RMS Logo

Data Retention & Disposal Policy

How We Handle and Protect Your Data

Last updated: November 9, 2025

At Restory, we take data protection seriously. This Data Retention and Disposal Policy explains how long we keep your data, why we keep it, and how we safely dispose of it when it is no longer needed. This policy is designed to comply with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This policy applies to all personal data processed by Restory, including data you provide directly and data you collect about your customers and staff through our platform.

Table of Contents

  1. 1. Why We Retain Data
  2. 2. How Long We Retain Data
  3. 3. Data Disposal & Deletion
  4. 4. Your Rights
  5. 5. Contact Us

1. Why We Retain Data

We retain your data only for as long as necessary to:

  • Provide our Service: To operate the Restory platform and fulfill our contractual obligations to you
  • Comply with Legal Obligations: To meet tax, accounting, and regulatory requirements (e.g., financial record-keeping)
  • Resolve Disputes: To handle customer support inquiries, disputes, or legal claims
  • Prevent Fraud & Abuse: To protect our systems and ensure the security of our platform
  • Improve Our Service: To analyze usage patterns and improve our product (using aggregated, anonymized data where possible)

2. How Long We Retain Data

The length of time we retain your data depends on the type of data and the purpose for which we collected it.

Account & Contact Data

Data Type: Your name, email address, phone number, business name, billing address, and login credentials.

Retention Period: For the duration of your active subscription, plus 7 years after account closure.

Why: Required for accounting, tax compliance, and legal purposes.

Payment & Transaction Data

Data Type: Invoices, payment history, subscription records.

Retention Period: 7 years from the date of the transaction.

Why: Required by law for tax and accounting compliance.

Restaurant Data (Your Customers, Staff, Menu, etc.)

Data Type: Data you enter into the platform about your restaurant's customers, staff, menu items, orders, inventory, and sales.

Retention Period: For the duration of your active subscription, plus 90 days after account closure.

Why: We retain this data for a short grace period to allow account recovery or data export. After 90 days, it is permanently deleted.

Important: You are the Data Controller for this data. You are responsible for determining how long you need to keep this data under GDPR and other regulations.

Usage & Analytics Data

Data Type: Log files, IP addresses, browser types, usage statistics.

Retention Period: 24 months.

Why: Used to improve our service, troubleshoot issues, and monitor security. After 24 months, this data is anonymized or deleted.

Marketing Data (if you opt in)

Data Type: Email marketing lists, preferences.

Retention Period: Until you unsubscribe or withdraw consent.

Why: We only send marketing emails if you have opted in. You can unsubscribe at any time.

3. Data Disposal & Deletion

When data is no longer required, we ensure it is disposed of securely and in compliance with GDPR.

Our Data Disposal Methods

1. Secure Deletion

We use industry-standard secure deletion methods to permanently remove data from our servers and backups.

2. Anonymization

Where appropriate, we anonymize data so it can no longer identify you, allowing us to use it for statistical analysis without privacy concerns.

3. Backup Purging

Deleted data is also removed from our backup systems within 90 days of deletion.

4. Third-Party Processors

We ensure that any third-party processors (e.g., payment providers, hosting services) also delete your data in accordance with their retention policies and our agreements with them.

4. Your Rights Under GDPR

You have the right to:

Request Data Deletion

You can request that we delete your personal data at any time (subject to legal obligations to retain certain records).

Export Your Data

You can request a copy of all data we hold about you in a portable format (data portability).

Object to Processing

You can object to certain types of data processing (e.g., marketing).

Withdraw Consent

If we process your data based on consent, you can withdraw that consent at any time.

To exercise any of these rights, contact us at support@restrory.com.

5. Contact Us

If you have any questions about this Data Retention and Disposal Policy, or if you would like to request deletion or export of your data:

Email: support@restrory.com

Phone: +880 133 507 5422

Address: 1/1 NS Road, Block A, Banasree, Dhaka - 1219, Bangladesh

Commitment to Security

We take data security seriously and implement appropriate technical and organizational measures to protect your data throughout its lifecycle, including during disposal. All data deletion is performed securely and in compliance with industry best practices.