EasyKafe Privacy Policy

We collect the minimum information needed to run the platform and support your account:

• Account & authentication details: name, email address, workspace affiliation, hashed credentials, join codes, and Supabase session tokens required to sign in staff.
• Cafe & membership context: cafe name, slug, invited teammates, role assignments, table assignments, and the status of invitations or join requests.
• Order & table activity: table state, menus, order line items, payment events, fulfillment timestamps, and comments entered inside the app.
• Device & app diagnostics: mobile OS, app version, language preferences, approximate timezone, crash logs, and non-identifying usage analytics generated by Expo.
• Support interactions: the content of help requests, bug reports, or feedback sent through EasyKafe channels.

We do not intentionally collect consumer payment details processed outside the app, nor precise GPS location.

We use the information above to:

1. Authenticate waiters and administrators via Supabase and the /api/mobile/waiter-login endpoint.
2. Display cafe tables, live order status, and menu management features in the mobile and web apps.
3. Enforce access controls, audit join-code usage, and prevent unauthorized access.
4. Send operational notifications (for example, letting a waiter know an order changed status).
5. Monitor reliability, debug issues, and plan product improvements.
6. Comply with legal obligations, enforce our terms, and protect the rights and safety of EasyKafe users.

We do not sell personal information.

EasyKafe processes personal data on the following grounds:

• Performance of a contract (providing the ordered cafe management services).
• Legitimate interests (maintaining security, improving the product, preventing fraud).
• Consent (where explicitly requested, e.g., push notifications or optional beta features).
• Compliance with legal obligations.

We limit data sharing to trusted processors that help us operate the platform:

• Supabase authentication, database storage, and real-time table updates.
• Expo building the mobile apps, over-the-air updates, diagnostics, and push notification delivery.
• Cloud infrastructure providers hosting our web APIs, logging, and analytics pipelines.
• Support tooling ticketing/email platforms used when you contact us.

Each processor only receives the information necessary to perform its function and is bound by confidentiality and data-processing agreements. We may disclose data if required by law or to protect EasyKafe, our users, or the public from harm.

We retain account, cafe, and order records for as long as your organization maintains an EasyKafe workspace, or as needed to meet legal/accounting requirements. Diagnostic logs and analytics are kept for shorter periods (typically 30–180 days) unless needed to investigate abuse. When data is no longer required, we delete or anonymize it.

Depending on your jurisdiction, you may have the right to access, correct, download, or delete your personal data, or to object to/limit certain processing. Team members can update most profile details directly inside EasyKafe, or you can contact us to exercise your rights. You can opt out of non-essential communications at any time. If we rely on consent, you may withdraw it without affecting lawful processing that occurred before withdrawal.

We employ industry-standard safeguards such as encryption in transit, role-based access controls, least-privilege policies, audit logging, and automated monitoring. No system is perfectly secure, so we encourage you to notify us immediately if you suspect unauthorized access to your account.

EasyKafe operates globally. If data is transferred outside of your region, we rely on suitable safeguards such as standard contractual clauses, inter-company agreements, and technical controls that protect the information to the level required by applicable law.

We may update this Privacy Policy to reflect product, legal, or operational changes. When we make significant updates, we will notify you via the product dashboard, email, or other reasonable means. Continued use of EasyKafe after the effective date constitutes acceptance.

Please send privacy questions, data-rights requests, or security reports to [email protected]. You can also reach us by mail at EasyKafe, Attn: Privacy, 123 Example Street, City, State/Region.

If this Privacy Policy conflicts with other EasyKafe contracts signed with your organization, those contracts take precedence to the extent allowed by law.