Privacy Policy

This Privacy Policy explains how 3A Dine (“3A Dine”, “we”, “us”, or “our”) collects, uses, stores, and shares personal information when you use our website, restaurant management platform, ordering tools, dine-in tools, table reservation tools, payment setup tools, and related services (“Service”).

This Privacy Policy is currently intended for users, restaurants, restaurant staff, restaurant customers, and website visitors in the United Kingdom.

For UK data protection purposes, the controller for 3A Dine’s own business data is:

Controller: Mr Ale Hasan trading as 3A Dine
Business name: 3A Dine
ICO registration number: ZC037972
Email: support@3adine.com
Postal address: Available on request for data protection correspondence

1. Our role

3A Dine provides restaurant management, menu, ordering, dine-in, table reservation, and payment setup software.

For our own business activities, such as account management, platform security, subscriptions, support, analytics, service improvement, and billing, we decide why and how personal data is processed. In those cases, we act as the controller.

Where a restaurant uses 3A Dine to manage menus, branches, tables, reservations, dine-in orders, customer orders, checkout profiles, or customer-facing pages, the restaurant is usually responsible for how it uses its customers’ personal data. In those cases, 3A Dine may act as a processor on behalf of the restaurant.

Restaurant customers should also read the relevant restaurant’s own privacy policy where applicable.

2. Information we collect

Account, profile, and verification data

This may include name, email address, phone number, login details, authentication identifiers, role, staff permissions, basic profile information, phone verification status, OTP or one-time code verification attempts, verification timestamps, and related account security records.

Restaurant owner phone numbers are used for account verification and security. They are not shown to customers.

Restaurant setup data

This may include restaurant name, country, branch details, restaurant address, contact details, opening hours, service availability, menu settings, ordering settings, restaurant configuration, and tenant settings.

Branding and customer-facing restaurant details

This may include restaurant logo, website, tagline, social links, customer support email address, customer support phone number, and other contact details provided by the restaurant.

These details may appear on the restaurant’s customer-facing menu, ordering pages, reservation pages, receipts, or related restaurant pages.

Menu and product data

This may include menu categories, menu items, descriptions, prices, images, availability, dietary labels, modifiers, add-ons, taxes, discounts, and configuration settings.

Branch, table, dine-in, and reservation data

This may include branch information, dining areas, table numbers, table status, reservation date and time, party size, booking status, customer notes, dine-in order details, timestamps, and related restaurant operational data.

Order and customer data

Where ordering, dine-in, delivery, collection, or table reservation features are enabled, we may process customer name, contact details, order details, ordered items, order notes, reservation details, delivery or collection information, payment method selected, payment status, fulfilment status, booking status, timestamps, and order or reservation communications.

Customers may choose to provide special requests, such as allergy, dietary, accessibility, seating, or preparation preferences. Restaurants are responsible for reviewing and handling these requests appropriately. 3A Dine processes this information only to provide the ordering, dine-in, or reservation feature requested by the restaurant or customer.

Business and invoice profile data

This may include profile label, legal business name, trading name, business type, business registration type, business registration number, VAT registration status, VAT number where applicable, business address, invoice profile details, and related receipt or invoice settings.

These details may be used on receipts, invoices, branch documents, restaurant records, or customer-facing documents where applicable.

Payment gateway connection and payment metadata

If a restaurant owner connects a supported payment gateway, we may store limited gateway-related information, such as gateway account ID, connection status, onboarding status, payment provider settings, transaction identifiers, payment status, subscription status, refund status, dispute status, and sync timestamps.

Full customer card details, restaurant bank account details, bank proof, identity documents, incorporation documents, and gateway KYC documents are collected and processed by Stripe or Razorpay where required.

Subscription and billing data

For 3A Dine subscriptions, we may process subscription plan, billing status, invoice metadata, payment status, billing timestamps, and related payment records. Payment details are processed by the supported payment provider for the restaurant's country.

Usage and technical data

This may include IP address, browser type, device information, operating system, pages or features used, log data, timestamps, error reports, security events, and interactions with the Service.

Support and communication data

This may include messages you send to us, support requests, feedback, issue reports, and service-related communications.

Cookies and similar technologies

We may use cookies or similar technologies to keep the Service working, maintain sessions, improve performance, remember preferences, support security, and understand how the Service is used. Where required by law, we will ask for consent before using non-essential cookies.

3. Information we do not collect

3A Dine does not collect or store:

• full customer card numbers;
• CVV or CVC codes;
• restaurant bank account details;
• manual bank transfer details;
• bank proof documents;
• identity verification documents;
• incorporation documents;
• Stripe or Razorpay KYC documents.

Payments and verification information are handled by Stripe or Razorpay where the relevant gateway is used.

OTP or one-time codes are used only for verification and security. We do not use phone numbers for marketing unless separate marketing consent is obtained.

