Compliance Standards

Although DineFlow primarily serves Indian restaurants, we implement GDPR-aligned practices across all our data handling operations. Our guest QR menu interface collects zero PII from diners — no email, name, or phone is required to browse or order, which means the majority of our guest-facing interactions fall entirely outside GDPR's scope. For merchant accounts where EU-based individuals may submit enquiries, we process their data lawfully under the "legitimate interest" and "contractual necessity" bases.

• Zero PII collected from dining guests at the menu level
• Merchant data processed under contractual necessity basis
• Data Subject Access Requests (DSARs) honored within 30 days
• Right to erasure requests processed within 72 hours
• Data Processing Agreements (DPAs) available for EU enterprise clients
• Privacy by design principles applied across all new features

DineFlow complies with the Information Technology Act, 2000 and its associated rules, and has aligned our data practices with India's Digital Personal Data Protection (DPDP) Act, 2023. All Indian restaurant account data is processed and stored within India. We maintain a legally registered entity in India (DineFlow Technologies Pvt. Ltd.) and appoint a Data Protection Officer (DPO) as required under applicable regulations.

• All Indian merchant data stored within India (GCP Mumbai)
• Registered as an Indian company under Companies Act
• Designated Data Protection Officer (DPO) appointed
• Data localization requirements satisfied
• Merchant data portability provided via CSV export
• DPDP Act consent mechanisms implemented for data processing

DineFlow is a menu presentation and ordering platform. We do not process, store, or transmit payment card data. Our system submits orders to the merchant dashboard — billing is handled offline at the restaurant's existing cash/card counter. This design means DineFlow is entirely out-of-scope for PCI-DSS compliance obligations. Merchants using third-party payment integrations connect their own PCI-DSS compliant payment processors independently.

• No payment card data processed, stored, or transmitted
• Orders are submitted without any payment step in DineFlow
• PCI-DSS scope analysis confirmed with third-party assessor
• Merchants retain full control over their payment processors
• Razorpay / PayU integration guidelines provided for merchants who opt-in
• Out-of-scope declaration available for merchant compliance reviews

DineFlow supports restaurants in displaying FSSAI license information on their menu interfaces as required under food safety regulations. Merchants can add allergen disclosures, caloric information, and certification numbers to individual menu items. We generate GST-inclusive price display options and support proper menu categorization for businesses operating under FSSAI's food business operator license requirements.

• FSSAI license number display on menu interface (optional)
• Allergen disclosure fields on each menu item
• GST-inclusive price display options in menu settings
• Vegetarian/Non-vegetarian FSSAI color coding supported
• Caloric / nutritional info fields available per item
• Halal and Kosher certification display options available