Menu
Features Product About Brand Story Get a Demo Sign In

Privacy

Privacy Policy

Effective date: February 23, 2026

1. Scope

This Privacy Policy explains how Bestorant collects, uses, shares, and retains personal data when you use our websites, applications, voice-agent features, APIs, and related services (collectively, the “Services”). Your use of our Services is also subject to our Terms and Conditions.

2. Merchant and end-customer data

Bestorant provides software and communications tools to restaurants and other businesses (“Merchants”). When an end customer places an order, makes a reservation, joins a loyalty program, or contacts a Merchant using Bestorant-powered channels (for example, by phone, SMS, web ordering, or in-app), Bestorant may process that information on the Merchant’s behalf to provide the Services. Merchants are responsible for providing their own customer-facing notices and obtaining any legally required consents from their end customers.

For merchant POS integrations (including Clover and Square), Bestorant generally acts as a service provider/processor to the Merchant. The Merchant remains responsible for its own privacy notices, legal basis, and customer rights handling.

3. Information we collect

We collect personal data that is necessary and proportionate to deliver the requested Services.

4. Information you provide directly

  • Account and contact data, including name, email, phone number, business name, and address.
  • Merchant onboarding details, billing details, and support request content.
  • Order, booking, and loyalty program information where applicable.
  • Communications content when you contact us for support, demos, or account assistance.

5. Information collected automatically

  • Device and network data such as IP address, browser type, OS, and request headers.
  • Usage data including page views, clicks, session duration, and interaction events.
  • Approximate location inferred from IP address.
  • Cookie and similar technology data used for functionality, analytics, and performance.

6. Information from third parties

  • Payment processors (for transaction status and billing records).
  • Partners and analytics providers that support service delivery and measurement.
  • Merchants and fulfillment participants in relation to orders and service requests.
  • POS platforms (including Clover and Square), where authorized by a Merchant, for account linking, menu/catalog sync, and webhook-driven updates.

7. Twilio voice and telephony data

Bestorant uses Twilio and related carrier infrastructure for voice-agent operations, phone number provisioning, SIP trunking, messaging, and serverless workflow logic via Twilio Functions.

For these features, we may process:

  • Provisioned phone numbers, call routing settings, and telecom configuration data.
  • Call detail records and metadata (timestamps, duration, status, direction, caller/callee identifiers).
  • SIP trunk signaling and session information needed for call setup and reliability.
  • Voice recordings and transcripts where recording/transcription is enabled by the Merchant or administrator.
  • Twilio Functions request/response logs and execution metadata for custom logic.
  • SMS delivery metadata and compliance events (opt-in, STOP, HELP, unsubscribe state).

This information is used for call handling, quality assurance, fraud prevention, troubleshooting, reporting, and product improvement. Where required, you may hear a notice that calls may be recorded or transcribed.

8. How we use personal data

  • To provide, maintain, and improve Bestorant Services.
  • To process transactions, subscriptions, and account administration.
  • To support restaurant workflows, automation, and communication features.
  • To establish and maintain Clover and Square OAuth connections for Merchant-authorized integrations.
  • To process POS webhook events and synchronize menu/catalog data.
  • To provide customer support and resolve disputes.
  • To detect abuse, fraud, and security incidents.
  • To comply with legal obligations and enforce contractual rights.

9. Communications and consent

If you opt in to SMS or voice communications, message frequency may vary and standard carrier rates may apply. You can opt out by replying STOP and request help by replying HELP. Consent is not a condition of purchase. We may continue to send non-promotional service communications where legally permitted.

Merchants that use Bestorant are responsible for obtaining legally required marketing consent from their end users. We may support these controls technically, but Merchant communications policies remain the Merchant's responsibility.

10. How we share data

We do not sell personal data. We may disclose personal data to:

  • Service providers and subprocessors, including Twilio for telephony services.
  • POS platform providers (including Clover and Square) when integration calls are made under Merchant authorization.
  • Payment processors and finance providers to complete transactions.
  • Merchants and fulfillment partners as required to fulfill user requests.
  • Regulators, law enforcement, and legal requestors where required by law.
  • Successor entities in mergers, acquisitions, or asset sales.

11. Cookies and tracking technologies

We use first-party and third-party cookies and similar technologies for essential functionality, analytics, and performance optimization. You can manage cookie settings in your browser (and where available, through our cookie banner/preferences controls). Disabling certain cookies may reduce Service functionality.

12. Payments and sensitive data

Payments are processed by third-party payment processors. Bestorant does not intentionally store full payment card numbers, and payment processors handle card data in accordance with their security standards. Please do not send sensitive personal information (for example, full card numbers) in support messages.

13. Data retention

We retain personal data for as long as needed for the purposes described in this policy, including legal, tax, accounting, security, fraud-prevention, and dispute-resolution requirements. Retention periods may vary based on Merchant settings and the type of data.

  • Account and service data: retained while your account is active and as needed after closure.
  • Transaction records: may be retained for defined legal/compliance periods.
  • POS integration credentials and configuration metadata: retained while integration is active and as needed for audit/security.
  • Webhook event records and retry history: retained to support reliability, diagnostics, and legal/compliance requirements.
  • Telephony logs and call metadata: retained based on plan settings, legal requirements, and support needs.
  • Call recordings/transcripts (if enabled): retained based on Merchant configuration and applicable legal requirements.

14. Security

We apply reasonable technical, administrative, and organizational safeguards to protect personal data. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.

For POS integrations, we support webhook signature verification controls and event deduplication safeguards to help protect against unauthorized or duplicate processing.

15. Your privacy rights

Depending on your jurisdiction, you may have rights to:

  • Access and receive a copy of your personal data.
  • Correct inaccurate personal data.
  • Request deletion, subject to legal exceptions.
  • Request portability where applicable.
  • Opt out of certain processing or sharing where applicable.
  • Appeal certain privacy-rights decisions.

To submit a privacy request, email privacy@bestorant.ai and include enough detail for us to verify your request. We may need to verify your identity before responding.

16. U.S. state privacy disclosures

Residents of certain U.S. states may have additional privacy rights under applicable state law. We do not sell personal data. Where required, we provide rights request and appeal mechanisms.

17. California notices

For California residents, we support applicable rights including access, deletion, correction, and rights regarding sharing for certain advertising uses as required by law.

18. International transfers

Our Services are hosted primarily in the United States and may involve processing in other jurisdictions used by our service providers. By using our Services where permitted by law, you acknowledge these transfers.

19. Children’s privacy

Our Services are not directed to children under 13, and we do not knowingly collect personal data from children under 13.

20. Changes to this policy

We may update this Privacy Policy from time to time. Material updates will be posted on this page with a revised effective date.

21. Contact us

For privacy questions, data requests, or complaints, contact legal@bestorant.ai.