Cheddr

Privacy Policy

Last updated: June 5, 2026

1. Overview & Scope

This Privacy Policy describes how Cheddr ("we", "us", "our", or "the Platform") collects, uses, and shares your personal information when you visit, use, or register on our website located at cheddr.oneand associated subdomains (collectively, the "Services").

Our Platform serves two main groups of users:

  • Merchants & Staff: Restaurant owners, administrators, kitchen personnel, waitstaff, and cashiers who utilize Cheddr to manage dining rooms, menus, order routing, and billing.
  • Diners: Restaurant guests who interact with our QR-code menus, place orders, and submit payments through the Platform.

2. Information We Collect

A. Information Collected from Diners

To facilitate contact-free table ordering, we collect:

  • Identity and Contact Info: Name, phone number, and optional email address.
  • Order Data: Cart contents, custom item modifiers, table numbers, guest notes, and order history.
  • Session metadata: Unique customer session IDs, cookie tokens, and idempotency keys to ensure order consistency.

B. Information Collected from Merchants & Staff

To establish subscription services and platform operations, we collect:

  • Account Details: Usernames, business emails, display names, and password hashes (stored securely using cryptographically salted bcrypt hashes).
  • Restaurant Profiles: Name, address, logo, banner, timezones, tax rates, currencies, and business hours.
  • Audit Log Records: Action traces including timestamp, user ID, and type of admin changes (e.g. creating categories, altering subscriptions) to prevent fraud and maintain operational integrity.

C. Automatically Collected Technical Data

Regardless of user type, our servers automatically log:

  • Device data (browser type, OS version, viewport sizing).
  • Network markers (IP address, ISP details, regional location based on IP).
  • WebSocket status indicators (network disconnection events, reconnection latencies, active subscription rooms).

3. Data Storage & Security

Your security is our absolute priority. We implement enterprise-grade practices to protect all data categories:

  • Encryption: All communication is encrypted in transit using Transport Layer Security (TLS/HTTPS). Database backups are encrypted at rest.
  • Database Isolation: Our multi-tenant architecture uses robust logical schema boundaries to prevent cross-contamination of merchant databases and customer order sessions.
  • Password Hashing: We never store plaintext passwords. All platform passwords undergo strong, resource-heavy bcrypt hashing.
  • No Credit Card Storage: All customer card processing is handled by PCI-DSS compliant third-party payment gateways (such as Stripe). We do not store or process card numbers on our servers.

4. How We Use and Share Information

We process your data strictly to fulfill our contract with you and run restaurant operations:

  • Real-time Routing: Broadcasting new orders and waiter alerts to staff dashboards via persistent WebSockets.
  • Idempotency Validation: Preventing double-billing or duplicated orders by caching idempotency keys in transaction blocks.
  • Third-party disclosures: We do not sell or lease personal data. We disclose information to service providers (such as hosting infrastructure, email services, and payment merchants) solely to execute core system operations.

5. Your Rights (GDPR & CCPA Compliant)

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

  • The right to access – You have the right to request copies of your personal data.
  • The right to rectification – You have the right to request that we correct any information you believe is inaccurate.
  • The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
  • The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
  • The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
  • The right to data portability – You have the right to request that we transfer the data that we have collected to another organization, or directly to you, under certain conditions.

To execute any of these rights, please drop a formal email to our privacy compliance desk at privacy@cheddr.one.