GDPR Compliance
Your privacy is our priority. Learn how we protect your data and comply with the General Data Protection Regulation (GDPR).
Last Updated: November 10, 2025
Our Commitment to GDPR
Restrory ("we," "our," or "us") is committed to protecting and respecting your privacy. This GDPR Compliance page explains how we comply with the General Data Protection Regulation (EU) 2016/679 and related data protection laws.
We are a data controller for the personal data we collect and process through our restaurant management system. We take our responsibilities seriously and have implemented appropriate technical and organizational measures to ensure the security of your personal data.
SOC 2 Certified
Independently audited security standards
AES-256 Encryption
Bank-level data protection
EU Data Centers
Data stored within the EU when required
Your Rights Under GDPR
You have control over your personal data
Right to Access
You have the right to request copies of your personal data. We may charge a small fee for this service.
Right to Rectification
You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
Right to Erasure
You have the right to request that we erase your personal data, under certain conditions.
Right to Restrict Processing
You have the right to request that we restrict the processing of your personal data, under certain conditions.
Right to Data Portability
You have the right to request that we transfer the data we have collected to another organization, or directly to you, under certain conditions.
Right to Object
You have the right to object to our processing of your personal data, under certain conditions.
How to Exercise Your Rights
To exercise any of these rights, please contact our Data Protection Officer at privacy@restrory.com. We will respond to your request within 30 days.
Contact Privacy TeamWhat Data We Collect
We collect and process the following categories of personal data:
Account Information
- Full name
- Email address
- Phone number
- Business name and address
- Password (encrypted)
- User preferences
Transaction Data
- Order history
- Payment information (tokenized)
- Billing addresses
- Transaction amounts and dates
- Menu items ordered
Technical Data
- IP address
- Browser type and version
- Device information
- Operating system
- Login timestamps
- Usage analytics
Restaurant Operations Data
- Inventory levels
- Staff schedules and performance
- Menu configurations
- Table management data
- Customer feedback and reviews
Important Note on Payment Data
We do not store complete credit card information. All payment data is tokenized and processed securely through our PCI-DSS compliant payment processors (Stripe and Paddle).
How We Use Your Data
We process your personal data for the following purposes:
1. Service Delivery
To provide and maintain our restaurant management system, process transactions, manage orders, and deliver the core functionality you expect from our platform.
Legal Basis: Contract performance and legitimate interest
2. Communication
To send you service notifications, updates, security alerts, and respond to your inquiries and support requests.
Legal Basis: Contract performance and legitimate interest
3. Analytics and Improvement
To analyze usage patterns, improve our services, develop new features, and enhance user experience.
Legal Basis: Legitimate interest
4. Marketing (with consent)
To send you marketing communications about our products, services, and special offers. You can opt-out at any time.
Legal Basis: Consent (you can withdraw at any time)
5. Legal Compliance
To comply with legal obligations, respond to lawful requests, and protect our rights and the rights of others.
Legal Basis: Legal obligation and legitimate interest
How We Protect Your Data
We implement industry-leading security measures
Encryption
All data is encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Access Controls
Role-based access control (RBAC) ensures only authorized personnel can access specific data.
Secure Storage
Data is stored in SOC 2 Type II certified data centers with physical and digital security.
Regular Audits
We conduct regular security audits and penetration testing to identify and fix vulnerabilities.
Staff Training
All employees receive GDPR and data protection training to ensure compliance.
Incident Response
We have a documented incident response plan and will notify you of any data breaches within 72 hours.
Data Retention
We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, including legal, accounting, or reporting requirements.
International Data Transfers
Your personal data may be transferred to and processed in countries outside the European Economic Area (EEA). We ensure that such transfers are protected by appropriate safeguards, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions by the European Commission for certain countries
- Privacy Shield certification (where applicable)
Cookies and Tracking
We use cookies and similar tracking technologies to improve your experience. You can control cookie preferences through your browser settings.
Essential Cookies
Required for the website to function. Cannot be disabled.
Analytics Cookies
Help us understand how visitors interact with our website.
Marketing Cookies
Used to track visitors across websites for marketing purposes (with consent).
For more information, please read our Privacy Policy.
Data Protection Officer
If you have any questions about our GDPR compliance or how we handle your data, please contact our Data Protection Officer.
Last Updated: November 10, 2025
We may update this GDPR compliance page from time to time. We will notify you of any significant changes by posting a notice on our website or sending you an email.