HomePrivacy Policy

Privacy Policy

Effective Date: 02 july 2025

At Restrobox, your privacy is important to us. We are committed to protecting your personal, business, and transactional data through secure systems, transparent processes, and compliance with all applicable data protection laws.

1.1 Data We Collect

We may collect the following types of data:

  • Business Information: restaurant name, branch details, location, and license number (if applicable)
  • Personal Information: owner and staff names, phone numbers, email addresses, designations
  • Login & Session Data: IP addresses, device types, browser types, login timestamps
  • Operational Data: order history, billing data, sales records, tax summaries (including FBR-linked invoices)
  • Payment Data: transaction logs, invoice histories (no card information is stored)
  • Customer Data: only when entered voluntarily by restaurants for online orders or reservations

1.2 Purpose of Data Collection

We use collected data strictly for the following purposes:

  • To provide you access to the Restrobox POS and admin panels
  • To process and generate invoices, sales, and tax reports
  • To offer technical support and respond to service requests
  • To customize product experience based on role, location, and industry type
  • To integrate with third-party services (e.g., FBR integration, SMS/WhatsApp APIs)

1.3 Legal Basis for Processing

Restrobox only processes your data where:

  • You have provided consent (e.g., during signup)
  • Processing is required for the performance of our services
  • It is necessary for compliance with legal obligations (e.g., tax reporting)

1.4 How We Protect Your Data

We implement strict data security measures:

  • SSL encryption for all communications
  • Secure server infrastructure (via industry-leading cloud providers)
  • Database access limited to authorized personnel only
  • Regular vulnerability scans and patching
  • Daily encrypted backups

1.5 Data Retention

  • Sales and account records are stored for up to 7 years, or as required by tax laws
  • Customer and session logs are retained for 12 months
  • Inactive accounts are flagged after 90 days and scheduled for review/deletion after 180 days

1.6 Data Sharing

We do not sell, trade, or rent your personal or business information. However, limited data may be shared with:

  • Tax authorities like FBR (as required by law)
  • Technology service providers for hosting, database management, or support
  • Payment gateways for processing your subscriptions (no card info stored by us)

All third parties are bound by NDAs or contractual obligations to protect your data.

1.7 Your Rights as a Data Owner

Under our privacy framework, you have the right to:

  • Access your stored data
  • Request corrections to incorrect information
  • Request deletion of your data (except where legally required to retain it)
  • Withdraw consent (where applicable)
  • Lodge a complaint via support@restrobox.com

1.8 Cross-border Transfers

All data is hosted on servers that may reside outside Pakistan. We ensure such transfers are compliant with international data protection standards and local regulations.

1.9 Updates to this Policy

This policy may be updated periodically to reflect changes in law, technology, or business practices. All changes will be published on this page with revised dates.

The rest of the policies remain unchanged.

For any concerns or questions, contact:
support@restrobox.com
CloudERP360 (Pvt) Ltd. — A Corpela Group Company

Book a demo