Legal
Privacy Policy
Last updated: 1 June 2026
Who we are
CaféOS (“we”, “our”, “us”) is an AI-powered restaurant management platform operated by CaféOS Dev, India. We can be reached at support@cafeoslive.com.
What we collect
We collect only the data needed to run the service:
- —Account data — your name and email address, managed by Clerk (our authentication provider).
- —Business data — your café name, city, cuisine type, and address.
- —Uploaded files — menu PDFs, sales CSVs, and review text you upload for analysis. These are processed by our AI and stored in Supabase Storage.
- —Customer data — phone numbers and visit history from your POS export, used solely to send WhatsApp win-back messages on your behalf. Phone numbers are encrypted at rest using AES-256-GCM and are never shared with third parties other than Interakt (your WhatsApp delivery provider).
- —Payment data — subscription and billing records managed by Razorpay. We do not store card details.
- —Usage data — anonymised logs of feature usage to improve the product.
How we use your data
- —To generate AI-powered reports (menu analysis, revenue insights, reputation scoring, demand forecasts).
- —To send automated WhatsApp messages you configure — daily prep guides, win-back campaigns, review alerts, social post confirmations.
- —To send you a daily email digest summarising your café's performance (you can unsubscribe at any time).
- —To process subscription payments via Razorpay.
- —To improve our AI models and product — only with anonymised, aggregated data; never with your identifiable business information.
Third-party services
We share data with the following sub-processors to deliver the service:
| Service | Purpose | Data shared |
|---|---|---|
| Clerk | Authentication | Name, email |
| Razorpay | Payments | Email, billing address |
| Anthropic | AI analysis | Menu, sales, review text |
| Supabase | Database & file storage | All business data |
| Interakt | WhatsApp messaging | Encrypted customer phone numbers |
| Resend | Email delivery | Email address |
| Upstash | Job queue & rate limiting | Job metadata only |
| Sentry | Error monitoring | Anonymised error logs |
Data retention
We retain your data for as long as your account is active. When you delete your account:
- —Uploaded files (menus, CSVs) are deleted from Supabase Storage within 30 days.
- —Customer phone number records are permanently deleted.
- —AI-generated reports are deleted within 30 days.
- —Billing records are retained by Razorpay as required by Indian tax law.
Your rights
Under the Digital Personal Data Protection Act 2023 (India) and applicable law, you have the right to:
- —Access — request a copy of the personal data we hold about you.
- —Correction — update inaccurate data in your account settings.
- —Deletion — delete your account and all associated data from your account settings, or by emailing us.
- —Opt-out of messaging — unsubscribe from email digests at any time via the unsubscribe link, or disable WhatsApp automations from your dashboard.
To exercise any right, email us at support@cafeoslive.com. We will respond within 30 days.
Cookies
We use only session cookies required for authentication (managed by Clerk). We do not use tracking or advertising cookies.
Security
Customer phone numbers are encrypted at rest using AES-256-GCM. All data is transmitted over HTTPS. Access to production systems is restricted to authorised personnel only.
Changes to this policy
We may update this policy from time to time. If we make material changes, we will notify you by email at least 14 days before the change takes effect. Your continued use of CaféOS after that date constitutes acceptance of the updated policy.
Contact
For privacy questions or data requests, contact us at support@cafeoslive.com.