Privacy Policy

This Privacy Policy explains how Tibono ("we", "us", or "our") collects, uses, stores, and protects personal information when you visit our website, create an account, or use our restaurant management platform and related services (collectively, the "Services").

By using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Services.

This policy applies to restaurant owners, staff members, administrators, and visitors who interact with Tibono, including:

• Superadmin and platform operators who manage the overall system
• Restaurant account holders and their authorized staff
• Guests who place orders through QR menus or online ordering flows
• Anyone who contacts us for support, sales, or billing inquiries

We collect information that you provide directly and information generated when you use the Services.

Account and business information may include your name, email address, phone number, login credentials, restaurant name, branch details, address, billing details, subscription plan, invoices, payment references, staff roles, permissions, and activity within your account.

Operational and order data may include menu items, categories, prices, modifiers, orders, table assignments, reservations, kitchen tickets, customer contact details entered by your team or guests, and reports or usage logs related to restaurant operations.

Technical information may include IP address, browser type, device identifiers, operating system, pages viewed, features used, timestamps, error diagnostics, and cookies as described below.

We use collected information to:

• Provide, operate, maintain, and improve the Services
• Authenticate users and enforce role-based access controls
• Process subscriptions, payments, and account-related communications
• Send service announcements, security alerts, and support responses
• Monitor performance, troubleshoot issues, and prevent fraud or abuse
• Comply with legal obligations and enforce our Terms & Conditions

We do not sell your personal information to third parties for their marketing purposes.

We may share information only when necessary:

• Service providers: hosting, email delivery, payment processing, analytics, and customer support tools that help us run the platform
• Within your organization: data visible to users you authorize inside your restaurant account
• Legal requirements: when required by law, court order, or to protect rights, safety, and security
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to appropriate safeguards

Payment card data is handled by certified payment processors. We do not store full card numbers on our servers.

We retain information for as long as your account is active or as needed to provide the Services, resolve disputes, enforce agreements, and meet legal requirements. You may request deletion of certain data subject to applicable law and legitimate business needs such as billing records or security logs.

We use cookies and similar technologies to keep you signed in, remember preferences, measure site performance, and improve user experience. You can control cookies through your browser settings, though some features may not function properly if cookies are disabled.

We implement reasonable administrative, technical, and organizational safeguards designed to protect your information, including access controls, encrypted connections where appropriate, and monitoring for unauthorized activity. No online system is completely secure, and we cannot guarantee absolute security.

Depending on your location, you may have the right to access, correct, update, export, or delete personal information we hold about you, or to object to certain processing. To exercise these rights, contact us using the details below. We may need to verify your identity before fulfilling a request.

Your information may be processed in countries other than your own. When we transfer data internationally, we take steps designed to ensure an appropriate level of protection consistent with applicable law.

The Services are intended for business use and are not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us data, please contact us so we can take appropriate action.

We may update this Privacy Policy from time to time. When we make material changes, we will post the updated version on this page and adjust the effective date. Continued use of the Services after changes become effective constitutes acceptance of the revised policy.