Privacy Policy

1. Information We Collect

To manage virtual waitlists and restaurant administrative tools successfully, we collect the following pieces of data:

• Phone Number: Collected from diners to send authentication verification codes, notify you when your table is ready, and link waitlist histories.
• Customer Name: Collected when joining a queue so restaurant staff can call you out and seat your party.
• Profile Details: Display names, roles, cumulative loyalty points, and tier levels (Bronze, Silver, Gold, Platinum) for active user profiles.
• Administrative Data: Floor coordinates, table layouts, menu items, prices, and staff pairing logs for registered restaurant venues.
• Technical Data: Device IP addresses, browser types, local storage keys, and cookie sessions to track active waitlist tickets and paired TV display screens.

2. How We Use Your Data

We use the collected information for specific, vital operations:

• To place you in virtual queues and calculate real-time estimated wait times.
• To send instant alerts (vibration, sound, browser chimes, and WhatsApp/SMS alerts) when your table is prepared.
• To pair lobby TV screens securely with the restaurant waitlist using encrypted session IDs.
• To reward your visits with loyalty points and advance your customer engagement tier.
• To diagnose errors and maintain the integrity of our REST database schemas.

3. Data Security and RLS Protection

We take security extremely seriously and implement enterprise-grade measures:

• Database Isolation: Our Supabase database is guarded by strict **Row-Level Security (RLS)**. This prevents public users or malicious entities from querying other users' private details or altering active restaurant state unauthorized.
• Verification Locks: Management dashboards, TV pairings, and staff invitations are verified through cryptographic tokens to block cross-origin breaches.
• Zero Error Leakage: All administrative errors are handled through custom wrappers so database structure details or schema parameters are never leaked to public consoles.

4. Third-Party Sharing

We **never** sell, trade, or rent your personal information to third parties. We only share data with essential infrastructure platforms that enable our core operations:

• Supabase: For cloud hosting, PostgreSQL database services, and secure browser authentication management.
• WhatsApp / Twilio Gateways: To securely dispatch automatic "Table Ready" notifications directly to your phone.
• QR Code Generators: Local restaurant URLs are passed to public APIs to generate scanning images for your front entrance. No customer details are shared here.

5. Cookies and Local Storage

We utilize minimal cookies and local browser storage to keep the platform fast and responsive:

• Active Waitlist Token: Keeps your customer tracker page logged in without asking you to re-verify your phone number continuously.
• TV Pairing Sessions: Local storage matches verified screens (`tv_pairing_id_[restaurant_id]`) so paired TVs boot up instantly in the lobby.

6. Your Rights and Deletion Requests

You retain full ownership of your data. You have the right to request a copy of your personal details, correct any inaccuracies, or ask for a permanent deletion of your profile history under global privacy regulations. To request a complete deletion of your records, please email us directly.

7. Changes to this Policy

We may revise this Privacy Policy periodically. We will alert you to updates by posting the new policy on this page and updating the "Last Updated" timestamp at the top of this document. We encourage you to review this policy periodically to stay informed about our data protection standards.