4. How we use information

• To provide, operate, and maintain the Service.
• To create and manage accounts.
• To authenticate users and manage staff access.
• To verify restaurant owner accounts using phone number and one-time code verification.
• To send one-time passcodes, verification, security, and account-related messages.
• To protect restaurant owner accounts from unauthorised access, fake accounts, misuse, abuse, and fraud.
• To manage restaurants, branches, menus, tables, reservations, dine-in orders, checkout profiles, and customer orders.
• To display restaurant branding, contact details, logo, website, social links, and support information on customer-facing restaurant pages where enabled.
• To create receipts, invoices, branch documents, and business records using restaurant business and invoice profile details.
• To enable restaurants to connect the supported gateway for their country.
• To process 3A Dine subscriptions.
• To support restaurant online payments through Stripe or Razorpay where enabled.
• To show order status, booking status, payment method, and payment status.
• To provide customer support.
• To send service-related messages, such as verification, security, billing, operational, and support emails.
• To secure accounts and prevent fraud, abuse, unauthorised access, or misuse.
• To monitor performance and fix technical issues.
• To improve the Service and user experience.
• To comply with legal, tax, accounting, regulatory, payment, fraud-prevention, and security obligations.

5. Lawful bases for processing

Contract

We process personal information where necessary to provide the Service, manage accounts, verify restaurant owners, process subscriptions, support restaurant setup, support ordering, support dine-in and reservations, and deliver requested platform functionality.

Legitimate interests

We process personal information where necessary for our legitimate interests, including securing the Service, preventing fraud, preventing account misuse, troubleshooting issues, improving performance, supporting restaurants, maintaining business records, and protecting our business, users, restaurants, and customers.

Consent

We rely on consent where required, such as for certain cookies, optional marketing communications, or optional features.

Where customers voluntarily provide special request information that may reveal health, dietary, religious, accessibility, or similar information, the restaurant is responsible for ensuring it has an appropriate lawful basis and, where required, an additional condition for processing that information. 3A Dine processes this information only to provide the relevant ordering, dine-in, or reservation feature.

Legal obligation

We process personal information where necessary to comply with legal, tax, accounting, regulatory, payment, fraud-prevention, or lawful request obligations.

6. Restaurant responsibilities

Restaurants using 3A Dine are responsible for:

• ensuring they are authorised to create and manage the restaurant account;
• ensuring business, invoice, branch, menu, and contact details are accurate;
• ensuring customer-facing contact details are appropriate for publication;
• handling customer orders, dine-in requests, reservations, refunds, complaints, and service issues;
• handling allergy, dietary, accessibility, and special request information appropriately;
• complying with tax, invoice, food safety, consumer, employment, and data protection obligations that apply to their business;
• maintaining their own Stripe or Razorpay account and complying with the provider's terms where a gateway is connected.

7. Payments

3A Dine uses supported payment providers for subscription payments and, where enabled, to allow restaurants to accept online payments. India uses Razorpay. UK, Europe, and other supported countries use Stripe.

Where a restaurant connects its own Stripe or Razorpay account, payments are processed by that gateway. 3A Dine does not process, hold, or settle customer funds directly. The restaurant is responsible for its own gateway account and for any payment, refund, tax, chargeback, customer-service, or compliance obligations that apply to its business.

For in-store payment methods such as cash or card/POS terminal, payment is handled directly by the restaurant outside 3A Dine.

3A Dine does not support or store manual bank transfer details.

8. Sharing information

We may share personal information with the following categories of recipients.

Service providers

We may share data with providers who help us operate the Service, including hosting providers, database providers, authentication providers, email delivery services, analytics providers, monitoring tools, customer support tools, SMS verification providers, and security providers.

Firebase / Google Cloud

We use Firebase and Google Cloud services for database, authentication, storage, logging, infrastructure, and related platform services.

Vercel

We use Vercel for website and application hosting, deployment, performance, logging, and security-related services.

Stripe and Razorpay

We use Stripe or Razorpay, depending on country and account eligibility, for subscription payments, connected restaurant accounts, payment processing, onboarding, fraud prevention, refunds, disputes, and payment metadata.

Stripe or Razorpay processes payment and account information under its own terms and privacy policy.

Authentication and OTP providers

We may use Firebase, Google Cloud, or other authentication and SMS verification providers to verify phone numbers, send one-time passcodes, secure accounts, and prevent misuse of the Service.

One-time code messages are used for verification and security. We do not use phone numbers for marketing unless separate marketing consent is obtained.

Restaurants

Where a customer places an order, makes a table reservation, or uses dine-in services with a restaurant using 3A Dine, relevant customer, order, reservation, payment status, and communication information may be made available to that restaurant.

Restaurant customers

Where a restaurant publishes customer-facing pages through 3A Dine, branding details, support contact details, website links, social links, menu information, branch information, availability, and relevant receipt or invoice details may be displayed to restaurant customers.

