U
Uyaro

Privacy Policy

Effective Date: February 9, 2026

Company: Uyaro
Contact: techops@uyaro.in
Jurisdiction: Tamil Nadu, India

1. Introduction

Uyaro ("we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our DineSynk point-of-sale (POS) system and related services (collectively, the "Services").

This Privacy Policy applies to all users of our Services, including restaurant owners, operators, managers, employees, and end customers whose information may be processed through our platform.

By using our Services, you consent to the collection, use, and disclosure of your information as described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not use our Services.

2. Scope of Services

DineSynk is a comprehensive restaurant POS system that provides:

  • Point-of-sale and payment processing
  • Kitchen order ticket (KOT) management
  • Customer relationship management
  • Inventory and purchase management
  • Campaign and marketing tools
  • Reporting and analytics
  • Terminal and device management
  • Multi-location support

Our Services are designed for use by restaurants, food service establishments, and hospitality businesses operating in India and internationally.

3. Information We Collect

3.1 Information You Provide

  • Account Information: Business name, restaurant details, owner/manager name, email address, phone number, business address, tax identification numbers (GSTIN), and other registration details
  • User Credentials: Usernames, passwords, and authentication information for authorized users
  • Payment Information: Bank account details, payment card information (processed by PCI-DSS compliant third-party processors), UPI IDs, and transaction records
  • Customer Data: Customer names, contact information, order history, preferences, feedback, and loyalty program data entered through our Services
  • Employee Data: Staff names, contact details, roles, permissions, attendance, and performance metrics
  • Business Data: Menu items, pricing, inventory levels, supplier information, sales data, and operational metrics

3.2 Information Collected Automatically

  • Usage Data: Features accessed, actions performed, time and date stamps, session duration, and interaction patterns
  • Device Information: IP addresses, device type, operating system, browser type, unique device identifiers, and terminal hardware specifications
  • Location Data: Geographic location of terminals and devices (with your consent where required)
  • Log Data: Server logs, error reports, system events, and diagnostic information
  • Cookies and Tracking Technologies: Session cookies, preference cookies, analytics cookies, and similar tracking technologies (see Section 9)

3.3 Information from Third Parties

  • Payment processors and financial institutions
  • Identity verification and fraud prevention services
  • Business partners and integrations you authorize
  • Publicly available business information and registries

4. How We Use Your Information

We use the collected information for the following purposes:

4.1 Service Provision

  • Operate, maintain, and improve our POS Services
  • Process transactions and fulfill orders
  • Manage user accounts and authentication
  • Provide customer support and technical assistance
  • Generate reports and analytics for your business

4.2 Business Operations

  • Communicate with you about services, updates, and changes
  • Send administrative notices, alerts, and confirmations
  • Process payments and manage billing
  • Detect, prevent, and address fraud, security issues, and technical problems
  • Comply with legal obligations and enforce our agreements

4.3 Enhancement and Personalization

  • Analyze usage patterns to improve user experience
  • Develop new features and functionalities
  • Customize the Services to your business needs
  • Conduct research and analytics for service enhancement

4.4 Marketing and Communication

  • Send promotional materials about new features and services (with your consent where required)
  • Conduct surveys and gather feedback
  • Inform you about industry insights and best practices

You may opt out of marketing communications at any time by following the unsubscribe instructions in our emails or contacting us at techops@uyaro.in.

5. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party service providers to perform functions on our behalf, including:

  • Payment processors (PCI-DSS compliant)
  • Cloud hosting and storage providers
  • Analytics and performance monitoring services
  • Customer support tools
  • Email and communication platforms
  • Security and fraud prevention services

These providers have access to your information only to perform specific tasks and are obligated to protect your data.

5.2 Business Partners

With your consent, we may share information with:

  • Integrated third-party applications and services you choose to connect
  • Marketing and campaign partners
  • Delivery and logistics partners

5.3 Legal Requirements

We may disclose information when required by law or in response to:

  • Valid legal processes (subpoenas, court orders, warrants)
  • Requests from government authorities or law enforcement
  • Protection of our rights, property, or safety
  • Investigation of fraud, security issues, or policy violations

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.

5.5 With Your Consent

We may share information for any other purpose with your explicit consent.

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

  • Encryption of data in transit (TLS/SSL) and at rest
  • Secure authentication and access controls
  • Regular security assessments and penetration testing
  • Intrusion detection and prevention systems
  • Secure backup and disaster recovery procedures

6.2 Organizational Safeguards

  • Strict access controls and role-based permissions
  • Employee training on data protection and security
  • Confidentiality agreements with employees and contractors
  • Incident response and breach notification procedures

6.3 Payment Security

All payment card data is processed by PCI-DSS Level 1 compliant payment processors. We do not store complete payment card information on our servers.

Despite our efforts, no security system is impenetrable. We cannot guarantee absolute security of your information and are not responsible for unauthorized access resulting from circumstances beyond our reasonable control.

7. Data Retention

We retain your information for as long as necessary to:

  • Provide the Services and fulfill the purposes described in this Privacy Policy
  • Comply with legal, regulatory, tax, and accounting obligations (typically 7 years for financial records in India)
  • Resolve disputes and enforce our agreements
  • Maintain business records and analytics

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention policies.

Account Data: Retained for the duration of your account and up to 7 years after termination for legal compliance.

Transaction Data: Retained for a minimum of 7 years as required by Indian tax and accounting laws.

