This Privacy Policy applies to Tablit ("we", "our", "us") — the restaurant management platform operated by Vaibhav Khapra, based in Delhi, India. It describes how we handle personal information across all Tablit portals (Admin, Manager, Waiter, Kitchen) and the customer-facing QR ordering experience.
Section 01
Information We Collect
Account & Staff Data
When a restaurant owner registers on Tablit, we collect their name, email address, phone number, and restaurant details. Staff members (managers, waiters, kitchen staff) are added by the admin and authenticated via mobile OTP — we store their phone numbers and assigned role.
Order & Transaction Data
We store order details placed through QR-based menus or by waiters, including items ordered, timestamps, table numbers, and payment status. Payment transactions are processed by Razorpay; we store only the transaction reference, amount, and status — never raw card or UPI credentials.
Device & Usage Data
We collect basic device information (browser type, OS) and usage logs (pages visited, portal activity) to maintain service reliability and debug issues. Customers who scan QR codes are not required to create accounts; we collect no personal data from them beyond the order placed.
Section 02
How We Use Your Data
Service Delivery
Your data powers the Tablit platform — routing orders to the kitchen, syncing live bills for managers, generating analytics for admins, and enabling staff login via OTP.
Communication
We may use your contact details to send service-critical notifications (downtime alerts, billing reminders) and, with your consent, product updates. You can opt out of marketing communications at any time.
Improvement & Analytics
Aggregated, anonymised usage data helps us identify performance bottlenecks and plan new features. We do not sell individual usage data to third parties.
Section 03
Data Sharing
Third-Party Processors
We share data only with processors necessary to run the service: Razorpay (payment processing), Vercel (hosting), and cloud infrastructure providers. All processors are bound by data processing agreements consistent with applicable law.
No Selling of Data
We do not sell, rent, or trade your personal information to advertisers, data brokers, or any third party for commercial purposes.
Legal Obligations
We may disclose information when required by law, court order, or to protect the rights and safety of Tablit, its users, or the public.
Section 04
Data Security
Encryption
All data in transit is encrypted via TLS 1.2+. Sensitive fields at rest are encrypted using AES-256. OTP codes are single-use and expire within 10 minutes.
Access Controls
Role-based access ensures staff can only view data relevant to their function. Admins have full visibility; kitchen staff see only active orders; waiters see only their assigned tables.
Incident Response
In the event of a data breach affecting your personal information, we will notify you within 72 hours of discovery, as required by applicable regulations.
Section 05
Your Rights
Access & Portability
You may request a copy of all personal data we hold about you at any time. We will provide it in a machine-readable format within 30 days.
Correction & Deletion
You have the right to correct inaccurate data or request deletion of your account and associated data. Deletion requests are processed within 30 days, subject to legal retention requirements.
Withdrawal of Consent
Where processing is based on consent (e.g. marketing emails), you may withdraw that consent at any time without affecting the lawfulness of prior processing.
📬
Questions about your data?
We respond to all privacy requests within 5 business days.
vaibhavkhapra5@gmail.com →