIN if applicable.
• Contact: email address, phone number.
• Authentication: hashed password (we never see the plaintext), login IP, and timestamps of logins for security.
• Billing: payment method tokens stored by our payment processor (Razorpay/Stripe). We do not store your full card number, CVV, or UPI ID on Dynnr servers.
• Menu content: dish names, prices, descriptions, photos, dietary tags, and any other content you upload to your Dynnr menu.
• Usage: dashboard activity (which features you use, when you log in) to improve the product.

4. What we collect from diners

When a diner scans your QR code, we collect anonymous, aggregate information only:

• Total scans per QR code, by hour and day.
• Which menu items were viewed (anonymously, never tied to an identifiable diner).
• Which dietary filters were used.
• Approximate device type (phone/tablet) and browser, for compatibility.

We do not ask diners to log in, register, sign up, share their email, or grant location access. We do not track diners across restaurants or across the web.

5. What we never collect

• Aadhaar numbers, PAN numbers, or any government-issued ID from diners.
• Diner names, phone numbers, emails, or social profiles.
• Precise GPS location of any user.
• Bank account numbers, full card numbers, or UPI IDs (handled entirely by our PCI-DSS-certified payment processor).
• Biometric data of any kind.

6. How we use your data

• To operate, secure, and improve the Dynnr product.
• To send you transactional emails (billing receipts, password resets, security alerts).
• To send you product update emails — only if you opted in. You can unsubscribe in one click and we will never send you a marketing email after that.
• To respond to your support requests.
• To comply with Indian tax law (invoice retention) and respond to lawful legal requests.

7. What we will never do with your data

• We will never sell your personal data. Not to advertisers, not to data brokers, not to anyone, ever. This commitment is unconditional.
• We will never share your data with third parties for their marketing.
• We will never use diner data to build profiles, retarget ads, or train third-party AI models.
• We will never share your menu data with competing restaurants or food delivery aggregators without your explicit, written instruction.

8. Who we do share data with (limited and purposeful)

We share the minimum data necessary with a small number of trusted vendors, only so they can help us run the service:

• Hosting: our cloud infrastructure provider (currently AWS Mumbai region) hosts your data on servers physically located in India.
• Payments: Razorpay or Stripe processes subscription payments. They receive only the billing information needed to charge your card.
• Email delivery: a transactional email service (Postmark or equivalent) delivers your receipts and password resets.
• Error monitoring: a tool such as Sentry captures crash reports, scrubbed of personal data.

Every vendor we work with is bound by a written data processing agreement that mirrors the commitments in this policy.

9. Your rights — at any time, no questions asked

Under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and equivalent rights under the EU GDPR, you have the right to:

• Access: ask us for a copy of every piece of data we hold about you.
• Correct: ask us to fix anything that is wrong.
• Delete: ask us to erase your account and all the data tied to it. Once you do, we will purge it within 30 days, except where we are required by Indian tax or accounting law to retain a copy (in which case we will tell you exactly what we have to keep and for how long).
• Export: get a portable copy of your menu data in JSON or CSV.
• Withdraw consent: opt out of any optional data use at any time.
• Lodge a complaint: with the Data Protection Board of India (under the DPDP Act) or your local data protection authority (under the GDPR).

To exercise any of these rights, email hello.dynnr@gmail.comwith the subject line "Data request". We respond within seven days.

10. Data retention

• Active account data is retained for as long as your subscription is active.
• If you close your account, we delete your data within 30 days, except for invoices and tax records, which we retain for 8 years as required by Indian law.
• Diner analytics are anonymous and retained in aggregate form for up to 24 months.
• Server access logs are retained for 90 days for security.

11. Children

Dynnr is not intended for children under 18. We do not knowingly collect data from anyone under 18. If you believe we have, email us and we will delete it immediately.

12. Where your data lives

Your data is stored on servers physically located in India (AWS Mumbai region). We do not transfer your data outside India except where our payment processor or email vendor is based abroad, in which case the transfer is governed by Standard Contractual Clauses and applicable Indian and EU adequacy frameworks.

13. Security

We protect your data with industry-standard safeguards: TLS 1.3 in transit, AES-256 at rest, password hashing via bcrypt, principle-of-least-privilege access control, and an annual third-party security audit. No system is perfectly secure, but we take this seriously and disclose any material breach to affected users within 72 hours.

14. Cookies

We use a small number of essential cookies to keep you logged in and to remember your preferences. We do not use third-party advertising or tracking cookies. See our Cookie Policy for the full list.

15. Changes to this policy

If we make a material change to how we handle your data, we will email every active account at least 30 days before the change takes effect. The current version is always at dynnr.app/legal/privacy.

16. Contact

For any privacy question or request, email hello.dynnr@gmail.com.