Privacy Policy

Qreat is a restaurant operations SaaS for QR ordering and related restaurant workflows. Qreat Manager is the iOS companion app used by restaurant owners and staff to manage menus, live QR orders, table sessions, kitchen and order workflows, printing workflows, order history, and restaurant operations.

The operator of Qreat is [Legal Entity Name]. Contact details are listed at the end of this Policy.

This Policy applies to qreat.ai, Qreat Manager, and related services that link to this Policy. It covers business users such as restaurant owners, administrators, managers, staff members, and other authorized workspace users.

Restaurant guests may interact with QR ordering pages without downloading the iOS app. When restaurant guests place orders or interact with QR ordering pages, Qreat may process guest order and session data on behalf of the restaurant using Qreat.

Depending on how Qreat is used, we may collect or process the following categories of information:

• Account information: Name, email address, login and authentication details, role, and restaurant workspace membership.
• Restaurant information: Restaurant name, store settings, menus, categories, items, prices, availability, tax and service settings, and table information.
• Order and service data: QR table session data, table or session ID, party size if entered by staff, order items, quantities, order notes, order status, timestamps, and order history.
• Optional survey and analytics data: Age survey responses or restaurant activity analytics if those features are enabled by the restaurant.
• Device and usage data: Device type, browser or app version, logs, diagnostics, crash or error data, IP address, or approximate region if collected by infrastructure providers.
• Support communications: Messages, files, and other information sent to Qreat support.
• Billing and subscription data: Plan, subscription status, billing metadata, invoices, and related records. Payment card details are processed by Stripe and are not stored by Qreat.

Qreat is designed for restaurant operations. We do not intentionally collect:

• Precise location, unless a future feature asks for permission.
• Payment card numbers.
• Government identification numbers.
• Health data.
• Children’s data.
• Data used for third-party advertising tracking.

We use information to operate, support, secure, and improve Qreat, including to:

• Provide QR ordering and restaurant management features.
• Authenticate users and manage staff access.
• Process orders and table sessions.
• Manage menus and restaurant settings.
• Support kitchen, order, and printing workflows.
• Provide customer support.
• Improve reliability, security, performance, and product quality.
• Generate restaurant analytics and operational insights.
• Maintain legal, security, and compliance records.

Qreat may use third-party AI or translation providers to support features such as menu translation or operational analysis.

Customer order notes, menu text, or restaurant operational data may be processed only as needed to provide those features.

Qreat does not use customer content to train public AI models unless explicitly stated in a separate agreement.

Qreat may use error monitoring tools such as Sentry to capture production runtime errors, unhandled exceptions, and related diagnostic events.

Qreat configures monitoring to reduce or scrub sensitive values such as session tokens, email addresses, customer input, order notes, translation text, and provider response bodies where possible.

Diagnostic data is used for security, reliability, debugging, and product quality.

Qreat may use cookies, local storage, and similar technologies for authentication and session state, preferences such as language or selected workspace, security, app functionality, and analytics or diagnostics if used.

Disabling these technologies may prevent parts of Qreat from working correctly, including login, workspace selection, and QR ordering workflows.

Qreat does not sell personal information. We may share information with service providers and other parties only as needed to provide, secure, support, or comply with obligations related to Qreat. These may include:

• Cloud hosting and infrastructure providers, such as Cloudflare and Firebase / Google Cloud.
• Authentication, database, storage, and serverless function providers.
• Payment processors, such as Stripe.
• Error monitoring providers, such as Sentry.
• AI or translation providers, such as OpenAI or Google Cloud Translation, if enabled.
• Professional advisors, legal authorities, regulators, or other parties when required by law or necessary to protect rights, safety, and security.

Restaurants are responsible for how they use guest data in their own operations, including order fulfillment, guest service, accounting, and internal reporting.

Qreat processes guest order and session data to provide the QR ordering service to restaurant customers. Guests should contact the restaurant first for order-specific requests, corrections, refunds, receipts, or questions about a particular order.

Guests may also contact Qreat for privacy questions using the contact details below.

Account and workspace data is retained while the account or restaurant workspace is active. Order, session, and history data is retained as needed for restaurant operations, legal, security, and service purposes.

Diagnostic logs are retained for a limited period. Deletion requests can be made through the restaurant administrator or Qreat support, subject to operational, legal, security, and contractual requirements.

Qreat uses reasonable technical and organizational safeguards designed to protect information, including access controls, encryption in transit, role-based access where applicable, and operational security practices.

No online service can be guaranteed to be 100% secure. Restaurants and users are responsible for protecting account credentials and assigning staff roles appropriately.

Depending on the service providers used to operate Qreat, information may be processed in countries other than the country where a restaurant, staff member, or guest is located. Where required, Qreat takes steps intended to support lawful transfers and appropriate protection of information.

Depending on your location and relationship with Qreat, you may have rights to:

• Access personal information we hold about you.
• Correct inaccurate or incomplete information.
• Request deletion of information, subject to operational, legal, security, and contractual requirements.
• Request restriction of, or object to, certain processing where applicable.
• Request data portability where applicable.
• Withdraw consent where processing is based on consent.
• These rights may vary by location, including Japan, the EEA, the UK, California, and other regions. We may need to verify your identity and authority before responding to a request.

Where applicable, Qreat handles personal information in accordance with applicable Japanese privacy laws, including requirements relating to purpose of use, appropriate handling, security management, and responses to requests from individuals.

Contact point for Japan privacy requests: [privacy@qreat.ai]

Where applicable, individuals in California, the EEA, the UK, and other regions may have additional privacy rights under local laws. These may include rights to know, access, correct, delete, restrict or object to processing, portability, and appeal or complaint rights.

Qreat does not sell personal information and does not use personal information for third-party advertising tracking. If this changes, we will update this Policy and related privacy disclosures as required.

Qreat is not intended for children. It is designed for restaurants and business users, including restaurant owners, managers, and staff. We do not knowingly collect personal information from children.

We may update this Policy from time to time to reflect changes to Qreat, legal requirements, service providers, or our data practices. When we make material changes, we will update the Effective Date and provide notice where appropriate.

If you have questions or requests about this Policy, please contact:

Company legal name: [Legal Entity Name]

Contact email: [privacy@qreat.ai]

Address: [Company Address]

App Store privacy disclosures, including App Store privacy labels, should match this Policy and Qreat Manager’s actual data collection, use, sharing, diagnostics, and third-party provider behavior. If Qreat Manager’s features or service providers change, this Policy and the App Store privacy disclosures should be reviewed and updated together.