Introduction #
This Privacy Policy explains how DineXpro (operated by ANNATECH SRL) collects, uses, stores, and shares information when you interact with our platform — including our mobile application, web application, website, and related services (collectively, the "Services").
By using DineXpro, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices, please do not use the Services.
We may update this policy from time to time. When we make significant changes, we will notify you through the app or by other appropriate means.
Who We Are #
DineXpro is a dining experience platform developed and operated by ANNATECH SRL, a software company registered in Romania. We build tools that connect restaurants with their customers through modern, technology-driven experiences.
For questions about this Privacy Policy or our data practices, you can reach us at privacy@dinexpro.app.
What Data We May Collect #
Depending on how you use DineXpro, we may collect the following types of information:
Account & Profile Data
When you create an account, we may collect your name, email address, and profile photo. You may also provide optional information such as a display name, phone number, or dietary preferences. Authentication credentials are managed through secure third-party providers (for example, Firebase Authentication or social sign-in services).
Contact Details
We collect the email address you use to register. If you contact our support team or provide feedback, we may also receive additional contact information you choose to share.
Usage, Session & Order Data
When you participate in dining sessions, we collect information about your activity, including:
- Table session participation and timestamps (e.g., when you join or leave a session)
- QR code scan events and table check-ins
- Order details — items selected, modifications, quantities, and order history
- Bill-splitting preferences and payment confirmation records
- Feedback, ratings, or reviews you may provide about a dining experience
Device & Technical Information
We may automatically collect certain technical data, including:
- Device type, operating system, and app version
- IP address and general location information (e.g., city-level, derived from your IP)
- Crash reports, diagnostic logs, and application performance data
- Browser type and screen resolution (for web access)
- Anonymized analytics data to help us understand how the Services are used
Payment-Related Information
DineXpro may facilitate payment interactions as part of the dining experience. We store payment confirmation records (such as transaction status, amount, and timestamps). We do not directly store full payment card numbers, CVVs, or sensitive financial credentials. Where payment processing is involved, it is handled by trusted third-party payment processors that maintain their own security and compliance standards.
Business & Staff Account Data
If you use DineXpro as a restaurant owner or staff member, we may collect:
- Business name, address, and contact information
- Staff names, roles, and assigned permissions within the platform
- Menu content, pricing, table configurations, and operational settings
- Operational logs related to order management, session handling, and staff actions
Social, Profile & Moderation Data
DineXpro may offer optional social features over time. If you choose to use such features, we may collect:
- Profile information you choose to make visible to other users
- Content you share, post, or interact with
- Reports you submit about other users or content
- Moderation actions and related records
How We Use Your Data #
We use the information we collect for the following purposes:
- Providing the Services — creating and managing your account, enabling table sessions, processing orders, facilitating payments, and delivering the core dining experience
- Communication — sending order confirmations, session notifications, service announcements, and responding to your support inquiries
- Improvement & analytics — understanding usage patterns, diagnosing technical issues, and improving the quality, reliability, and performance of our platform
- Safety & security — detecting and preventing fraud, abuse, or unauthorized access; enforcing our Terms of Service; and maintaining the integrity of the platform
- Personalization — tailoring your experience where appropriate (for example, showing order history or relevant menu suggestions)
- Business insights — providing restaurant partners with aggregated, anonymized analytics about ordering patterns and customer engagement (individual users are not personally identified to businesses beyond what is necessary for order fulfillment)
- Legal compliance — meeting regulatory obligations, responding to lawful requests, and protecting our legal rights
Legal Bases for Processing #
Depending on your jurisdiction, we may rely on one or more of the following legal grounds for processing your personal data:
- Contract performance — processing necessary to provide the Services you have requested (e.g., creating your account, processing your orders)
- Legitimate interests — processing that supports our reasonable business interests, such as product improvement, security, and fraud prevention, where these interests are not overridden by your rights
- Consent — where you have given explicit consent for specific processing activities (e.g., marketing communications), which you may withdraw at any time
- Legal obligation — processing required to comply with applicable laws or regulations
The specific legal basis applicable to a particular processing activity may vary depending on the nature of the data and the context in which it is collected.
