RestroPulseBack to app
Privacy

Privacy Policy

Last updated: May 27, 2026

RestroPulse ("we", "us", "our") provides a multi-property hospitality operations platform — Customer Pulse Index, financial intelligence, operational dashboards, and connected third-party integrations including Google Business Profile. This Privacy Policy explains what data we collect, how we use it, the third parties we integrate with, and the rights you have over your information.

1. Information we collect

Account & tenant data

  • Name, work email, role, tenant (organisation) you belong to.
  • Hashed authentication credentials. We never store passwords in plain text.
  • Outlet / property metadata you configure inside RestroPulse.

Operational data you submit

  • Financial entries, checklists, recipes, inventory counts, marketing entries, customer feedback submissions and any other content you record in the app.
  • Customer Pulse Index (CPI) guest submissions — these are submitted by your guests via QR-driven public forms. Your tenant alone controls and owns this data.

Telemetry & security logs

  • Login attempts, IP address, browser user-agent, and timestamps for audit + abuse prevention.
  • Application error reports (no sensitive payload data) so we can fix bugs.

2. Google Business Profile integration

Where a tenant connects their Google Business Profile to RestroPulse, we request the OAuth scope https://www.googleapis.com/auth/business.manage. This authorisation is granted by the individual admin who completes Google's consent screen, and can be revoked by them at any time from their Google Account permissions page.

We use Google Business Profile data only for the following purposes:

  • Discovering the list of business locations the connecting admin manages, so they can map each Google location to a RestroPulse outlet.
  • Fetching customer reviews, ratings, reviewer names, review timestamps and existing replies for the locations the admin has explicitly mapped.
  • Posting review replies on behalf of the tenant only when the admin composes and submits the reply inside RestroPulse.

We do not use Google Business Profile data to train AI models, sell to third parties, advertise, build user-level behavioural profiles, or share with any party outside the tenant who authorised the connection. Refresh tokens are encrypted at rest in our database and are never exposed to the browser or to any third party. If a tenant disconnects their Google account from RestroPulse, all tokens and synchronised review data for that tenant are deleted within 30 days.

RestroPulse's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

3. How we use your data

  • To deliver the features you sign up for — dashboards, P&L, CPI, inventory, etc.
  • To enforce role-based access inside your tenant.
  • To send essential service emails (password resets, security alerts, billing).
  • To investigate and prevent abuse, fraud, and security incidents.
  • To comply with legal obligations.

4. Data sharing

We do not sell tenant data, customer data, or any data obtained from Google APIs to anyone. We share data only with:

  • Infrastructure providers (e.g. our hosting and database vendor) under confidentiality and data-processing agreements, solely to operate the service.
  • Authorised users within your tenant — admins, area managers, and outlet managers see the slice of data their role permits.
  • Legal authorities if compelled by valid legal process, and only the minimum required.

5. Data retention

  • Operational and financial data: retained for the active life of your tenant + 7 years for statutory record-keeping (financial regulation).
  • CPI guest submissions: retained for the active life of your tenant + 24 months unless you delete earlier.
  • Google Business Profile tokens + synchronised reviews: deleted within 30 days of disconnection or tenant termination.
  • Telemetry logs: 90 days.

6. Security

  • All traffic is encrypted in transit via TLS 1.2+.
  • Tokens and secrets are encrypted at rest.
  • Every API endpoint enforces per-tenant isolation server-side. A user from Tenant A can never query Tenant B's data, even via direct API calls.
  • Role-based access control + feature governance is enforced both in the UI and at the API layer.

7. Your rights

Subject to applicable law, you have the right to access, correct, export, or delete the personal data we hold about you, and to withdraw consent to optional processing. To exercise any of these rights, contact us at the address below. We respond within 30 days.

8. International transfers

Our infrastructure may process data in jurisdictions different from yours. Where required by law (e.g. GDPR), transfers are governed by Standard Contractual Clauses or equivalent safeguards.

9. Changes

We will post material changes to this policy with at least 30 days' notice via the "Last updated" date and an in-app notification.

10. Contact

Questions, requests, or complaints: privacy@restropulse.com.

Privacy Policy·Terms of Service
© 2026 RestroPulse · All rights reserved

Made with Emergent