Professional advisers

We may share information with accountants, legal advisers, insurers, or business advisers where necessary.

Legal or regulatory authorities

We may share information where required by law, regulation, court order, lawful request, or where necessary to protect rights, safety, security, or prevent fraud.

We do not sell personal information.

9. Data storage and international transfers

We aim to store UK restaurant and user data in the United Kingdom where reasonably possible.

Our Firebase database for UK users is hosted in London, United Kingdom.

Our website and application are deployed using Vercel. Vercel may process limited technical data, such as hosting, security, performance, and log data, in the United States or other countries where Vercel or its service providers operate.

Stripe or Razorpay may process payment-related data in countries where the provider or its service providers operate.

Where personal data is transferred outside the UK, we use appropriate safeguards where required by applicable law. These may include adequacy regulations, standard contractual clauses, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other lawful transfer mechanisms.

10. Data retention

We keep personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy.

Account data

Account data is kept while the account is active and for a reasonable period after closure.

Phone number and verification data

Restaurant owner phone numbers are kept while the account is active or as needed for account security, support, fraud prevention, legal compliance, or dispute handling.

OTP or one-time codes are retained only for the short period needed to complete verification. Verification status, verification timestamps, failed attempt records, resend records, and related security logs may be retained for a limited period to protect the Service and investigate misuse.

Restaurant data

Restaurant setup data, branch data, menu data, table data, and configuration data are kept while the restaurant account is active or as needed to provide the Service.

Branding and customer-facing data

Branding details, logos, website links, social links, support contact details, and other customer-facing restaurant details are kept while the restaurant account is active or until removed or updated by the restaurant.

Business and invoice profile data

Business and invoice profile data is kept while the restaurant account is active or as needed to provide receipts, invoices, business records, customer documents, accounting records, dispute records, or legal records.

Order, dine-in, and reservation data

Order, dine-in, and reservation data is kept for as long as needed for restaurant operations, customer support, accounting, dispute handling, fraud prevention, legal compliance, or platform records.

Gateway and payment metadata

Gateway connection data and payment metadata are kept for as long as needed for billing, payment status, subscriptions, refunds, disputes, accounting, fraud prevention, and legal compliance.

Security logs

Security logs are kept for a limited period needed to protect the Service, investigate misuse, and maintain security.

Support communications

Support communications are kept for as long as needed to resolve issues, maintain records, and improve support.

Backups

Some data may remain in backups for a limited period before deletion through normal backup rotation.

We may retain some information for longer where required by law or where necessary to establish, exercise, or defend legal claims.

11. Security

We use technical, organisational, and administrative safeguards designed to protect personal information.

These measures may include access controls, authentication, encryption where appropriate, monitoring, logging, secure service providers, backups, role-based permissions, and security reviews.

For phone verification, we use expiry times, attempt limits, and security controls designed to reduce misuse. One-time codes should not be shared with anyone, including restaurant staff or 3A Dine support.

However, no online service is completely secure, and we cannot guarantee absolute security.

12. Your rights

If UK GDPR applies, you may have the right to:

• access your personal information;
• correct inaccurate or incomplete information;
• request deletion of your information;
• restrict processing;
• object to processing;
• request data portability;
• withdraw consent where processing is based on consent;
• complain to the UK Information Commissioner’s Office.

To exercise your rights, contact us at support@3adine.com.

Where your data is controlled by a restaurant, we may direct your request to the relevant restaurant or assist the restaurant in responding.

13. Children

The Service is intended for restaurants, restaurant staff, and customers using restaurant services. Restaurant owner and staff accounts are not intended for children.

We do not knowingly create restaurant owner or staff accounts for children. If you believe a child has provided personal information to us without appropriate permission, contact us at support@3adine.com.

Restaurants are responsible for ensuring that their own use of 3A Dine complies with laws that apply to their customers.

14. Marketing communications

We may send marketing communications where permitted by law or with consent where required.

You can opt out of marketing communications at any time by using the unsubscribe link or by contacting us.

We may still send service-related messages, such as account, security, billing, support, verification, or transactional messages.

We do not use restaurant owner phone numbers for SMS marketing unless separate marketing consent is obtained.

15. Cookies

We may use necessary cookies to operate the Service, keep users logged in, secure accounts, and remember settings.

We may use analytics or performance cookies to understand how the Service is used and improve it. Where required by law, we will ask for consent before setting non-essential cookies.

You may be able to manage cookies through your browser settings or any cookie controls we provide.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time.

When we update it, we will change the “Last updated” date above. If changes are significant, we may provide additional notice, such as by email, dashboard notice, or in-app message.

17. Contact

For questions about this Privacy Policy or personal data, contact:

Email: support@3adine.com
Business: 3A Dine
Controller: Mr Ale Hasan trading as 3A Dine
ICO registration number: ZC037972
Postal address: Available on request for data protection correspondence