How Data May Be Shared #
We do not sell your personal data. We may share information in the following limited circumstances:
Service & Infrastructure Providers
We use trusted third-party services to operate the platform — for example, cloud infrastructure (such as Google Cloud / Firebase), analytics tools, crash reporting services, and payment processors. For DineXpro platform subscriptions, billing is processed by Paddle, which acts as the Merchant of Record and may receive limited data necessary to process the transaction (for example, the business contact email, country, and the items being purchased). For end-customer payments to a business through DineXpro, processing is handled by Stripe (including Stripe Connect). These providers access data only as necessary to perform their functions and are bound by their own privacy and security obligations.
Restaurant Partners
When you place an order or participate in a dining session, certain information (such as your display name, order details, and session participation) may be shared with the restaurant where you are dining. This is necessary for order fulfillment and service delivery.
Legal Obligations
We may disclose information if required by law, regulation, legal process, or governmental request, or if we believe disclosure is necessary to protect the rights, safety, or property of DineXpro, our users, or the public.
Business Transfers
If ANNATECH SRL is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change and any choices you may have regarding your data.
Data Retention #
We retain your personal data for as long as necessary to provide the Services, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of data and the purpose for which it was collected.
For example:
- Account data is retained while your account is active and for a reasonable period afterward in case you choose to reactivate
- Order and session data may be retained for business analytics and audit purposes, subject to applicable regulations
- Technical and diagnostic data is typically retained for shorter periods unless needed for ongoing investigations
When data is no longer needed, we delete or anonymize it in accordance with our retention practices. You may request deletion of your account and associated data at any time (see Your Rights below).
Security #
We take the security of your data seriously and implement appropriate technical and organizational measures to protect against unauthorized access, alteration, disclosure, or destruction. These measures may include:
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms for staff and system accounts
- Regular review of our security practices and infrastructure
- Server-side validation and audit logging for sensitive operations
While we strive to protect your information, no method of electronic transmission or storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining and improving our safeguards.
International Transfers #
DineXpro is operated from Romania. Our infrastructure providers may process data in various locations around the world. If your data is transferred to a jurisdiction outside your country of residence, we take steps to ensure that appropriate safeguards are in place, in accordance with applicable data protection laws.
These safeguards may include relying on the data protection policies of our infrastructure providers, standard contractual clauses, or other legally recognized transfer mechanisms as appropriate.
Your Rights #
Depending on your jurisdiction, you may have certain rights regarding your personal data, which may include:
- Access — the right to request a copy of the personal data we hold about you
- Correction — the right to request correction of inaccurate or incomplete data
- Deletion — the right to request deletion of your personal data, subject to certain exceptions
- Portability — the right to request a portable copy of your data in a commonly used format
- Restriction — the right to request that we limit the processing of your data in certain circumstances
- Objection — the right to object to certain types of processing, such as processing based on legitimate interests
- Withdrawal of consent — where processing is based on consent, the right to withdraw that consent at any time
To exercise any of these rights, please contact us at privacy@dinexpro.app. We will respond to your request in accordance with applicable law. You may also delete your account directly through the app settings.
Children's Privacy #
DineXpro is not intended for use by children under the age of 16 (or the applicable minimum age in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that information promptly.
If you believe a child has provided us with personal data, please contact us at privacy@dinexpro.app.
Changes to This Policy #
We may revise this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date and version number at the top of this page and, where appropriate, notify you through the app or by email. For business accounts, your previous acceptance is recorded with the version number that was in effect at the time of acceptance.
We encourage you to review this policy periodically to stay informed about how we protect your information.
Contact #
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: privacy@dinexpro.app
- Company: ANNATECH SRL
- Country: Romania
- General inquiries: contact@dinexpro.app
We will do our best to respond to your inquiry in a timely manner.