Privacy Policy

Last Updated: June 2026

1. Information We Collect

We collect information necessary to provide and improve the HotByte platform. This includes:

  • Account data: Name, email address, phone number, and Google SSO profile information when you register or authenticate.
  • Order data: Menu items ordered, table number, order timestamps, and payment transaction IDs (processed via Razorpay).
  • Hotel data: Restaurant name, address, branding assets, menu items, pricing, and admin account credentials (hashed).
  • Device data: IP address, browser user-agent, and language preference for session management and localisation.

2. How We Use Your Information

Your data is used exclusively for the following purposes:

  • Processing and delivering food orders to the restaurant kitchen.
  • Authenticating your identity via OTP or Google SSO.
  • Managing hotel subscriptions, billing, and account access.
  • Sending transactional notifications related to orders and account status.
  • Generating anonymised sales analytics for restaurant partners.

3. Data Storage & Security

All data is stored securely on Neon PostgreSQL databases with encrypted connections (SSL/TLS). Session tokens are cryptographically signed and stored as HttpOnly cookies. Passwords are hashed using bcrypt with a cost factor of 12. We implement industry-standard security headers (Helmet CSP), rate limiting, and CORS policies to protect against common web vulnerabilities.

4. Third-Party Integrations

HotByte integrates with the following third-party services:

  • Razorpay: Payment processing for subscription billing and customer orders. We do not store full card details; all payment data is handled by Razorpay's PCI-compliant infrastructure.
  • Google Identity Services: SSO authentication. We receive only the profile information you authorise (name, email, avatar).
  • MessageCentral: SMS-based OTP verification. Phone numbers are used solely for authentication and are not shared with third parties.
  • Bunny CDN: Image storage and delivery for menu item photos and branding assets.

5. Data Retention

We retain your data for as long as your account is active or as needed to provide the service. After account deletion or subscription termination, we retain limited data for up to 90 days for legal and audit purposes, after which it is permanently anonymised or deleted.

6. Your Rights

You have the right to access, correct, or delete your personal data at any time. Hotel partners can update their information from the admin dashboard. Customers may contact us to request data deletion. To exercise these rights, email support@hotbyte.in.

7. Cookies & Local Storage

We use HttpOnly cookies for session management and localStorage for user preferences (language and theme). No third-party tracking cookies are used. You can clear this data at any time from your browser settings.

8. Contact

For privacy-related inquiries, contact us at support@hotbyte.in or visit our Contact page.