PatronFlow

Privacy Policy

Last updated: June 2026

PatronFlow (“we,” “us,” or “our”) operates the PatronFlowplatform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

  • Account Information: Email address, password, restaurant name
  • Restaurant Information: Business name, logo, cuisine type, Google review URL
  • Customer Data: Names, phone numbers, email addresses, and birthdays of your restaurant's customers
  • Feedback Data: Customer ratings, comments, and feedback categories
  • Event Data: Event details and RSVP information
  • Payment Information: Billing details processed through our payment providers (Stripe, Razorpay, PayPal)

1.2 Information Collected Automatically

When you use our Service, we automatically collect:

  • Log data (IP address, browser type, access times)
  • Device information
  • Usage data and analytics
  • QR code scan analytics

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our Service
  • Process transactions and send related information
  • Send technical notices, updates, and support messages
  • Respond to your comments and questions
  • Monitor and analyze usage patterns
  • Detect, prevent, and address technical issues
  • Protect against fraudulent or illegal activity

3. Data Sharing and Disclosure

We may share your information in the following circumstances:

  • Service Providers: With third-party vendors who perform services on our behalf (hosting, payment processing, analytics)
  • Legal Requirements: When required by law or to respond to legal process
  • Business Transfers: In connection with a merger, acquisition, or sale of assets
  • With Your Consent: When you have given us permission to share

3.1 Third-Party Services

Our Service integrates with:

  • Supabase: Database and authentication services
  • Stripe: International payment processing
  • Razorpay: Indian payment processing (UPI, cards)
  • PayPal: Alternative international payments
  • Vercel: Hosting and deployment

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account Data: Retained until account deletion
  • Customer Data: Retained until you delete it or close your account
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Log Data: Retained for 90 days

5. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Row-level security in our database
  • Regular security assessments
  • Access controls and authentication
  • Secure payment processing through PCI-compliant providers

6. Your Rights

6.1 General Rights

You have the right to:

  • Access the personal information we hold about you
  • Correct inaccurate or incomplete information
  • Delete your account and associated data
  • Export your data in a portable format
  • Object to or restrict certain processing
  • Withdraw consent where applicable

6.2 India Digital Personal Data Protection (DPDP) Act

For users in India, in accordance with the DPDP Act 2023:

  • You have the right to access and correct your personal data
  • You can request deletion of your personal data (subject to legal retention requirements)
  • You can nominate another person to exercise your rights in case of death or incapacity
  • We will notify you of any data breaches that may cause you significant harm

6.3 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area:

  • You have the right to data portability
  • You can object to automated decision-making
  • You can lodge a complaint with a supervisory authority

7. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. We ensure appropriate safeguards are in place for such transfers.

9. Cookies and Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies. You can configure your browser to refuse cookies, but this may limit your ability to use our Service.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Last updated” date. You are advised to review this Privacy Policy periodically.