Your data,
handled with
care.
The information
that lives in DineSights.
DineSights handles two broad kinds of data — restaurant data, and diner data. Here's what each one means in practice.
Restaurant data
- Restaurant name, address, contact details, owner phone number.
- Your menu — sections, dishes, prices, photos you uploaded.
- Configuration — rewards setup, QR code mapping, table setup.
- Billing information held by Stripe (we don’t store card numbers ourselves).
Diner data
- Phone number, only if a diner chose to share it.
- OTP verification records — proof of phone ownership.
- Visit history at the restaurant — when scans happened, recognized vs. anonymous.
- Menu interactions you chose to record — saved dishes, quiz answers, reward progress.
- Technical request logs (browser type, approximate region from IP) needed to run the service securely.
The reasons
each piece exists.
Every field in DineSights serves the menu, the loyalty experience, the restaurant's view of its regulars, or basic service security.
To run the menu & QR experience.
We need to know which restaurant’s menu to serve when a QR is scanned, and to render the dishes, prices, and photos as the owner set them up.
To recognize returning diners.
If a diner shared a phone number, we use it as their identity across visits — that’s the whole point of the loyalty layer. Without it, we can’t tell a regular from a first-timer.
To give owners useful insights.
Visit counts, segments, and reward progress are what owners log in to see. They’re computed from the data above — nothing more.
To keep the service secure.
Request logs, rate-limit records, and OTP verification protect against abuse, spam, and unauthorized access. We keep only what’s needed for that purpose.
To bill restaurants accurately.
Owners pay a subscription via Stripe. Stripe holds the card data; DineSights only records subscription state (active, past due, canceled) so we know whether to keep the menu live.
To answer support requests.
When you contact us, we keep a record of the conversation so we can follow up. We don’t use support content for any other purpose.
Who else sees
what.
DineSights runs on a small set of trusted infrastructure providers. We don't sell data to anyone, and we don't share it across unrelated restaurants.
Supabase
Hosts the database and the storage where uploaded menu images live. Subject to Supabase’s own security and privacy practices.
Twilio
Sends the SMS one-time codes used to verify phone numbers. Phone numbers pass through Twilio’s service for that purpose only. Mobile information is not shared with third parties for marketing or promotional purposes.
Stripe
Handles all restaurant subscription billing. Card details live with Stripe; we receive a subscription status and customer reference, nothing more.
Hosting & infrastructure
The web app runs on a managed cloud platform with standard request logging in place. We don’t use third-party advertising or cross-site tracking pixels.
If a restaurant uses optional integrations (for example, AI-assisted menu enrichment or restaurant lookup via Google Places), additional data may flow to those providers for that specific feature. The providers listed above are the ones used by default.
What you can
ask for.
If you've used DineSights as a diner, you can ask us — or the restaurant — to do a few things on your behalf.
Stop receiving texts
Reply STOP to any restaurant text. The opt-out is immediate and your carrier honors it.
Delete your records
Email contact@dinesights.com with the phone number you used. We’ll remove your records.
See what we have
Ask for a summary of the data tied to your phone number. We’ll send back a plain summary — not a database dump, just what’s actually there.
Your part
of the bargain.
Owners using DineSights have responsibilities too — for the diners they capture and the messages they send.
- Only collect phone numbers from diners who’ve actually visited. Don’t upload outside lists.
- Use SMS thoughtfully — short, relevant, easy to opt out of. We rate-limit send volume to keep things sane on both sides.
- Honor STOP and opt-out requests immediately. If a diner asks you in person to be removed, follow up by emailing us so we can clean it up centrally.
- Keep owner login credentials safe. Anyone with your owner phone number and OTP code can access your data.
- Use the data as the diner would expect — to recognize them, not to target them in ways that feel intrusive.
This overview is provided for product transparency. It is not a formal privacy policy. Restaurants and diners in regulated jurisdictions should consult counsel before relying on it for compliance purposes. A formal privacy policy will replace this page before broad public launch.
Privacy question? Just ask.
If you'd like to see, change, or delete your records — or just ask why something is collected — write in. We answer.
Send a privacy request