Privacy Policy

Last updated: April 26, 2026

Platform: Scanify Last Updated: April 26, 2026 Version: 1.0

Your privacy matters to us. This Privacy Policy explains what personal data Scanify collects, why we collect it, how we use it, and your rights over it. Please read this carefully before using our platform.

Table of Contents

  1. Who We Are
  2. Scope of This Policy
  3. Data We Collect
  4. How We Collect Your Data
  5. Why We Use Your Data
  6. Legal Basis for Processing
  7. Data Sharing and Disclosure
  8. Data Retention
  9. Data Security
  10. Your Rights
  11. Children's Privacy
  12. Third-Party Links and Services
  13. Cookies
  14. Grievance Officer
  15. Changes to This Policy
  16. Contact Us

1. Who We Are

Scanify is a Software-as-a-Service (SaaS) platform that enables restaurants and food businesses to offer digital menus and ordering through QR codes. We operate at https://scanify.co.in and are incorporated under the laws of India.

When this policy refers to "Scanify," "we," "us," or "our," it means the Scanify platform and its operators.

2. Scope of This Policy

This Privacy Policy applies to:

  • Restaurant Partners who register and use Scanify's dashboard and tools
  • End Customers who scan QR codes or access Scanify-powered menus to browse or place orders
  • Visitors who browse our website at scanify.co.in without placing an order or registering

This policy covers data collected through our website, web application, mobile application, QR code interfaces, APIs, and any communications with us (email, support tickets, etc.).

3. Data We Collect

3.1 Data You Provide Directly

Restaurant Partners:

  • Business name, owner name, and contact details (email, phone number)
  • Registered business address
  • FSSAI license number and other regulatory identifiers
  • Bank account and payment settlement details
  • Menu content including food names, descriptions, images, and pricing
  • Login credentials (stored in encrypted form; we never store plain-text passwords)

End Customers:

  • Name and phone number (for order confirmation and communication)
  • Email address (if provided)
  • Order details including items selected, quantities, and special instructions
  • Payment-related information (handled by third-party payment gateways; we do not store full card details)
  • Table number or delivery address where applicable

3.2 Data Collected Automatically

When you use the Platform, we automatically collect:

  • Device information: device type, operating system, browser type and version
  • Usage data: pages visited, features used, time spent on pages, click patterns
  • Log data: IP address, timestamps, referring URLs, error logs
  • Location data: approximate location inferred from IP address (not GPS-precise location)
  • QR scan events: time and frequency of QR code scans (no personally identifiable information is captured at scan time unless the user proceeds to order)

3.3 Data from Third Parties

We may receive data about you from:

  • Payment gateway providers (transaction status, payment reference IDs)
  • Analytics providers (aggregated usage statistics)
  • Cloud infrastructure providers (hosting and availability logs)

4. How We Collect Your Data

We collect your data through:

  • Account registration forms filled out by Restaurant Partners
  • Order placement flows completed by End Customers
  • Cookies and tracking technologies (see Section 13 and our Cookie Policy)
  • Email and support communications you initiate with us
  • Third-party integrations including payment gateways and analytics tools
  • QR code interactions when customers scan and interact with a Scanify-powered menu

5. Why We Use Your Data

We use your personal data for the following purposes:

PurposeDetails
Platform operationTo provide, maintain, and improve the Scanify platform and all its features
Order processingTo facilitate order placement, confirmation, and communication between restaurants and customers
Account managementTo create, maintain, and secure your Scanify account
Customer supportTo respond to queries, complaints, and support tickets
PaymentsTo facilitate payment processing via third-party gateways and manage settlements with Restaurant Partners
Legal complianceTo comply with applicable Indian laws including the IT Act, DPDP Act, and GST regulations
Security and fraud preventionTo detect, investigate, and prevent fraudulent or abusive activity
Platform analyticsTo understand how the platform is used and to improve features and performance
CommunicationsTo send service-related notifications, invoices, and updates (not unsolicited marketing)

We will never sell your personal data to third parties for advertising or marketing purposes.

