Privacy Policy

Welcome to Zestt! We build beautiful, immersive, and smart digital menus for modern dining rooms across India. If you have scanned a QR code at one of our partner restaurants or are managing a restaurant menu using our software, you are using the Zestt platform. We believe that technology should feel like premium hospitality. Part of that premium experience is respecting your privacy and being entirely clear about what happens to your information.

This privacy policy is here to explain how we handle information for both our guests (the hungry diners reading the menu) and our restaurants (the culinary curators hosting the experience). We do not believe in complicated legal talk or tiny print. Instead, we have written this in plain, conversational English to make it simple and quick to read.

Please note: Zestt is designed and optimized specifically for the Indian dining landscape. Initially, our services are offered only within India. Our practices are built to align with Indian digital privacy standards, ensuring a safe, secure, and respectful browsing experience at your table.

Friendly Disclaimer:We are not a lawyer. This policy describes our platform's data practices in plain language. If you are a restaurant owner, please consult your restaurant's legal team to ensure your own guest communication matches local requirements.

1. What Data We Collect

We collect very minimal data. We do not track your location outside the restaurant, and we never ask guests for credit cards or phone numbers just to view a menu. Here is the specific breakdown:

A. For Guests (Diners viewing menus)

Device Information: We check what browser and operating system you use (like iOS, Android, Safari, or Chrome) so our menu adjusts layout perfectly for your screen.
IP Address: Your IP address is recorded briefly when you connect to help prevent spam and protect our service.
Search Queries: The queries you type into our AI search bar are recorded so we can find the right dishes.
Browsing Actions: We track which dishes you view, how long you look at them, and which items you add to your digital shortlist.

B. For Restaurants (Our culinary partners)

Menu Content: We store all dishes, prices, descriptions, images, and category labels you upload.
Admin Credentials: We store your administrator email address and a securely hashed password to protect your account.
Preferences: We save your choice of visual themes (like golden-black or modern-minimalist).
Broadcast Messages: We save active broadcast alerts you send out to guest screens.
Access Logs: We track login times and admin actions in your dashboard to help you audit security.

2. How We Use Your Data

We use this data to make dining out more delightful and to help restaurants serve you better. Specifically:

Improving Search: By studying search queries, our AI learns which words diners use to describe food, helping us refine our search relevance.
Restaurant Insights: We show restaurant owners anonymous, aggregated stats. For instance, a restaurant can see: “20 guests searched for spicy paneer last night, and 15 added the Truffle Risotto to their shortlist.” This helps them manage stock and improve their menu. We never identify individual guests in these reports.
Operational Health: We monitor error rates and time spent browsing to optimize page speeds and squash software bugs.

Important Rule: We do not sell your personal data to marketers, data brokers, or advertising networks. We think that is bad hospitality. Your data is used only to run and improve your Zestt experience.

3. Data Storage & Hosting

Our database is hosted securely on Supabase, a reliable and modern cloud database provider. All communication between your device and our servers is secured using industry-standard HTTPS encryption, and the database itself is encrypted at rest.

Our databases run in secure, professional-grade cloud data centers (using Supabase and Amazon Web Services defaults) chosen to deliver fast page load speeds for Indian restaurants. We make sure all physical and virtual access points are locked down tightly.

4. Data Retention (How Long We Keep Data)

We do not keep data forever if we do not need it. We clean up our database regularly to minimize stored data. Our retention schedules are:

Guest AnalyticsWe keep anonymous browsing and search event logs for 90 days, after which they are deleted automatically.

Menu DataWe store menu content (dishes, prices, descriptions) until the restaurant owner chooses to delete it.

Diner ShortlistsGuest shortlists are stored in your phone's browser storage and are automatically cleared after 30 days of inactivity.

Admin Access LogsRestaurant dashboard security logs and admin activity metrics are kept for 30 days.

5. Who Can Access Your Data

Your data is kept within a tight circle. We restrict access to only what is necessary to run the platform:

The Zestt Team: Only authorized members of our technical team can access database tables, solely for fixing bugs, performing maintenance, or assisting restaurants.
Your Restaurant Owner: Restaurant managers can see dashboard metrics, but these are anonymous and restricted to their own restaurant. They cannot see data from other restaurants on our platform.
No Marketers or Third Parties: We never share, trade, or rent guest information with external marketing companies. Your dinner preferences remain between you and the chef.

6. AI & Search Integration

To offer a truly smart menu, we use Google Gemini APIs. When a restaurant updates their menu descriptions, we send those descriptions to Google Gemini to generate high-dimensional search embeddings. This allows guests to search for things like “something chocolatey and light” or “spicy Indian gravy” and get matching results, even if those exact words are not in the dish title.

According to the Google Gemini API terms, any descriptions sent to the API are not used to train Google's public AI models. The API calls are governed by Google's secure developer policies. You can read more about Google's data handling rules in the official Google Gemini API Terms of Service.

7. Your Rights & Options

Even though Zestt collects very little personal info, we want you to feel in control. You have the following options:

Request a Copy: You can ask to see what data we have associated with your email or device.
Request Deletion: You can ask us to clear your history, search records, or admin account details.
Opt-Out of Analytics: You can browse our menus in private/incognito mode, which naturally limits our local-first shortlist and session tracking.

If you want to exercise any of these options or have a question about how your data is handled, please send an email to our team at privacy@zestt.com. We will respond and process your request within 7 business days.

8. Security & Protection

We treat security with the same care as a Michelin-starred kitchen treats ingredients. We implement several layers of safety:

Hashed Passwords: Restaurant admin passwords are never stored in plaintext. We hash and salt them securely so they cannot be read.
Brute Force Prevention: Our admin console includes active rate-limiting. If someone tries to guess passwords repeatedly, they are automatically blocked.
Secure Transport: We enforce HTTPS everywhere, so all communications are encrypted while traveling between your browser and our servers.

9. Changes to This Policy & Contact Information

We may update this policy as Zestt introduces new features. If we make any major changes that affect how we handle restaurant admin accounts, we will notify you by sending an email. For guests, the latest version will always be posted here.

We are compliant with general Indian data protection practices and continue to align our platform with India's evolving digital landscape.

If you have any questions, suggestions, or concerns about this policy, please reach out to us:

Email: privacy@zestt.com

Address: Zestt Private Limited, 4th Block, Indiranagar, Bangalore, Karnataka 560038, India