DinemintDinemint

Vol. 06 · Privacy

What we keep,
and what we don't.

In short

We collect the data we need to run Dinemint and nothing else. We don't sell it. We don't rent it. We don't share it with advertisers. If we ever change that, we'll tell you in plain English, not in a 4 a.m. email.

Who we are

Dinemint is built and operated by App Studios, a partnership firm based in Uttar Pradesh, India. When this page says "we", we mean App Studios. When it says "Dinemint", we mean the product.

GST: 09ACNFA5018M1Z0 · PAN: ACNFA5018M

What we collect

From operators: name, email, phone, restaurant address, billing details via our secure payment processor (we never see the full card number).

From guests: only what you ask them for in the menu app. Name, phone, email — at your choice and theirs. Order history is kept tied to the guest's hashed phone, which we use to recognise regulars.

WhatsApp, Instagram, and the AI bits

Some Dinemint features lean on services outside our walls. If you switch one on, here's what crosses the line.

WhatsApp Business: when you connect your restaurant's WhatsApp number, Meta hands us the bare minimum to send and receive on your behalf — your WhatsApp Business Account ID, your phone number ID, the message templates you create, and the messages that flow through. Your customers' phone numbers stay between you and them; we pass the bytes.

Consent comes first: we only send WhatsApp marketing on a restaurant's behalf to guests who have explicitly opted in — for example, by ticking the consent box on the restaurant's ordering page. Every marketing message honours opt-out: a guest can reply STOP at any time and we stop immediately. Order and reservation updates are transactional, sent only to the guest they concern.

Instagram: when you connect Instagram, Meta lets us publish posts on your behalf and read your post insights. We don't pull follower lists, DMs, or anything you didn't switch on.

AI features — caption generation, menu chat, photo enhancement, the owner copilot. The relevant content (a menu item, a customer's chat question, a photo) is sent to Anthropic (Claude) or a similar model provider to do the work. The provider doesn't keep it for training.

Where it lives

We run on cloud infrastructure in the Mumbai region. Photos sit on a global content network. When a feature talks to WhatsApp or Instagram, that conversation is handled by Meta on Meta's infrastructure. Payments are handled by Cashfree (India) or Paddle (everywhere else). None of those companies sees more than the slice they need to do their bit. Backups are locked at rest and rotated daily. No third-party trackers, no advertising pixels, no analytics sneaking through the side door.

How long we keep it

We hold connected-account data — WhatsApp and Instagram access tokens, message and post metadata, and any media you send through us — only while your account is active. Disconnect a channel or close your account and we delete it within 30 days, except the few records the law makes us keep (tax invoices, mostly). Anything we hold longer for analytics is aggregated and stripped of identifiers, so it can't point back to a person.

Your rights

Export everything as a spreadsheet whenever you ask. Ask us to delete it and we delete it within seven days, with a copy of the export to you for your records. There's a full walkthrough on the data deletion page — for operators and for diners.

Cookies

One session cookie when you sign into admin. No tracking cookies, no analytics cookies, no third-party iframes setting cookies on our behalf.

Grievance officer

Indian law (the Digital Personal Data Protection Act) asks every business to name a real human you can complain to about your data. Ours is:

Sangeet Verma
grievance@dinemint.com
App Studios, Uttar Pradesh, India

Email and you'll hear back within seven days. No forms, no hold music.

Get in touch

Questions about your data go to privacy@dinemint.com. A real person reads and replies.