Privacy Policy

1) Introduction

This Privacy Policy explains how PrestoQ (“we,” “us,” “our”) collects, uses, and protects information when you use our AI-powered Point-of-Sale (POS) platform for restaurants and eateries.

This Policy applies to restaurant owners, business administrators, staff members, and end customers whose data is processed through the PrestoQ platform. By registering a business or using PrestoQ, you agree to this Policy.

2) Data We Collect

a) Business & Owner Data

• Registration Data: Business name, owner name, email address, phone number, and physical address.
• Business Profile: Restaurant type, operating hours, number of locations, logo, and branding assets.
• Billing Information: Subscription tier, payment method details (handled via our payment processor — we do not store raw card numbers), and invoices.
• Tax & Compliance: TIN, Ghana Revenue Authority registration or equivalent in your jurisdiction, where required.

b) Staff & Account Data

• Staff names, roles (owner, manager, cashier, kitchen), and assigned permissions.
• Login credentials (passwords are hashed and never stored in plain text).
• Activity logs: login times, order actions, voids, refunds, and configuration changes.

c) Menu & Inventory Data

• Menu items, categories, modifiers, pricing, availability flags, and images.
• Inventory levels, ingredient costs, and waste logs (where the inventory module is enabled).

d) Order & Transaction Data

• Order details: items ordered, quantities, modifiers, table/seat assignment, and order type (dine-in, takeaway, delivery).
• Order timestamps, the staff member who took or processed the order, and kitchen routing information.
• Transaction amounts, payment method (cash, card, mobile money), tips, discounts, and receipts.
• Void and refund records including reason codes.

e) Customer Data (where collected)

• If you use our optional customer loyalty or digital receipt features, we may collect customer name, phone number, or email address to send receipts or loyalty rewards.
• Order history associated with a loyalty profile.
• We do not collect customer payment card data — all card processing is handled by PCI-DSS compliant payment processors.

f) Device & Technical Data

• Device type, operating system, browser version, IP address, and time zone for devices running the PrestoQ application.
• Crash reports, performance metrics, and error logs used for diagnostics.
• Peripheral data such as connected receipt printers, kitchen display systems, and card terminals (device IDs only).

g) AI & Usage Data

• Aggregated and anonymized sales patterns, peak-hour data, and popular item combinations used to power AI recommendations.
• Feature usage events (e.g., which dashboard views are opened, report exports) to improve the product.

3) How We Use Your Data

• To operate the PrestoQ POS platform: process orders, manage menus, route to kitchen displays, and generate receipts.
• To process payments securely through connected payment gateways and mobile money providers.
• To generate sales reports, end-of-day summaries, and business intelligence dashboards.
• To power AI features: demand forecasting, menu performance insights, staff efficiency metrics, and smart reorder suggestions.
• To manage staff roles, permissions, and accountability logs.
• To send digital receipts, loyalty rewards, and operational notifications to customers (only if your business enables this).
• To provide customer support, investigate disputes, and process refunds.
• To detect and prevent fraud, unauthorized access, and misuse of the platform.
• To comply with legal and regulatory obligations (e.g., tax reporting, audit trails).
• To improve, test, and develop new features for PrestoQ.

We never sell your data or your customers’ data to third parties for advertising or marketing purposes.

4) Legal Basis for Processing

We process data on the following bases, consistent with Ghana’s Data Protection Act, 2012 (Act 843) and applicable frameworks:

• Contractual necessity: To provide the POS services you have subscribed to.
• Legitimate interest: To improve the platform, maintain security, prevent fraud, and generate aggregated business insights.
• Legal obligation: To comply with tax, financial record-keeping, and regulatory requirements.
• Consent: For optional features such as customer loyalty programs and marketing communications, where your explicit opt-in is required.

5) Sharing & Disclosure

• Payment Processors: Transaction data is shared with PCI-DSS compliant payment gateways (e.g., card networks, mobile money providers) to complete payments.
• Cloud Infrastructure: Data is hosted on secure cloud platforms under strict data processing agreements.
• Service Providers: We may use third-party analytics, monitoring, or communication tools — all are contracted to handle data only on our instructions.
• Delivery Partners: If you connect PrestoQ to a delivery platform, relevant order data is shared with that platform to fulfil deliveries.
• Accounting Integrations: If you connect an accounting tool, transactional summaries may be exported to that tool at your direction.
• Law Enforcement & Regulators: We will disclose data when required by law, court order, or lawful governmental process.
• Business Transfer: In the event of a merger, acquisition, or asset sale, data may be transferred subject to continued privacy protections.