Customer Data: Retained as long as you use the Services and for a reasonable period thereafter, or as you direct.

You may request deletion of your data subject to our legal obligations (see Section 8).

8. Your Rights

Under applicable Indian data protection laws, including the Information Technology Act, 2000, the Sensitive Personal Data or Information (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act), you have the following rights:

8.1 Access and Correction

You have the right to access, review, and update your personal information at any time through your account settings or by contacting us.

8.2 Data Portability

You may request a copy of your data in a commonly used, machine-readable format.

8.3 Deletion and Erasure

You may request deletion of your personal information, subject to:

  • Legal retention requirements
  • Legitimate business purposes
  • Protection of rights and interests of Uyaro and third parties

8.4 Withdrawal of Consent

Where processing is based on consent, you may withdraw your consent at any time. This does not affect the lawfulness of processing before withdrawal.

8.5 Objection and Restriction

You may object to certain processing activities or request restriction of processing in specific circumstances.

8.6 Complaints

You have the right to lodge a complaint with the Data Protection Board of India or other relevant supervisory authority if you believe your data protection rights have been violated.

To exercise your rights, contact us at: techops@uyaro.in

We will respond to your request within 30 days or as required by applicable law.

9. Cookies and Analytics

9.1 Cookies We Use

  • Essential Cookies: Required for authentication, security, and core functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use our Services
  • Performance Cookies: Monitor system performance and identify issues

9.2 Analytics Services

We may use third-party analytics services (such as Google Analytics, Firebase Analytics, or similar tools) to collect and analyze usage information. These services may use cookies and similar technologies.

9.3 Your Choices

Most browsers allow you to refuse cookies or alert you when cookies are being sent. However, disabling essential cookies may affect the functionality of our Services.

10. Children's Privacy

Our Services are not intended for children under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately at techops@uyaro.in, and we will take steps to delete such information.

11. International Data Transfers

Our Services are primarily intended for users in India. However, if you access our Services from outside India, your information may be transferred to, stored, and processed in India or other countries where our service providers operate.

We take appropriate measures to ensure that international transfers comply with applicable data protection laws, including:

  • Standard contractual clauses
  • Adequacy decisions by relevant authorities
  • Your explicit consent where required

By using our Services, you consent to the transfer of your information to India and other countries which may have different data protection laws than your jurisdiction.

12. Payment Processing

12.1 PCI-DSS Compliance

We partner with PCI-DSS Level 1 compliant payment processors to handle payment card transactions. These processors adhere to the Payment Card Industry Data Security Standard (PCI-DSS) established by major card brands.

12.2 Payment Information

We do not store complete payment card numbers (PANs) on our servers. Sensitive payment data is tokenized and processed by our certified payment partners, including but not limited to:

  • Razorpay
  • Pine Labs
  • Other authorized payment gateways

12.3 Transaction Records

We retain transaction metadata (amounts, dates, status) for accounting, reporting, and dispute resolution purposes, but not complete payment credentials.

13. Compliance with Indian Laws

We comply with applicable Indian data protection and privacy laws, including:

13.1 Information Technology Act, 2000

We adhere to provisions of the IT Act and implement reasonable security practices and procedures as required under Section 43A.

13.2 SPDI Rules, 2011

We follow the Sensitive Personal Data or Information Rules for collection, storage, and handling of sensitive personal data, including:

  • Obtaining consent before collection
  • Using data only for lawful purposes
  • Implementing security safeguards
  • Providing opt-out mechanisms

13.3 Digital Personal Data Protection Act, 2023 (DPDP Act)

We comply with the DPDP Act requirements, including:

  • Processing data lawfully and for specified purposes
  • Ensuring data accuracy and security
  • Honoring data principal rights
  • Implementing accountability measures
  • Notifying data breaches as required

13.4 Other Applicable Laws

We comply with the Goods and Services Tax (GST) Act, Income Tax Act, and other relevant Indian regulations regarding data retention and reporting.

14. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

  1. Conduct a thorough investigation to determine the nature and scope of the breach
  2. Notify affected users within 72 hours of becoming aware of the breach (as required by the DPDP Act)
  3. Inform relevant regulatory authorities as required by law
  4. Provide information about the breach, potential risks, and remedial measures
  5. Take immediate steps to contain and mitigate the breach

15. Third-Party Links and Services

Our Services may contain links to third-party websites, applications, or services that are not operated by us. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, Services, or legal requirements. We will notify you of material changes by:

  • Posting the updated Privacy Policy on our website
  • Sending an email notification to your registered email address
  • Displaying a prominent notice in the Services

The "Effective Date" at the top of this Privacy Policy indicates when it was last updated. Your continued use of the Services after changes become effective constitutes acceptance of the revised Privacy Policy.

17. Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Uyaro
Email: techops@uyaro.in
Address: Tamil Nadu, India

Data Protection Officer: You may contact our Data Protection Officer at techops@uyaro.in for privacy-related inquiries.

Response Time: We aim to respond to all privacy inquiries within 30 days.

18. Grievance Redressal

In accordance with the Information Technology Act, 2000, and the DPDP Act, 2023, we have appointed a Grievance Officer to address your concerns regarding data processing.

Grievance Officer Contact:
Email: techops@uyaro.in

The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days from the date of receipt.

Last Updated: February 9, 2026

© 2026 Uyaro. All rights reserved.

← Back to Home