Privacy Policy

Last updated: May 8, 2026

The short version

MasOrder is a software platform restaurants use to take online orders. We collect the bare minimum information needed to run the service. We don’t sell your data, we don’t sell your customers’ data, and we don’t use it for advertising. Stripe handles all payment information — we never see card numbers.

Who this applies to

Restaurant owners (our customers): when you sign up to use MasOrder for your restaurant, this policy describes how we handle your account information.

Customers ordering food (your customers): when someone places an order through your storefront, MasOrder processes their information on your behalf as a service provider. That information belongs to you. Your customers should look at your privacy policy for how it’s ultimately used.

What we collect

From restaurant owners

• Email address (for sign-in via magic link)
• Restaurant name, address, phone, hours, and timezone
• Stripe Connect account ID (so payouts go to your bank — Stripe holds the bank details, not us)
• Menu items, photos, and prices you upload
• Optional: tablet device pairings, printer LAN IPs, and other setup configuration

From end customers (on your behalf)

• Name, phone number, and order details
• Pickup time and any notes they leave for the kitchen
• Payment is handled directly by Stripe — we receive a confirmation token, never the card number

Automatically

• Standard server logs (IP, user agent, referring page) — used for troubleshooting and abuse prevention only
• First-party analytics on the marketing site (page views, no third-party trackers)

How we use it

• To run the service you signed up for
• To send you transactional emails (order confirmations, account changes, magic-link sign-in)
• To process payments via Stripe
• To prevent fraud, abuse, and outages
• With your explicit opt-in: to send marketing emails to your customers from your restaurant. You can disable this from your dashboard at any time.

Who we share it with

We share information only with vendors that help us run the service:

• Stripe — payment processing and payouts
• Supabase — database hosting (US data center)
• Vercel — application hosting and CDN
• Resend — transactional email delivery

We do not sell personal information. We do not share it with advertisers or data brokers.

How long we keep it

For active accounts: as long as you keep your account open. For closed accounts: we delete account-identifying data within 90 days unless we’re required to retain it for tax or legal reasons (in which case the data is archived and inaccessible to anyone except for that purpose).

You can export your customer list and order history before closing the account.

Your rights

You can:

• Access your data — visible in your dashboard
• Export it — CSV download from the dashboard, or by emailing us
• Correct it — edit fields directly in the dashboard
• Delete it — close your account from the dashboard, or email us

If you’re in California (CCPA) or the EU/UK (GDPR), you have additional statutory rights. Email us and we’ll honor them.

Cookies

We use cookies (and similar local storage) only for things that need them: keeping you signed in, remembering your tablet pairing, and basic analytics. We don’t use third-party advertising cookies on the marketing site.

Security

All traffic is over HTTPS with 256-bit SSL. Database access is restricted by row-level security policies. Payments are tokenized by Stripe — we never store card numbers. No system is perfectly secure, and we’ll notify you if a breach affects your data.

Changes to this policy

If we make material changes, we’ll email you and post the new version here with a new “Last updated” date. Continued use of the service after a change means you accept the updated policy.

Contact

Questions, requests, or data concerns: hello@masorder.com