Privacy & Security

Your restaurant data is sensitive. Here's exactly how we handle it — no legal jargon, just straight answers.

Last updated: March 2026

What We Collect

  • Account info (name, email, restaurant details) when you sign up
  • Conversation data between you and your AI agents
  • Usage metrics to track your plan quota
  • Payment info processed securely by Stripe — we never store card numbers

How We Protect It

  • All data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Database hosted on SOC 2 compliant infrastructure (Neon PostgreSQL)
  • Authentication via industry-standard OAuth 2.0 and bcrypt password hashing
  • API keys and secrets stored in encrypted environment variables, never in code

Where Your Data Lives

  • Hosted on Vercel (US-East) with automatic redundancy
  • Database hosted on Neon with daily automated backups
  • AI processing via Anthropic's Claude API — conversations are not used to train models

Who Can Access Your Data

  • Only you and your authorized team members
  • RESTUAI staff may access data only for support purposes with your permission
  • We never sell, share, or monetize your data
  • Third-party processors: Stripe (payments), Anthropic (AI), Google (OAuth)

Data Deletion

  • You can request full account and data deletion at any time
  • Email us and we'll delete everything within 30 days
  • Conversation history can be cleared from your dashboard

Contact Us

  • Privacy questions: support@restuai.com
  • We're a small team — you'll get a real human response

Our Commitment

We're working towards SOC 2 Type II certification and GDPR compliance. As a young product, we're building security-first from day one rather than retrofitting it later. If you have specific compliance requirements, reach out — we're happy to discuss.