9:41
Back
Restoroma OS
LEGAL DOCUMENT

Privacy Policy

Last updated:

Data Controller
Brilliantfix Limited — Registered in England & Wales, UK
Director: Oshyne Hoshing
This policy covers data processed through Restoroma OS, a sub-brand of Brilliantfix Limited.

1. Who We Are

This Privacy Policy explains how Brilliantfix Limited ("we", "us", "our") collects, uses, and protects personal data in connection with the Restoroma OS platform.

Restoroma OS is a restaurant management SaaS platform and a sub-brand of Brilliantfix Limited, a company registered in England and Wales, United Kingdom.

We are committed to protecting your privacy and processing your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Data We Collect

We collect the following categories of personal data:

Category Examples Source
Account Data Name, email address, business name, phone number Provided by you on signup
Billing Data Payment method details (processed by Stripe), billing address, invoice history Provided by you at checkout
Usage Data Platform activity, orders processed, menu changes, login timestamps Automatically collected
Guest Order Data Table number, items ordered, order timestamps, payment status Generated by your venue's guests
Device & Technical Data IP address, browser type, device identifiers, screen resolution Automatically collected

3. How We Use Your Data

We process your personal data for the following purposes and on the following legal bases:

  • Providing the Service — to operate and deliver Restoroma OS features. (Contractual necessity)
  • Billing & Payments — to process subscription payments and issue invoices. (Contractual necessity)
  • Customer Support — to respond to your enquiries and resolve issues. (Legitimate interest)
  • Platform Improvements — to analyse usage patterns and improve features. (Legitimate interest)
  • Legal Compliance — to comply with UK laws, including tax and financial regulations. (Legal obligation)
  • Marketing — to send product updates and offers where you have consented. (Consent — you may opt out at any time)

4. Who We Share Data With

We do not sell your personal data. We may share data with trusted third-party service providers who process data on our behalf:

  • Stripe — payment processing (Stripe's own privacy policy applies to payment card data)
  • Cloud Hosting Providers — secure server infrastructure (UK/EEA-based where possible)
  • Analytics Tools — anonymised platform analytics only
  • Legal & Regulatory Bodies — where required by UK law or court order

All third-party processors are bound by data processing agreements and required to maintain appropriate security standards.

5. How Long We Keep Your Data

  • Active account data — retained for the duration of your subscription.
  • Billing and transaction records — retained for 7 years in compliance with UK tax law.
  • Guest order data — retained for 90 days by default, configurable per venue.
  • Support correspondence — retained for 2 years.
  • After retention periods expire, data is securely deleted or anonymised.

6. Your Rights Under UK GDPR

As a data subject, you have the following rights:

  • Right of Access — request a copy of the personal data we hold about you.
  • Right to Rectification — request correction of inaccurate or incomplete data.
  • Right to Erasure — request deletion of your data ("right to be forgotten") where applicable.
  • Right to Restrict Processing — request that we limit how we use your data.
  • Right to Data Portability — receive your data in a structured, machine-readable format.
  • Right to Object — object to processing based on legitimate interest or for direct marketing.
  • Right to Withdraw Consent — withdraw consent for marketing or other consent-based processing at any time.

To exercise any of these rights, contact us using the details in Section 9. We will respond within 30 days.

If you are unsatisfied with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies & Local Storage

Restoroma OS uses browser localStorage (not cookies) to persist session data such as your cart and preferences within the platform. This data is stored locally on your device and is not transmitted to our servers unless you complete an action (e.g. placing an order).

If analytics or performance tools are used, they may set cookies. You may control cookie preferences through your browser settings.

8. Security

Brilliantfix Limited implements appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or disclosure. These include:

  • HTTPS encryption for all data in transit
  • Secure payment processing via Stripe (PCI-DSS compliant)
  • Access controls and authentication for administrative systems
  • Regular security reviews of our infrastructure

No transmission over the internet is 100% secure. You use the Service at your own risk in this regard, though we take all reasonable steps to protect your data.

9. Contact & Data Requests

For any privacy-related enquiries, data subject requests, or to exercise your rights, please contact:

Brilliantfix Limited — Data Controller
Director: Oshyne Hoshing
Registered in England & Wales, United Kingdom
Platform: Restoroma OS (sub-brand of Brilliantfix Limited)
Terms & Conditions  ·  restoroma.brilliantfix.com

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of significant changes via email or in-platform notice. The date at the top of this document indicates when it was last revised.