Privacy Policy

Qendrix ("we," "our," or "us") respects your privacy and is committed to protecting the personal information of our customers (restaurants), their guests, and visitors to our website. This Privacy Policy comprehensively discloses how we collect, use, process, and share information when you use our website, AI booking agent, table management system, and related services (collectively, the "Services").

By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information in three primary ways: directly from you, automatically through your use of the Services, and from third-party sources.

2. How We Use Your Information

We process your information for specific, legitimate business purposes, including:

• Providing and Maintaining Services: To facilitate reservations, manage seating, process payments, and ensure the platform functions correctly.
• AI & Automation: To power our AI voice and text agents, allowing them to answer calls, take bookings, and respond to guest inquiries automatically.
• Personalization: To remember preferences (e.g., dietary restrictions, seating favorites) and provide a tailored experience for returning guests.
• Analytics and Improvement: To analyze usage trends, train and improve our AI models (using anonymized data), and develop new features.
• Communications: To send booking confirmations, reminders, security alerts, support messages, and administrative updates.
• Marketing: With your consent, to send promotional materials, newsletters, and information about new features or services.
• Security and Compliance: To detect and prevent fraud, abuse, or security incidents, and to comply with legal obligations.
• Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we rely on the following legal bases for processing your personal data:

• Contractual Necessity: Processing necessary to perform our contract with you (e.g., providing the Services).
• Legitimate Interests: Processing necessary for our legitimate business interests (e.g., improving our Services, fraud prevention), provided such interests are not overridden by your rights.
• Consent: Where you have given explicit consent (e.g., for marketing communications).
• Legal Obligation: Processing necessary to comply with legal requirements.

4. How We Share Your Information

We do not sell your personal data. We share information only in the following circumstances:

• With Restaurants: If you are a guest, your reservation details and dining profile are shared with the specific restaurant where you made a booking.
• Service Providers: We employ third-party companies and individuals to facilitate our Services (e.g., cloud hosting via AWS/Google Cloud, payment processing via Stripe, SMS delivery via Twilio, voice synthesis). These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
• Business Transfers: If Qendrix is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.
• Legal Requirements: We may disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court order, subpoena, or government agency request).
• Protection of Rights: We may disclose information to enforce our Terms of Service, protect our rights, privacy, safety, or property, and/or that of you or others.
• With Your Consent: We may share your information for other purposes with your explicit consent.

5. Cookies and Tracking Technologies

We use various tracking technologies to collect and store information:

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained for as long as your account is active, plus up to 3 years after account closure for legal and audit purposes.
• Reservation Data: Retained for 7 years to comply with tax and business record requirements.
• Call Recordings: Retained for 90 days for quality assurance, then deleted or anonymized for AI training purposes.
• Analytics Data: Aggregated analytics are retained indefinitely; identifiable analytics data is retained for 26 months.
• Marketing Data: Retained until you unsubscribe or withdraw consent, plus a suppression list to honor opt-outs.

When data is no longer needed, we securely delete or anonymize it. In some cases, we may retain certain information for longer periods as required by law or for legitimate business purposes.

7. International Data Transfers

Qendrix is headquartered in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our servers are located.

For transfers from the EEA, UK, or Switzerland, we rely on:

• Standard Contractual Clauses (SCCs): Approved by the European Commission for transferring personal data to third countries.
• Data Processing Agreements: Contracts with our service providers that include appropriate safeguards.
• Adequacy Decisions: Where applicable, we transfer data to countries recognized as providing adequate protection.

8. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Deletion: Request the permanent deletion of your personal data from our systems.
• Right to Portability: Receive your data in a structured, commonly used, machine-readable format.
• Right to Restrict Processing: Request that we limit how we use your data.
• Right to Object: Object to our processing of your data for certain purposes, including direct marketing.
• Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time.
• Right to Lodge a Complaint: File a complaint with a supervisory authority if you believe your rights have been violated.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: You can request information about the categories and specific pieces of personal information we have collected about you, the sources of that information, our business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: You can request deletion of your personal information, subject to certain exceptions.
• Right to Correct: You can request correction of inaccurate personal information.
• Right to Opt-Out of Sale/Sharing: We do not sell personal information or share it for cross-context behavioral advertising.
• Right to Limit Use of Sensitive Personal Information: You can limit our use of sensitive personal information to what is necessary to provide the Services.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

To submit a request, email hello@qendrix.com with "California Privacy Request" in the subject line.

10. AI Disclosure

Our Services utilize Artificial Intelligence (AI) technologies, including Natural Language Processing (NLP), speech recognition, and voice synthesis, to handle phone calls and messages. By using the Service, you acknowledge that you may be interacting with an AI agent.

• Recordings: We record these interactions for quality assurance, to fulfill your requests accurately, and to train our models to better understand human speech and intent.
• AI Training: We may use anonymized and aggregated data from interactions to improve our AI systems. Personal identifiers are removed before use in training.
• Human Review: In limited cases, human reviewers may access recordings to improve AI accuracy. Access is restricted and subject to confidentiality obligations.
• Automated Decision-Making: Our AI may make automated decisions about reservation availability and scheduling. You can request human review of any automated decision by contacting the restaurant directly.

11. Data Security

We implement industry-standard technical and organizational security measures to protect your data from unauthorized access, alteration, disclosure, or destruction:

• Encryption: Data is encrypted in transit (TLS 1.3) and at rest (AES-256).
• Access Controls: We use role-based access controls and multi-factor authentication for employee access.
• Infrastructure: Our systems are hosted on secure, SOC 2 compliant cloud infrastructure.
• Monitoring: We employ continuous security monitoring, intrusion detection, and regular vulnerability assessments.
• Incident Response: We maintain an incident response plan and will notify affected users of data breaches as required by law.

However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

12. Do Not Track Signals

Some browsers have a "Do Not Track" (DNT) feature that lets you tell websites you do not want your online activities tracked. Currently, there is no uniform standard for handling DNT signals. Our Services do not currently respond to DNT signals. However, you can manage your cookie preferences through your browser settings as described in Section 5.

13. Third-Party Links

Our Services may contain links to third-party websites, plugins, or applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy practices. We encourage you to read the privacy policy of every website you visit.

14. Children's Privacy

Our Services are not directed to individuals under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If we become aware that we have collected Personal Data from a child under 16 without verification of parental consent, we take steps to remove that information from our servers. If you believe we have collected information from a child under 16, please contact us immediately at hello@qendrix.com.

15. Changes to This Policy

We may update our Privacy Policy from time to time. We will notify you of material changes by posting a prominent notice on our Services, sending you an email, or through other appropriate channels prior to the change becoming effective. We will also update the "Last updated" date at the top of this policy. Your continued use of the Services after the effective date constitutes acceptance of the revised policy. You are advised to review this Privacy Policy periodically for any changes.

Contact Us

If you have any questions about this Privacy Policy, our data practices, or wish to exercise your privacy rights, please contact us: