Privacy Policy

We collect three types of data to run wassup.world:

• Restaurant data: Menu items, pricing, staff names, table numbers. This is your data, we just host it.
• Order data: What diners order, when, and which table. We keep this for 90 days then archive it for your records.
• Payment data: We never store credit cards. Stripe handles that. We only see transaction IDs and amounts.
• Analytics: Which features you use, load times, errors. No personal diner info, just system performance.

We use your data to:

• Show diners your menu and process orders
• Give you analytics on what's selling
• Improve the product (bug fixes, speed)
• Bill you for Pro/Franchise tiers

We never sell your data. We never share it with third parties except Stripe for payments and our hosting provider (AWS). That's it.

You're in control:

• Export: Download your menu, orders, and data anytime from your dashboard.
• Delete: Cancel your account, we delete everything within 30 days (except legal/tax records).
• GDPR/CCPA: If you're in EU or California, you have full rights to access, correct, or delete your data. Email us: privacy@wassup.world

We take security seriously because restaurants get hit hard:

• End-to-end encryption for all data in transit (TLS 1.3)
• Encrypted databases at rest (AES-256)
• PCI DSS Level 1 compliance via Stripe
• Regular security audits and bug bounty program
• 2FA available for all staff accounts

We'll email you before any major changes. We'll never suddenly start selling data. If we get acquired, your data stays protected under the same terms.