Your privacy and data security are our top priorities
Last Updated: January 2025
Secure Integration
We use OAuth 2.0 authorization codes for third-party integrations. No sensitive tokens are stored on our servers.
Minimal Data Storage
We only store essential operational data needed to provide our services. Your data is never sold or shared without consent.
Your Control
You maintain full control over your data and integrations. Disconnect any service at any time through your dashboard.
1. Introduction
Welcome to Order Central. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform and services. We are committed to protecting your privacy and ensuring the security of your data.
By using Order Central, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our services.
2. Information We Collect
2.1 Information You Provide
Account Information: Name, email address, phone number, business details, and payment information when you register for our services
Restaurant Data: Menu items, pricing, location details, operating hours, and other business information necessary to operate your restaurant
Customer Data: Order information, delivery addresses, and communication preferences of your customers
Communications: Messages, support requests, and feedback you send to us
2.2 Automatically Collected Information
Usage Data: Information about how you interact with our platform, including pages visited, features used, and time spent
Device Information: IP address, browser type, operating system, device identifiers, and connection information
Location Data: General location information based on IP address or precise location with your permission
3. Third-Party Integrations (Uber Eats, etc.)
When you connect your Order Central account to third-party services like Uber Eats, we prioritize your security:
OAuth 2.0 Authorization Flow - What This Means for You:
We use industry-standard OAuth 2.0 protocol to connect with third-party platforms. This means you authorize Order Central through the third party's secure login page - we never see or store your third-party account passwords.
Authorization Code Grant: After you authorize the connection, we receive a temporary authorization code that is immediately exchanged for secure access credentials. This code can only be used once and expires quickly.
No Sensitive Token Storage: We do not store sensitive authentication tokens or credentials in plain text. Access tokens are encrypted and stored securely in our database with automatic expiration tracking.
Client Credentials for Store Operations: For day-to-day store management tasks (like updating menus, checking orders, managing store hours), we use separate client credentials tokens that do not have access to your personal account information.
Limited Scope Access: We only request the minimum permissions necessary to provide our services (e.g., store management, order retrieval, menu updates). We never request access beyond what's needed.
Token Refresh Security: Access tokens are refreshed automatically using secure refresh tokens. If a token expires or is revoked, we prompt you to reauthorize rather than storing long-lived credentials.
What We Access:
Store information (name, address, operating hours)
Menu items and pricing for synchronization
Incoming orders and their status
Webhook notifications for real-time updates
What We Never Access:
Your third-party account passwords or login credentials
Financial account information or payment credentials
Personal messages or communications with customers
Banking details or payout information
Your Control: You can disconnect any third-party integration at any time from your Order Central dashboard. When you disconnect, we immediately remove all associated access tokens and stop accessing data from that service. You must first remove store-level access from individual locations before disconnecting your account entirely.
4. How We Use Your Information
We use the information we collect to:
Provide, operate, and maintain our restaurant management services
Process and manage orders across multiple platforms
Synchronize menus, pricing, and store information with third-party delivery services
Send you notifications about orders, updates, and service-related information
Respond to your inquiries and provide customer support
Analyze usage patterns to improve our platform and develop new features
Detect, prevent, and address technical issues or fraudulent activity
Comply with legal obligations and enforce our terms of service
5. Data Sharing and Disclosure
We do not sell your personal information. We may share your information in the following circumstances:
5.1 With Your Consent
When you authorize us to connect with third-party services like Uber Eats or payment processors, we share necessary information to fulfill those integrations.
5.2 Service Providers
We work with trusted third-party service providers who help us operate our platform (hosting, payment processing, analytics). These providers are contractually obligated to protect your data and only use it for the services they provide to us.
5.3 Legal Requirements
We may disclose your information if required by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Order Central, our users, or others.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. We will notify you of any such change and provide options regarding your data.
6. Data Security
We implement industry-standard security measures to protect your information:
Encryption: All data transmitted between your device and our servers is encrypted using TLS/SSL protocols
Secure Storage: Sensitive data is encrypted at rest using AES-256 encryption
Access Controls: Strict role-based access controls limit who can access your data
Regular Security Audits: We conduct regular security assessments and vulnerability testing
Secure Authentication: Multi-factor authentication and strong password requirements protect your account
While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to enhance our security measures.
7. Data Retention
We retain your information for as long as necessary to provide our services and fulfill the purposes outlined in this policy. Specifically:
Account Information: Retained while your account is active and for a reasonable period after account closure for legal and business purposes
Order Data: Retained for at least 7 years for accounting, tax, and legal compliance purposes
Integration Tokens: Access tokens are automatically deleted when you disconnect an integration or when they expire
Usage Data: Aggregated and anonymized usage data may be retained indefinitely for analytics and service improvement
8. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate or incomplete information
Deletion: Request deletion of your personal information, subject to legal retention requirements
Portability: Request a copy of your data in a structured, machine-readable format
Objection: Object to certain processing of your information
Restriction: Request limitation on how we use your information
Opt-Out: Unsubscribe from marketing communications at any time
To exercise any of these rights, please contact us at privacy@ordercentral.us. We will respond to your request within 30 days.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance your experience:
Essential Cookies: Required for the platform to function (authentication, security)
Analytics Cookies: Help us understand how users interact with our platform
Preference Cookies: Remember your settings and preferences
You can control cookies through your browser settings. Note that disabling certain cookies may affect platform functionality.
10. Children's Privacy
Order Central is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child without parental consent, we will take steps to delete that information promptly.
11. International Data Transfers
Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. When we transfer your information internationally, we implement appropriate safeguards to protect your data in accordance with this Privacy Policy and applicable laws.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Your continued use of Order Central after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
If you are located in the European Union or United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR):
Right to withdraw consent at any time
Right to lodge a complaint with your local data protection authority
Right to data portability
Right to object to automated decision-making
Our legal basis for processing your information includes: performance of contract, legitimate interests, legal obligations, and your consent where applicable.