It's a contract. Here is exactly what we collect, how we use it, the rights you hold under the Digital Personal Data Protection Act 2023, and the security that keeps your restaurant's data your own.
Six sections. No legalese. Plain English — because trust is a feature.
Account: restaurant name, owner name, email, phone, GSTIN (optional).
Operational: menu, orders, staff, inventory, daily revenue (isolated tenant on Supabase PostgreSQL).
Usage: login timestamps, IP (rate-limit + security).
Payments: Razorpay tokenization — we never see card/UPI details.
To operate: process orders, send KDS tickets, generate invoices, track inventory, calculate daily PnL.
To improve: aggregated, anonymized analytics (no individual restaurant data is sold or shared).
To notify: critical alerts (payment failures, outages), onboarding updates, optional marketing (opt-in only).
Supabase — database + auth (encrypted at rest, RLS on every table).
Razorpay — payment gateway (PCI-DSS Level 1, tokenized only).
Twilio (WhatsApp) — for customer/order notifications you enable.
No data is sold to advertisers, data brokers, or third-party marketers. Ever.
Right to Access: request a full export — Export My Data.
Right to Correction: update incorrect data via admin panel or by email.
Right to Erasure: request account deletion — Delete Account; purge within 30 days.
Withdraw Consent: stop optional processing anytime.
Grievance Redressal: email support@mancu.cloud — response within 15 days.
Active account: data retained for the life of your subscription + 1 year for tax/audit purposes.
Deleted account: personal identifiers purged within 30 days; anonymized aggregates retained for product analytics.
Financial records: 8 years (mandated by the Indian Income Tax Act 1961).
Encryption: TLS 1.3 in transit, AES-256 at rest, row-level security (RLS) on every table.
Auth: Supabase Auth + Turnstile CAPTCHA, optional 2FA, session device management.
Audits: full audit log of every login, role change, and data access.
Breach notification: within 72 hours to affected users + CERT-In (per DPDP Act 2023).
Data Protection Officer: support@mancu.cloud
Questions on a specific clause? Universal Support at support@mancu.cloud
Back to Mancu OS ←