Privacy Policy

DinePro ("we", "us", or "our") is a software-as-a-service platform based in Pakistan that provides digital menu, ordering, and marketing tools to restaurant businesses. Our registered contact email is support@dinepropk.com.

2.1 From Restaurant Owners (Merchants)

• Account information: Your name, email address, and password when you sign up.
• Restaurant profile: Restaurant name, address, WhatsApp number, logo, and tagline.
• Menu content: Dish names, descriptions, prices, photos, categories, and portion variants you add to your menu.
• Email / SMTP credentials: If you connect your own email for marketing, we store your SMTP host, port, email address, and app password (encrypted at rest). We never use these credentials for any purpose other than sending your campaigns.
• Google Business credentials: If you connect your Google Business Profile, we store OAuth access and refresh tokens to sync reviews and post replies on your behalf.
• Billing: We do not store credit card numbers. Payments are handled by the restaurant owner directly and tracked as manual records by our admin.

2.2 From Customers (Diners)

• Order information: Name, party size, table number, and items ordered — provided voluntarily when placing an order.
• Email address: If a customer voluntarily enters their email on the order success screen to receive exclusive deals from a restaurant. This is entirely optional.
• No account required: Customers do not create accounts. No passwords or payment data are collected from diners.

2.3 Automatically Collected Data

• Usage data: Pages visited, time spent, device type, and browser information — collected anonymously via standard server logs.
• Cookies: Session cookies required for authentication. We do not use advertising or tracking cookies.

We do not sell, rent, or trade your personal data. We share it only with:

• Supabase — our database and authentication provider. Data is stored on Supabase servers. Supabase Privacy Policy
• Cloudinary — used to store and serve menu item photos. Cloudinary Privacy Policy
• OpenAI — GPT-4o-mini is used to generate AI chatbot responses, email copy, and review replies. We send menu data and review text to OpenAI's API for processing. We do not send personally identifiable information to OpenAI unless it appears in review text. OpenAI Privacy Policy
• Resend — used as a fallback email delivery service if you have not connected your own SMTP. Resend Privacy Policy
• Google — if you connect your Google Business Profile, we interact with Google's My Business API to read and reply to reviews. Google Privacy Policy
• Vercel — our hosting provider. Web traffic passes through Vercel servers. Vercel Privacy Policy

All third-party services we use are reputable, GDPR-compliant providers.

When a diner enters their email address on the order success screen, that email is stored and associated with your restaurant — not shared with other restaurants or with DinePro for our own marketing.

Every marketing email sent through DinePro includes an unsubscribe link. When a customer unsubscribes, they are immediately removed from future campaigns for that restaurant. We honour all unsubscribe requests within seconds.

Restaurant owners are responsible for ensuring their email marketing complies with applicable laws (including PTA regulations in Pakistan and CAN-SPAM/GDPR where applicable).

• Active accounts: All data is retained while your account is active.
• Cancelled accounts: Upon request, we delete all personal data within 30 days of account closure.
• Order data: Order records are kept for 12 months for analytics purposes, then anonymised.
• Customer emails: Retained until the restaurant owner deletes them or the subscriber unsubscribes.
• Google credentials: Deleted immediately when you disconnect your Google Business Profile from the dashboard.

We take security seriously:

• All data is transmitted over HTTPS/TLS encryption.
• Passwords are hashed using industry-standard bcrypt (handled by Supabase Auth).
• SMTP passwords and OAuth tokens are stored encrypted at rest.
• Database access is restricted by Row Level Security (RLS) — each restaurant can only access their own data.
• Service-role database keys are never exposed to the client or end-users.

No system is 100% secure. In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of it.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data — you can update most information directly in your dashboard Settings.
• Delete your account and all associated data — contact us at support@dinepropk.com.
• Export your data (subscriber list, menu, orders) — available from the dashboard.
• Withdraw consent for marketing at any time by disconnecting email or Google integrations.

To exercise any of these rights, email us at support@dinepropk.com. We respond within 7 business days.

We use only the following cookies:

• Authentication session cookie: Required to keep you logged in. Expires when you sign out or after 7 days of inactivity.
• No advertising cookies.
• No third-party tracking cookies.

You can disable cookies in your browser settings, but this will prevent you from logging in.

DinePro is a business platform intended for restaurant owners aged 18 and above. We do not knowingly collect personal data from anyone under the age of 13. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

Our platform may contain links to external websites (e.g. Google Business, WhatsApp). We are not responsible for the privacy practices of those sites. We recommend reading their privacy policies before providing any personal information.

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top and, for significant changes, notify registered restaurant owners by email. Continued use of the platform after changes constitutes acceptance of the updated policy.

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your data, please contact us: