Privacy Policy – Swad Sangam

1. Overview & Scope

Swad Sangam ("we," "our," or "the App") is a restaurant management platform built for restaurant owners, managers, waiters, chefs, and cashiers operating within a single or multi-branch restaurant business. The App is not a consumer-facing ordering platform — it is an internal operational tool used exclusively by authorised restaurant staff.

This Privacy Policy explains what personal information we collect, why we collect it, how we protect it, and what rights you have over it. By using Swad Sangam, you agree to the practices described in this Policy.

Important: Swad Sangam primarily handles restaurant operational and staff data. For restaurants that enable QR table ordering, limited end-customer data is also processed as described in this Policy.

2. Who This Policy Applies To

This policy applies to all individuals who access or use the Swad Sangam application, including:

Restaurant Owners — who register the business and manage all settings, staff, and reports.
Managers — who oversee operations including menus, tables, and staff.
Waiters — who take orders, manage tables, and view menus.
Chefs — who view and update the status of kitchen orders.
Cashiers — who process payments and manage billing.

Access to the App requires credentials issued by the restaurant owner or manager. The App is intended for users aged 18 and above.

3. Information We Collect

3.1 Account & Staff Profile Information

When a restaurant owner or manager creates a staff account, the following information is collected and stored:

Data Field	Purpose	Required?
Full name	Display in app, receipt attribution, staff identification	Yes
Email address	Login credential, account identification	Yes
Phone number	Account identification (used as alternate login)	Yes
Role (waiter / chef / cashier / manager)	Access control — determines which features and data are visible	Yes
Password (hashed)	Authentication — stored only as a secure hash, never in plain text	Yes
Branch / Tenant assignment	Associates the staff member with the correct restaurant branch	Yes

3.2 Business & Restaurant Data

Owners configure their restaurant profile. This includes:

Restaurant name, tagline, and address
Restaurant contact phone number (for printing on receipts)
GSTIN (Goods and Services Tax Identification Number) — for GST-compliant billing
FSSAI number (Food Safety and Standards Authority of India) — for receipt printing
UPI ID — used to generate QR codes for payment collection at point-of-sale
GST configuration (CGST/SGST percentages, included/excluded mode)

This information is stored on our servers and used solely for operational and billing purposes within the App.

3.3 Order & Transaction Data

The App records operational transaction data to support restaurant workflows:

Orders placed (items, quantities, prices, table number, parcel vs. dine-in)
Order status history (open, ready, paid, cancelled)
Payment records (amount, payment mode: cash or UPI, cash tendered and change, timestamp)
GST breakdown per order (base amount, CGST, SGST, grand total)
Cancellation reasons
Waiter name and cashier name attributed to each order
Customer-provided notes on orders (if entered by the waiter)

Order data belongs to the restaurant business and is used for billing, daily reports, and sales analytics within the App.

3.4 Device & Technical Data

The following technical data is collected automatically to enable core app functionality:

Data	Purpose
Firebase Cloud Messaging (FCM) device token	Delivering real-time push notifications (e.g., new order alerts for kitchen staff)
Authentication token (JWT)	Stored locally on device in SharedPreferences to maintain login session
User role (cached locally)	Determines which shell/view to display on app launch without requiring re-login
Restaurant preferences (locally cached)	Restaurant name, UPI ID, GST settings, printer settings — cached for offline receipt printing
Bluetooth device MAC address (printer)	Saved locally only to auto-reconnect to the previously paired thermal receipt printer

3.5 Information We Do NOT Collect

Not Collected

Location / GPS data

Not Collected

Camera or microphone access

Not Collected

Contacts or address book

Not Collected

Browsing history or search history

Not Collected

Social media profiles

Not Collected

Biometric data

Not Collected

Financial or banking details

3.6 End Customer Data (QR Ordering)

When a restaurant enables QR-based table ordering, end customers may provide:

Phone number (used for order tracking and returning customer recognition)
Order details (items selected, table number, timestamp)

This data is stored under the restaurant's account and is accessible only to that restaurant's authorised staff.

End customers may request deletion of their data by contacting the restaurant directly or by emailing swadsangamm@gmail.com.

No marketing communications are sent to end customers without explicit consent.

4. How We Use Your Information

We use the information we collect exclusively for the following purposes:

Purpose	Data Used
User authentication & session management	Email/phone, password hash, JWT token
Role-based access control	Staff role, branch/tenant ID
Push notifications for order updates	FCM device token
Order management and kitchen display	Order items, status, table number
Billing and receipt printing	Order totals, GST breakdown, waiter/cashier name, restaurant info
UPI payment QR code generation	UPI ID, order amount, order number
Daily sales reports and analytics	Aggregated order and payment data
Menu and category management	Menu item data entered by the owner
Table management	Table layout and occupancy data
Thermal printer auto-reconnection	Locally stored Bluetooth MAC address
Multi-language support	App language preference (stored locally)

We do not use your data for advertising, profiling, or any purpose outside restaurant operations.

5. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information to any third party.

We share data only in the following limited circumstances:

5.1 Within the Restaurant

Staff data (name, role) is visible to the owner and manager who manages that restaurant. Order data is visible to all authorised staff members of that branch in accordance with their role permissions.

5.2 Service Providers

We use the following infrastructure providers to operate the App:

Provider	Purpose	Data Shared	Policy Link
Google Firebase	Push notifications (FCM)	FCM device token, notification content	firebase.google.com/support/privacy
Backend server (hosted infrastructure)	API server, database	All app data (staff profiles, orders, menus)	Subject to our server-side security controls

5.3 Legal Requirements

We may disclose information if required by applicable law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of Swad Sangam, our users, or others.

5.4 Business Transfer

If Swad Sangam undergoes a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. You will be notified of any such change via email or a prominent notice within the App.

6. Data Retention

We retain personal data for as long as the staff account remains active or as needed to provide services to the restaurant.

Staff account data — retained for the duration of the staff member's relationship with the restaurant. When a staff account is deleted by the owner or manager, personal data is removed from our servers within 30 days.
Order & transaction data — retained for up to 3 years for accounting, GST compliance, and sales reporting purposes, as required under Indian tax regulations.
Device tokens (FCM) — refreshed automatically by Firebase; stale tokens are not actively stored beyond app session.
Locally cached preferences — stored on the device and cleared when the user logs out or uninstalls the App.

Restaurant owners may request deletion of all data associated with their account by contacting us at the address below.

Account Deletion

Users can request account deletion through either of the following methods:

In-app: Settings → Account → Delete Account
Web (without login): www.swadsangam.store/delete-account

Upon request, personal data is deleted within 30 days. Order and transaction data is retained for up to 3 years as required under Indian GST regulations.

7. Security

We take data security seriously and implement the following measures to protect your information:

Encrypted transmission — all data between the App and our servers is transmitted over HTTPS (TLS).
Password hashing — passwords are never stored in plain text; they are stored as secure one-way hashes.
Token-based authentication — session tokens (JWT) are stored securely in local device storage and transmitted in request headers.
Role-based access — each staff role can only access data and functions appropriate to their role. A waiter cannot access owner reports; a chef cannot access billing.
No sensitive payment data — the App does not store, process, or transmit credit card or bank account details. UPI payments are handled via QR code generation only; no payment gateway transaction data is stored in the App.

While we strive to use commercially acceptable means to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Device Permissions

The App may request the following device permissions. Each is used solely for the stated purpose:

Permission	Why It Is Needed	Optional?
POST_NOTIFICATIONS	To receive push notifications for new orders, order status changes, and alerts	Required for alerts
BLUETOOTH / BLUETOOTH_CONNECT / BLUETOOTH_SCAN	To discover, pair, and print to a Bluetooth thermal receipt printer	Optional
INTERNET	Core connectivity for all API communication	Required
RECEIVE_BOOT_COMPLETED	To re-initialise background notification handling after device restart	Background
VIBRATE	To vibrate the device when a new order notification arrives	Optional

The App does not request access to your camera, microphone, contacts, location, or file storage.

9. Third-Party Services

Swad Sangam integrates with the following third-party services. Each service is governed by its own privacy policy, which we encourage you to review:

Service	Provider	Purpose	Privacy Policy
Firebase Cloud Messaging (FCM)	Google LLC	Push notifications for order and kitchen alerts	policies.google.com/privacy
Firebase Core	Google LLC	App initialisation and Firebase SDK integration	firebase.google.com/support/privacy
Google Fonts	Google LLC	Typography rendering (fonts loaded at runtime)	policies.google.com/privacy
UPI Deep Link / QR (India UPI)	National Payments Corporation of India (NPCI)	Generating UPI payment QR codes for in-person cashless payment	Governed by the UPI framework; no data is transmitted to NPCI by the App
Bluetooth thermal printer SDK	print_bluetooth_thermal (open-source)	Connecting and printing to a paired Bluetooth printer	No data is transmitted externally; communication is local Bluetooth only

We do not integrate with any advertising networks, analytics SDKs (such as Google Analytics or Firebase Analytics), or social media platforms.

10. Children's Privacy

Swad Sangam is a business-to-business (B2B) application intended exclusively for adult restaurant staff members. We do not knowingly collect personal information from individuals under the age of 18.

If you believe a minor has provided us with personal information, please contact us immediately at support@swadsangam.store and we will delete such information promptly.

11. Your Rights

Subject to applicable law, you have the following rights regarding your personal data:

Right to Access — You may request a copy of the personal data we hold about you.
Right to Correction — You may ask the restaurant owner/manager to correct inaccurate data in your staff profile, or contact us directly.
Right to Deletion — You may request that your account and associated personal data be deleted. Restaurant owners can delete staff accounts directly in the app. You may also write to us at the contact below.
Right to Withdraw Consent — Where our processing is based on consent (e.g., push notifications), you may withdraw consent at any time by disabling notifications in your device settings. This will not affect the lawfulness of processing before withdrawal.
Right to Data Portability — You may request an export of your personal data in a commonly used format.

To exercise any of these rights, contact us at support@swadsangam.store. We will respond within 30 days. For Indian users, these rights are provided under the Digital Personal Data Protection Act, 2023 (DPDPA).

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this page.
Display a notice within the App informing active users of the change.
Where required by law, seek renewed consent.

We encourage you to review this policy periodically. Continued use of the App after changes are posted constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

Swad Sangam — Privacy Team

Email: support@swadsangam.store

Website: www.swadsangam.store

We aim to respond to all privacy-related inquiries within 30 business days.