Brand

Smart Dining

Skip to document content

Legal centerPrivacy

Privacy Policy

How Smart Dining collects, uses, shares, and protects personal information when you use our websites, applications, and hospitality services.

Effective April 11, 2026 Version 1.0.0 Smart Dining legal suite

Summary

This policy describes our role as a platform provider, how restaurant partners and service providers fit in, and the choices available to individuals in the United States, European Economic Area, United Kingdom, and other regions where we operate.

Last updated: April 11, 2026

On this page
  1. Introduction
  2. Who and what this policy covers
  3. Categories of information we collect
  4. How we use personal information
  5. How we share information
  6. CRM, marketing, and guest outreach
  7. International transfers
  8. Retention
  9. Security
  10. Your privacy rights and choices
  11. Children
  12. Changes to this policy
  13. Contact us

Introduction

Smart Dining, Inc. (“Smart Dining,” “we,” “us,” or “our”) provides software and related services that help restaurants operate reservations, waitlists, ordering, guest engagement, marketing, analytics, and payments integrations. This Privacy Policy explains how we process personal information when you interact with our marketing sites, owner and staff workspaces, guest-facing experiences, and support channels.

Restaurants and other business customers that use our platform (“Restaurant Partners”) decide what guest data they collect and how they use it subject to their own policies and applicable law. We process information as a service provider to Restaurant Partners and, in some cases, as an independent controller for our own business purposes (such as account security, billing, and product improvement), as described below.

Who and what this policy covers

This policy applies to personal information processed through Smart Dining-controlled websites, mobile or web applications, APIs, integrations, and offline communications that reference this policy.

If you interact with a restaurant solely through that restaurant’s own website or on-site systems without using Smart Dining, their privacy practices—not this policy—will govern.

Categories of information we collect

We collect information that you provide directly, information generated through your use of the services, and information we receive from Restaurant Partners, integrations, and service providers.

  • Account and contact data: name, email address, phone number, job title, organization name, credentials, security preferences, and billing contacts.
  • Restaurant and location data: addresses, time zones, service settings, floor plans and table metadata where you choose to store it, menu and catalog content, and operational configuration.
  • Reservation and visit data: party size, requested time, special requests, waitlist status, arrival signals you or the venue provide, and related notes entered by authorized users.
  • Order and payment metadata: cart contents, fulfillment type, amounts, refunds, and transaction references. Card data is handled by payment processors under their rules; we do not store full card numbers on Smart Dining servers.
  • Communications: support tickets, chat or email content, recorded consent for marketing, and feedback you submit.
  • Device and technical data: IP address, device identifiers, browser type, approximate location derived from IP, diagnostic logs, and cookies or similar technologies as described in our Cookie Policy.
  • Inferences: we may derive preferences, segments, or risk signals from usage patterns to personalize product experiences or detect abuse, consistent with your settings and applicable law.

How we use personal information

We use personal information to provide, secure, and improve the platform; communicate about service and policy changes; comply with law; and support Restaurant Partners in delivering hospitality experiences.

  • Operate core features: authentication, authorization, reservations, ordering, CRM, messaging where enabled, reporting, and integrations with POS or payment systems you connect.
  • Personalize interfaces and recommendations, including AI-assisted suggestions when enabled. Automated outputs may be imperfect; venues retain responsibility for final decisions that affect guests.
  • Measure performance, debug issues, prevent fraud and misuse, enforce our Acceptable Use Policy, and protect the security and integrity of accounts and data.
  • Send transactional notices, onboarding guidance, and optional marketing where permitted. You may opt out of marketing as described in “Your choices.”
  • Meet legal obligations, respond to lawful requests, and establish or defend legal claims.

How we share information

We do not sell personal information as that term is commonly defined under U.S. state privacy laws. We share information in the following circumstances.

  • With Restaurant Partners: when you book, order, or create a guest profile with a venue that uses Smart Dining, we share relevant information with that venue and its authorized staff so they can fulfill your request. Restaurants are independent businesses responsible for their own compliance.
  • With processors and subprocessors: hosting, email delivery, analytics, customer support tooling, security vendors, and payment facilitators, subject to contracts that limit use to providing services to us or on our behalf.
  • With integrations you enable: for example, when you connect Stripe, a POS, or marketing tools, data flows according to the permissions you grant and the third party’s terms.
  • For legal reasons: to comply with law, respond to valid legal process, protect rights and safety, and investigate fraud or security incidents.
  • In business transfers: as part of a merger, acquisition, financing, or sale of assets, subject to appropriate safeguards and notice where required.

CRM, marketing, and guest outreach

Where Restaurant Partners use Smart Dining to store guest profiles, send campaigns, or automate follow-ups, the venue determines the purpose and legal basis for that processing in relation to its guests. We provide tools and configuration controls; venues are responsible for obtaining any required consent and honoring opt-outs.

For our own marketing to business users, we rely on consent where required and on legitimate interests where permitted, and we offer unsubscribe and preference controls in product and email footers.

International transfers

We may process and store information in the United States and other countries where we or our subprocessors operate. When we transfer personal data from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses and supplementary measures where appropriate, plus technical and organizational controls described in our security documentation.

Retention

We retain information as long as needed to provide the services, meet legal, tax, and accounting requirements, resolve disputes, and enforce agreements. Retention periods vary by data category and whether you or a Restaurant Partner delete content or close an account. Some backups may persist for a limited period after deletion.

Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including access controls, encryption in transit for supported connections, monitoring, and vendor reviews. No method of transmission or storage is completely secure; we encourage strong passwords, MFA where available, and prompt reporting of suspected unauthorized access.

Your privacy rights and choices

Depending on your location, you may have rights to access, correct, delete, or export personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and appeal our responses.

  • United States (California and other states): you may have rights to know, delete, correct, and opt out of certain sharing for cross-context behavioral advertising. We honor applicable opt-out signals where required.
  • European Economic Area, United Kingdom, and Switzerland: you may exercise GDPR or UK GDPR rights by contacting us. You may lodge a complaint with your local supervisory authority.
  • To submit a request, use the contact method below. We may need to verify your identity and, for guest data held on behalf of a restaurant, coordinate with the venue when they are the controller.

Children

Our business services are not directed to children under 16. Restaurant Partners must not use the platform to collect personal information from children in violation of applicable law. If you believe we have collected information from a child inappropriately, contact us so we can investigate and delete it where appropriate.

Changes to this policy

We may update this Privacy Policy from time to time. We will post the revised version with a new effective date and, where required, provide additional notice (such as email or an in-product banner). Continued use after the effective date constitutes acceptance of the updated policy where permitted by law.

Contact us

Questions about this Privacy Policy or our privacy practices: privacy@smartdining.app (example contact—replace with your legal team’s published address). For data protection inquiries in the EU/UK, you may also contact our designated representative where applicable.