Taplo

Privacy Policy

Last updated: April 28, 2026

1. Who We Are

Taplo is headquartered in Pune, Maharashtra, India. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Taplo platform, website (taplo.in), and related services.

2. Information We Collect

We collect information you provide directly and information generated through your use of our services:

a) Account Information: Name, email address, phone number, restaurant name, city, business type, GST number (if provided), PAN (if provided).

b) Business Data: Menu items, product pricing, order records, inventory data, vendor information, customer records, table configurations, staff details, and financial transaction records processed through Taplo.

c) Usage Data: Log data, device information, browser type, IP address, pages visited, features used, and timestamps.

d) Communication Data: Messages sent through our contact form, emails, and WhatsApp conversations.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the Taplo platform and its features
  • Process orders, manage inventory, and generate analytics reports within your account
  • Send transactional communications (order confirmations, KOT updates, captain notifications)
  • Respond to your inquiries and provide customer support
  • Send product updates and service announcements (you can opt out at any time)
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations under Indian law

4. Data Isolation & Multi-Tenancy

Taplo operates as a multi-tenant SaaS platform. Each restaurant's data is logically isolated at the database level. Your business data (orders, customers, inventory, financials) is never shared with, visible to, or accessible by other restaurants on the platform. Staff access within your restaurant is controlled through role-based access control (RBAC) that you configure.

5. Data Storage & Security

We implement industry-standard security measures to protect your data:

  • All data is encrypted in transit using TLS/SSL
  • Passwords are hashed using bcrypt (never stored in plain text)
  • Authentication is managed via signed JWT tokens
  • Database access is restricted and connection strings are never exposed
  • Our database is hosted on Neon (cloud PostgreSQL) with SSL-enforced connections in the Asia-Pacific region
  • We regularly review and update our security practices

6. Data Sharing & Third Parties

We do not sell, rent, or trade your personal or business data to third parties. We may share data only in the following circumstances:

  • Service Providers: Cloud hosting (Neon for database, Vercel/hosting provider for application) that process data on our behalf under strict contractual obligations
  • Legal Requirements: When required by law, regulation, legal process, or governmental request under Indian jurisdiction
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)

7. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your account and associated data
  • Export your data (orders, products, customers, inventory) in standard formats (Excel/PDF)
  • Opt out of marketing communications
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at info@taplo.in.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide services. If you request account deletion, we will delete your data within 30 days, except where we are required to retain certain records for legal, tax, or regulatory compliance purposes under Indian law.

9. Cookies

Our website uses essential cookies for authentication and session management. We do not use third-party tracking cookies. See our Cookie Policy for details.

10. End-Customer Data (Restaurant Guests)

When restaurants use Taplo to serve their guests, the following data about restaurant guests (end-customers) may be collected and stored by the restaurant through the platform:

  • Guest name and phone number (for orders and reservations)
  • Order history and preferences
  • Feedback and special instructions

Taplo acts as a data processor for this guest data. The restaurant (our subscriber) is the data controller and is solely responsible for obtaining any required consent from their guests, complying with applicable data protection laws, and handling guest data requests. Taplo does not independently use, sell, or share end-customer data for any purpose other than providing the service to the restaurant.

11. Payment Data

Taplo does not directly process, store, or have access to credit card numbers, debit card details, or UPI PINs. Payment transactions at the restaurant are handled by the restaurant's own payment infrastructure (POS terminals, UPI apps, etc.). Taplo only records the payment method type (e.g., “Cash”, “UPI”, “Card”) and transaction amount for billing and analytics purposes.

12. Children's Privacy

Taplo is a business-to-business (B2B) service and is not intended for individuals under the age of 18. We do not knowingly collect personal information from minors.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Continued use of Taplo after changes constitutes acceptance of the revised policy.

14. Contact Us

For questions about this Privacy Policy or our data practices, contact us at:

Taplo
Email: info@taplo.in
Pune, Maharashtra, India