Privacy Policy

Last updated: May 23, 2025

1. Introduction

DevzoraTech Ltd (“we”, “us”, “our”) operates the RestOS platform, including the RestOS Admin web application, RestOS Waiter mobile application, and RestOS Kitchen mobile application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account registration data: name, email address, phone number, organization name
  • Staff profile information: role, assigned branch, employment details
  • Payment and billing information processed through our payment providers
  • Communications you send to us (support requests, feedback)

2.2 Information Collected Automatically

  • Device information: device model, operating system, unique device identifiers
  • Location data: GPS coordinates when using attendance features (clock-in/out, geofence validation)
  • Usage data: app interactions, feature usage patterns, session duration
  • Log data: IP address, browser type, access times, pages viewed
  • Push notification tokens for delivering real-time updates

2.3 Information From Third Parties

  • Payment verification data from Stripe and mobile money providers
  • Firebase Cloud Messaging identifiers for push notifications

3. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process transactions and manage subscriptions
  • Verify staff attendance through GPS-based geofencing
  • Send operational notifications (order updates, schedule changes, system alerts)
  • Generate analytics and reports for your organization
  • Detect and prevent fraud, abuse, or security incidents
  • Comply with legal obligations
  • Communicate service updates, maintenance notices, and support responses

4. Location Data

Our mobile applications collect precise location data solely for the attendance and geofencing features. Location data is collected only when you actively clock in or out, or when the heartbeat feature is enabled during an active shift. You can disable location permissions at the device level, though this will prevent use of GPS-based attendance features.

5. Data Sharing and Disclosure

We do not sell your personal information. We may share data with:

  • Your organization: Employers/managers within your organization can view staff attendance, schedule, and performance data
  • Service providers: Cloud hosting (AWS), payment processing (Stripe), email delivery (Resend), push notifications (Firebase)
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets

6. Data Security

We implement industry-standard security measures including:

  • Encryption in transit (TLS/HTTPS) and at rest (AES-256)
  • JWT-based authentication with role-based access control
  • Multi-tenant data isolation at the database level
  • Regular security audits and vulnerability assessments
  • Secure credential storage and API key management

7. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Organization data is retained for the duration of the subscription. Upon account deletion or subscription termination, we will delete or anonymize your data within 90 days, except where retention is required by law.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Data portability (receive your data in a structured format)
  • Withdraw consent at any time

To exercise these rights, contact us at privacy@devzoratech.com.

9. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and, where appropriate, via email or in-app notification. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

If you have questions about this Privacy Policy or our data practices, contact us at:

DevzoraTech Ltd
Kampala, Uganda
Email: privacy@devzoratech.com

← Back to home