Legal

Privacy Policy

Last updated: June 2025

Virtual Waitress is operated by NgwaNgwa Digital. We take your privacy seriously. This policy explains what data we collect, why we collect it, and how we protect it.

1. Who This Policy Covers

This policy covers two groups:

  • Restaurant users — owners, managers, and staff who operate a restaurant account on our platform.
  • End users (customers) — diners who access a restaurant's digital menu by scanning a QR code. Customers do not create accounts and are not required to provide any personal information to browse the menu or place an order.

2. Data We Collect — Restaurant Users

When you register and operate a restaurant on Virtual Waitress, we collect:

  • Account information: Your email address and password (stored as a secure hash — we never store your password in plain text)
  • Restaurant details: Restaurant name, tagline, accent colour, and the unique URL slug for your restaurant
  • Menu content: Dish names, descriptions, prices, and category information that you upload
  • Staff records: Names, roles, and hashed access codes for your registered waiter and manager accounts
  • Order history: Records of orders placed at your restaurant, including items, quantities, prices, table numbers, and timestamps

We do not collect your payment card details directly. Payment processing (for Pro subscriptions) is handled by our payment provider and is subject to their privacy policy.

3. Data We Collect — Customers (End Users)

Customers who scan a QR code and use a restaurant's digital menu do not need to create an account. We collect only:

  • Order data: Items ordered, quantities, total amount, table number, and the time the order was placed
  • Push notification token: If you grant permission for push notifications (used only to send order status updates from the restaurant), we store a device notification token. This is not linked to any personal identity.

We do not collect your name, phone number, email address, or any other identifying information unless you voluntarily provide it (e.g., by contacting us directly).

4. How We Use Your Data

We use the data we collect to:

  • Operate and maintain your restaurant account and digital menu
  • Display your menu to customers who scan your QR codes
  • Route orders from customers to the correct waiter dashboard in real time
  • Send push notifications to waiters when orders arrive or when a customer calls for service
  • Provide your manager dashboard with order history and analytics
  • Respond to support requests
  • Improve the platform over time

We do not sell your data to third parties. We do not use your data for advertising.

5. Third-Party Services

Virtual Waitress relies on the following third-party services to operate:

  • Supabase — our database and authentication provider. Your restaurant data, staff accounts, and order records are stored on Supabase infrastructure. Supabase is SOC 2 compliant. See Supabase's Privacy Policy.
  • Vercel — our hosting provider. The Virtual Waitress application is served from Vercel's global infrastructure. See Vercel's Privacy Policy.

We do not share your data with any other third parties except as required by law.

6. Data Retention

  • Restaurant accounts: Data is retained for as long as your account is active. If you close your account, we retain your data for 30 days before permanent deletion to allow for recovery.
  • Order records: Stored indefinitely by default to support your analytics. You may request deletion of historical order data at any time.
  • Customer push notification tokens: Stored until a customer revokes browser notification permission, at which point the token becomes inactive.

7. Security

We take reasonable technical measures to protect your data, including:

  • All connections to Virtual Waitress use HTTPS encryption
  • Passwords are hashed using industry-standard algorithms — never stored in plain text
  • Staff access codes are stored as secure hashes
  • Access to the database is restricted by role-based policies (Row Level Security)
  • API keys and service credentials are stored as environment secrets, never in source code

No system is perfectly secure. If you believe your account has been compromised, contact us immediately.

8. Your Rights

As a restaurant user, you have the right to:

  • Access the data we hold about you and your restaurant
  • Correct inaccurate data
  • Request deletion of your account and associated data
  • Export your menu and order history

To exercise any of these rights, contact us at codedbryt@gmail.com.

9. Cookies

Virtual Waitress does not use tracking or advertising cookies. We use browser localStorage and sessionStorage to store your session token and cached menu data locally on your device. This data never leaves your device and is not accessible to us.

10. Children

Virtual Waitress is not directed at children under 13. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify restaurant users of material changes by email or in-app notice. The "last updated" date at the top of this page reflects the most recent revision.

12. Contact

For any privacy questions or data requests, contact us at:

NgwaNgwa Digital
Email: codedbryt@gmail.com
WhatsApp: +234 707 607 7265