Chow Privacy Policy

1. Introduction

This Privacy Policy explains how Chow (“we”, “us”, or “our”) collects, uses, stores, discloses, and protects data when businesses and end-users access or use our Software-as-a-Service (“SaaS”) platform. Our platform provides tools for online ordering, QR-table ordering, reservations, loyalty programs, digital wallet passes, POS, inventory management, accounting, operational insights, staff management, customer engagement, payments, and related services (collectively, the “Services”).

By accessing or using the Services, you acknowledge that you have read, understood, and agree to this Privacy Policy.

Important Notice - Technology Provider Only

Chow is strictly a technology platform. We do not own, operate, manage, control, endorse, or represent any restaurant, café, hotel, cloud kitchen, delivery service, or payment processor.

Accordingly:

• All food preparation, safety, pricing, delivery, refunds, and complaint handling are exclusively the merchant's responsibility.
• All payment processing, settlements, refunds, disputes, and chargebacks are handled solely by PCI-DSS compliant third-party processors, under agreements directly between the merchant and the processor.
• Chow does not store, process, or have access to full credit card numbers, CVV codes, bank account numbers, or other sensitive payment credentials.

Our role is limited to providing the software tools merchants use to operate their business.

2. Definitions

• Personal Data: Information that identifies or can be used to identify an individual.
• Merchant/Business: A restaurant, café, hotel, cloud kitchen, or other entity using our Services.
• User/Customer: An individual who places an order, makes a reservation, or interacts with a merchant through our Services.
• Platform: The web portals, mobile applications, dashboards, APIs, and tools provided by Chow.

3. Data We Collect

3.1 User (Customer) Data

• Name, phone number, email address.
• Delivery address and order preferences.
• OAuth login information (Google/Apple) including name, email, and identity token.
• Loyalty program identifiers, wallet pass IDs, stamp/redemption data.

3.2 Order and Transaction Data

• Items ordered, order history, timestamps, location (if provided).
• Payment status, tokenized references, authorization IDs.
• Reservation details, timestamps, delivery preferences.

3.3 Device, Usage, and Technical Data

• IP address, device type, OS version, browser type.
• Cookies, session identifiers, user-agent strings.
• Error logs, diagnostics, crash reports.
• Analytics such as page views, load times, and feature interactions.

3.4 Merchant Operational Data

This information is entered, uploaded, or generated by the merchant. We do not independently collect this data. It may include:

• Inventory records and stock movements.
• Supplier, vendor, purchase order, and goods received details.
• POS activity, billing records, order routing, cashier activity.
• Financial entries, ledgers, tax data, accounting records.
• Staff accounts, roles, activity logs, assigned tasks.
• Menus, recipes, pricing, images, catalog data.
• Operational analytics, performance metrics, system-generated summaries.

We may only access this data when requested or required to:

• Provide technical support or resolve issues.
• Assist with onboarding, configuration, or optimization.
• Investigate system anomalies or errors.

At all times, this data remains controlled by the merchant, and our access is restricted to what is necessary to fulfill a legitimate support or operational purpose.

4. How We Use Data

We use data only for legitimate purposes, including:

• Operating online ordering, QR ordering, reservations, and POS functions.
• Managing digital wallet-based loyalty programs.
• Authenticating users and merchants.
• Managing merchant subscriptions, billing, and premium features.
• Providing dashboards, analytics, and performance insights.
• Sending transaction notifications and service alerts.
• Delivering customer and technical support.
• Improving platform performance and user experience.
• Preventing fraud, abuse, and unauthorized access.
• Complying with tax, accounting, AML/KYC, and legal obligations.

We do not sell Personal Data.

5. Payments

All online payments (cards, digital wallets, bank transfers) are processed by PCI-DSS compliant third-party payment gateways. Chow does not store card numbers, expiry dates, CVV codes, or banking credentials. Refunds, settlements, payouts, and chargebacks are governed entirely by the merchant's agreement with the payment processor. We only receive tokenized or masked information necessary to verify a transaction.

6. Sharing of Data

We share data strictly on a need-to-know basis:

6.1 With Merchants

• Customer name, contact information, and order details.
• Loyalty data, reservation details.

6.2 With Payment Gateways

• Tokenized references, status updates, non-sensitive transaction data.

6.3 With Delivery/Rider Services

• Delivery address, name, contact number.
• Order pickup and drop-off details.

6.4 With Service Providers (Sub-Processors)

We use certain trusted third-party providers to support different parts of our technology infrastructure. Because of how these services operate, they may incidentally or indirectly have access to limited data as part of delivering their functionality.

These providers include:

• Cloud hosting providers
• Email/SMS gateways
• Analytics providers
• Customer support tools
• Logging and monitoring tools

Where such access is possible, these providers are required to maintain strict confidentiality and uphold strong data protection practices. Their access is limited, controlled, and used solely for the purpose of operating or supporting the Services.

6.5 Legal Requests

We may disclose data when required by law, court orders, regulatory authorities, tax enforcement, or to enforce our legal rights or respond to claims.

7. International Data Transfers

As a globally operated technology service, your information may be transferred to, stored on, or processed on servers located in countries other than your own.

Regardless of location, we apply the same level of care and protection to your data. We maintain appropriate and reasonable safeguards at all times, including the use of secure transfer methods, encryption, and other industry-standard protections to ensure that your privacy and data remain secure across all regions in which we operate.

These safeguards ensure that the confidentiality, integrity, and availability of your data are preserved, even when international processing is required.

8. Data Retention

We retain data only as long as operationally and legally required.

• User data: Until account deletion/request.
• Order and transaction history: Up to 7 years (for tax, audit and compliance).
• Merchant data: For the duration of the subscription + legal retention period.
• Diagnostics, logs, analytics: Up to 36 months.
• Aggregated, anonymized data: May be stored indefinitely (cannot identify individuals).

9. User Rights

Depending on applicable laws, you may have the right to:

• Access your Personal Data.
• Request correction or deletion.
• Export or transfer your data.
• Object to or restrict processing.
• Withdraw consent (where applicable).
• Opt-out of marketing communications.

Requests may be submitted to support@chow-pos.com.

We may require identity verification for security.

10. Security

We implement industry-standard protections including:

• TLS/SSL encryption for data in transit.
• AES-256 encryption for sensitive data at rest (where applicable).
• Multi-layer firewalls and network isolation.
• Secure OAuth-based authentication.
• Role-based access controls with least-privilege policies.
• Regular vulnerability scans, audits and monitoring.
• Activity logging and anomaly detection.
• Strict internal confidentiality obligations for all staff.

Despite robust safeguards, no system is entirely free from vulnerabilities; however, we take robust and reasonable steps steps to protect your data.

11. Children's Privacy

Our Services are not intended for children under the applicable legal age of consent (typically 13 or 16. We do not knowingly collect their data. Parents or guardians may contact us to request deletion of such information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes may be communicated via email or in-app notifications. Please review this page periodically for the latest information. Continued use of the Services constitutes acceptance of the updated policy.

13. Contact Us

For questions, concerns, or data access requests, please contact: support@chow-pos.com.