Data Deletion Instructions

This page explains how to request deletion of personal data from RestoFlow. It covers account, business profile, promoter, Meta/social, operational and guest data processed through QR flows.

For Meta App Review, this page also serves as the public Data Deletion Instructions URL for the RestoFlow Meta integration.

Send your request to robert.serban@restoflow.ro with the subject Data Deletion Request.

Please include, where possible:

• your RestoFlow account email;
• your full name and role: owner, staff/waiter, promoter or restaurant guest;
• restaurant name, restaurant slug/ID or table code, if available;
• whether you want account deletion, Meta/social deletion, promoter data deletion or a specific request;
• any information that helps us verify that the request is legitimate.

We may request additional information to verify identity and authority for the relevant account or restaurant. We will not ask for more data than is reasonably necessary for verification.

Our operational target is to process verified requests within 30 days, with extensions for complex cases as permitted by GDPR. We will tell you if clarification or additional time is needed.

For owners, staff and promoters, we may delete or anonymize profile, access, preference, generated content, draft, integration token and no-longer-needed data, as well as operational data directly tied to the user.

For promoters, some records about referrals, commissions, payouts, fiscal documents, Stripe Connect/KYC checks and anti-fraud audit may be retained when needed for legal, accounting, contractual or rights-defense purposes.

If you used a QR menu, placed an order, called a waiter, requested the bill or left a review, the restaurant is usually the data controller. RestoFlow may process the request technically, but we may redirect it to the restaurant or work together with the restaurant.

To identify the data, include the restaurant, table, approximate date and order/request details. Do not send unnecessary sensitive data.

To stop future Meta processing immediately, complete both steps:

1. in the RestoFlow owner dashboard, open Social Posts and disconnect the Meta account;
2. in Meta/Facebook/Instagram settings, remove RestoFlow from connected apps or business integrations.

Then email us to delete already stored data such as page/account identifiers, tokens, OAuth states, publishing logs, social drafts, captions and generated images where deletion is legally and technically permitted.

Depending on the request, we may delete or anonymize:

• profile and account data no longer needed;
• deactivated third-party tokens and connections;
• AI/social drafts, prompts and generated images tied to the request;
• personal operational data where deletion does not affect legitimate restaurant records;
• technical identifiers or guest comments when they can reasonably be identified.

Where full deletion is not possible without affecting legal records or other persons' rights, we may restrict, pseudonymize or anonymize the data.

Some data may be retained when needed for tax, accounting, e-Factura, billing documents, payout records, Stripe or Connect compliance, fraud prevention, security, audit, dispute resolution, or legal claims and defenses.

Data retained under an exception is limited to that purpose and is not used for ordinary account features after an approved deletion request.

Backups and logs may retain data for a limited period until rotation or expiry. During that time they are protected and are not restored into active systems unless required for security, continuity or legal obligations.

For third-party providers such as Meta, Stripe or Stripe Connect, you may need to manage requests or settings separately in that provider's platform.

Read the Privacy Policy and Terms and Conditions for full details about data processing and service use.

Service URL: https://restoflow.ro