6. Legal Basis for Processing

Scanify processes personal data under the following legal bases, in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the IT Act, 2000:

  • Consent: Where you have explicitly provided consent (e.g., subscribing to communications)
  • Contract: Where processing is necessary to fulfil our contractual obligations to you (e.g., operating your restaurant account, processing orders)
  • Legal obligation: Where we are required to process data to comply with applicable law
  • Legitimate interest: Where processing is necessary for our legitimate business interests (e.g., fraud prevention, platform security, analytics), provided those interests are not overridden by your rights

7. Data Sharing and Disclosure

We do not sell your personal data. We share your data only in the following circumstances:

7.1 With Restaurant Partners

End Customer order data (name, order details, contact number) is shared with the relevant Restaurant Partner to fulfil the order. Restaurant Partners are independently responsible for handling this data lawfully.

7.2 With Service Providers

We engage trusted third-party service providers who process data on our behalf, including:

  • Payment gateways (e.g., Razorpay, PayU) for processing transactions
  • Cloud hosting providers for platform infrastructure
  • Analytics platforms for aggregated usage insights
  • Email and SMS providers for transactional communications

All service providers are bound by data processing agreements and are prohibited from using your data for their own purposes.

7.3 Legal and Regulatory Disclosure

We may disclose your data to government authorities, law enforcement, or regulators when required to do so by applicable law, court order, or regulatory directive — including obligations under the IT Act, 2000 and DPDP Act, 2023.

7.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the successor entity. We will notify affected users in advance where required by law.

8. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this policy or as required by law:

Data TypeRetention Period
Restaurant Partner account dataDuration of the account + 3 years after termination
Order data (Restaurant Partners)7 years (for GST and tax compliance)
End Customer order data1 year from date of order
Payment records7 years (as required under Indian financial regulations)
Support and communication records2 years
Website analytics data13 months (rolling)

After the retention period, data is securely deleted or anonymised.

9. Data Security

Scanify implements industry-standard technical and organisational security measures to protect your personal data, including:

  • Encryption in transit: All data exchanged between your device and our servers is encrypted using TLS (HTTPS)
  • Encryption at rest: Sensitive data including passwords and payment-related fields are encrypted at rest
  • Access controls: Internal access to personal data is restricted on a need-to-know basis
  • Regular security reviews: We conduct periodic security assessments of our platform
  • Incident response: We maintain a data breach response procedure and will notify affected users and regulators as required by applicable law

Important: No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Your Rights

Under the Digital Personal Data Protection Act, 2023 and applicable Indian law, you have the following rights regarding your personal data:

10.1 Right to Access

You may request a copy of the personal data we hold about you.

10.2 Right to Correction

You may request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure

You may request deletion of your personal data, subject to legal retention obligations (e.g., GST records must be retained for 7 years).

10.4 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

10.5 Right to Grievance Redressal

You have the right to raise a grievance with our Grievance Officer (see Section 14).

10.6 Right to Nominate

Under the DPDP Act, you have the right to nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, contact us at privacy@scanify.co.in. We will respond within 30 days of receiving your request.

11. Children's Privacy

The Scanify platform is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a child under 18, please contact us immediately at privacy@scanify.co.in and we will delete it promptly.

12. Third-Party Links and Services

The Platform may contain links to third-party websites or integrate with third-party services (payment gateways, social media, etc.). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party service you interact with through our platform.

13. Cookies

Scanify uses cookies and similar tracking technologies to operate and improve the platform. For full details on what cookies we use, why, and how to manage them, please read our Cookie Policy.

14. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the DPDP Act, 2023, Scanify has appointed a Grievance Officer for privacy-related concerns:

Name[Grievance Officer Name]
Emailgrievance@scanify.co.in
Address[Registered Office Address], India
HoursMonday – Friday, 9:00 AM – 6:00 PM IST

Complaints will be acknowledged within 24 hours and resolved within 30 days where possible.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date and notify registered users via email or an in-platform notice.

Your continued use of the Platform after the updated policy takes effect constitutes your acceptance of the revised policy.

16. Contact Us

Emailprivacy@scanify.co.in
Supportsupport@scanify.co.in
Websitehttps://scanify.co.in
Address[Registered Office Address], India