6) Data Retention

We retain data for as long as necessary to provide the service and meet legal requirements:

• Transaction records: Retained for a minimum of 7 years to meet financial record-keeping regulations, then securely deleted or anonymized.
• Staff activity logs: Retained for the duration of your active subscription plus 12 months.
• Menu & inventory data: Retained while your account is active and for 90 days after cancellation.
• Customer loyalty data: Retained until you or the customer requests deletion, subject to applicable law.
• Account data: Retained for the life of the business account plus any legally required period.

7) Data Security

• All data in transit is encrypted using HTTPS/TLS 1.2 or higher.
• Data at rest is encrypted using AES-256 or equivalent.
• Role-based access controls ensure staff only access data appropriate to their assigned role.
• All payment card data is handled by PCI-DSS Level 1 certified processors — we never store raw card numbers on our systems.
• Regular security audits, penetration testing, and vulnerability assessments are conducted.
• Multi-factor authentication is available and encouraged for all admin accounts.

No system is completely immune to risk. You are responsible for keeping your login credentials secure, managing staff permissions appropriately, and ensuring that physical POS devices are properly protected.

8) AI Processing & Sales Intelligence

PrestoQ uses artificial intelligence and machine learning to deliver smart insights that help your restaurant operate more efficiently:

• Sales Forecasting: Historical order and transaction data is analyzed to predict busy periods, suggest staffing levels, and forecast inventory needs.
• Menu Intelligence: AI identifies top-selling items, underperforming dishes, and pricing opportunities based on your own sales history.
• Demand Patterns: Aggregated (never personally identifiable) order data may contribute to generalized models used to improve platform-wide AI accuracy.
• No cross-business data sharing: Your restaurant’s specific sales data is never shared with or visible to other businesses on the platform.
• AI-generated insights are advisory only and do not constitute business, financial, or legal advice.
• You may opt out of AI feature data processing at any time by contacting us, though this will disable AI-powered features for your account.

9) Payment Data

PrestoQ integrates with certified payment processors to accept card payments, mobile money (e.g., MTN MoMo, Telecel Cash, AirtelTigo Money), and cash. Our approach:

• Card numbers, CVVs, and cardholder data are processed directly by our PCI-DSS certified payment processor and are never stored on PrestoQ servers.
• Mobile money transactions are initiated through licensed payment gateways. We store transaction reference IDs and status for reporting purposes only.
• Cash transaction records are maintained for accountability and reporting.
• Refund and void records are retained as part of your transaction audit trail.

10) Your Rights

As a business owner, staff member, or customer, you have the following rights under applicable data protection law:

• Access: Request a copy of personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your data, subject to legal retention requirements.
• Portability: Request your data in a machine-readable format.
• Restriction: Request that we limit how we process your data in certain circumstances.
• Objection: Object to processing based on our legitimate interests.
• Consent Withdrawal: Withdraw consent for any consent-based processing at any time.

To exercise any right, email privacy@prestoghana.com. We will respond within 30 days and may verify your identity before acting on your request.

11) Cookies & Analytics

Our web-based dashboard uses cookies and similar technologies:

• Essential cookies: Required for authentication, session management, and security. Cannot be disabled without breaking core functionality.
• Analytics cookies: Used to understand how the dashboard is used and identify areas for improvement. These are anonymized. You may opt out via your browser settings.
• Preference cookies: Remember your settings such as language, currency, and display preferences.

12) Children’s Privacy

PrestoQ is a business platform intended for persons aged 18 and over. We do not knowingly collect personal data from children under 18. If you believe a minor’s data has been submitted through your account, please contact us immediately for prompt review and deletion.

13) Policy Updates

We may update this Privacy Policy as our product evolves or as regulations change. Material updates will be communicated via email or an in-app notification with at least 14 days’ notice before they take effect. The “Last updated” date at the top of this page will always reflect the most recent version. Continued use of PrestoQ after the effective date constitutes acceptance of the updated Policy.

14) Contact

Company: Presto Solutions
Address: East Legon, Nyansa Square, Accra, Ghana
Email: privacy@prestoghana.com
Phone: +233545977791