Last updated: [16/03/2026]  ·  Effective: [04/05/2026]

This Privacy Notice applies to all personal data processed by DineIQ Inc. in connection with the Service. It covers both business customers (restaurant owners, food business operators) and end consumers (diners, guests). DineIQ is committed to handling personal data responsibly and in compliance with the Nigeria Data Protection Act 2023 (NDPA), the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA/CPRA), and other applicable privacy laws.

 

1. Who We Are

Controller	DineIQ Inc.
Website	usedineiq.com
Contact	hello@usedineiq.com
DPO contact	privacy@usedineiq.com
Jurisdiction	Lagos, Nigeria (with global operations)

 

DineIQ Inc. is the data controller for personal data processed in connection with providing the Service to business customers. DineIQ acts as a data processor in respect of Guest Data collected through your DineIQ-powered ordering and reservation systems, where you (the business customer) are the data controller.

 

2. Data We Collect

2.1 Business Customer Data (Restaurant Owners & Operators)

When you register and use DineIQ, we collect:

• Account data: name, email address, phone number, business name, role
• Business information: address, location (latitude/longitude), opening hours, cuisine type, business type, logo, banner images
• Payment and billing data: billing address, subscription plan; payment card data is processed directly by Stripe, Paystack, or Flutterwave and not stored by DineIQ
• Usage data: features used, pages visited, session duration, dashboard interactions, error logs
• Device and technical data: IP address, browser type, operating system, referrer URL
• Communications: emails and messages you send to our support team
• Configuration data: settings, integrations, notification preferences, payment provider keys (stored encrypted)

2.2 Staff Data

When you invite staff members to your DineIQ account, we collect:

• Name, email address, role, phone number, employment type (hourly/salary/commission)
• Pay rates and payroll data as entered by the account owner
• Login activity and session data

2.3 Guest / Diner Data (End Consumers)

When diners interact with your DineIQ-powered menu, ordering system, reservation flow, or marketplace listing, we collect on your behalf:

• Contact information: name, email address, phone number
• Order data: items ordered, quantities, special requests, order type (dine-in, takeaway, delivery), delivery address
• Reservation data: date, time, party size, special notes
• Payment data: payment method type, payment status (card data processed by payment gateway only)
• Loyalty data: points earned, redemption history, visit frequency
• Feedback: star ratings, review text
• Device data: IP address, browser type (for fraud prevention)

2.4 Marketplace User Data

When consumers browse the DineIQ Marketplace (explore.dineiq.com), we collect:

• Location data: approximate geolocation (with permission) for restaurant discovery
• Search queries and filter selections
• Device and session data

2.5 Data We Do Not Collect

• We do not collect payment card numbers, CVVs, or full bank account details — these are handled exclusively by our payment processors
• We do not collect national identification numbers, passport numbers, or government ID data
• We do not collect biometric data

 

3. How We Use Your Data

3.1 Providing the Service

We use your data to create and manage your account, provide the software features you have subscribed to, process orders and reservations on your behalf, generate your QR codes and website, and send transactional communications (order confirmations, reservation alerts, low-stock notifications).

3.2 Billing and Payments

We use billing data to process subscription payments, issue invoices, manage renewals, and handle refunds.

3.3 Customer Support

We use account data and communication history to respond to support requests and resolve issues.

3.4 Security and Fraud Prevention

We use technical data including IP addresses and session information to detect fraudulent activity, prevent unauthorised access, and maintain the security of the Service.

3.5 Service Improvement

We use anonymised and aggregated usage data to analyse how the Service is used, identify areas for improvement, and develop new features. This data does not identify you individually.

3.6 Legal Compliance

We may process personal data to comply with applicable laws, respond to legal process, and enforce our terms.

3.7 Marketing

With your consent, we may send you product updates, new feature announcements, and promotional communications. You may withdraw consent at any time by clicking “unsubscribe” in any marketing email or by contacting privacy@dineiq.com. We do not sell your personal data to third parties for marketing purposes.

 

4. Legal Basis for Processing

We rely on the following legal bases under the NDPA 2023, GDPR, and UK GDPR:

• Contract: processing necessary to perform the contract with you (providing the Service, billing, support)
• Legitimate interests: security and fraud prevention, service improvement using anonymised data, direct marketing to existing customers (where permitted)
• Consent: marketing communications, geolocation for marketplace discovery, optional analytics cookies
• Legal obligation: compliance with applicable laws, responding to lawful requests from authorities

 

5. Data Sharing and Third Parties

5.1 Subprocessors

We share personal data with the following categories of service providers who process data on our behalf:

Paddle	Subscription billing, payment processing, tax collection and remittance as Merchant of Record — UK/EU (paddle.com)
TwelveX Creative Agency	Authorised Billing Entity operating the Paddle merchant account on DineIQ’s behalf during the Pre-Direct Billing Period. Processes billing data only. Does not access Customer Data, Guest Data, or Service content.
Supabase	Database hosting and authentication (PostgreSQL, Auth) — US/EU
Stripe	In-app payment processing for your customer transactions — US/EU/UK
Paystack	In-app payment processing for your customer transactions (Africa) — Nigeria
Flutterwave	In-app payment processing for your customer transactions (Africa + diaspora) — Nigeria
Twilio	SMS and WhatsApp notifications — US
Google Maps/Places	Location services, competitor data, address autocomplete — US
Email provider	Transactional and marketing email delivery
Analytics provider	Anonymised usage analytics

 

All subprocessors are bound by data processing agreements and are required to implement appropriate security measures.

5.2 Legal Disclosures

We may disclose personal data to law enforcement agencies, courts, or regulators where required by applicable law or in response to lawful legal process.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity. We will provide notice before personal data is transferred and becomes subject to a different privacy policy.

5.4 No Sale of Personal Data

DineIQ does not sell personal data to any third party for any purpose, including advertising. This commitment applies to all users globally, including California residents under the CCPA/CPRA.

 

6. International Data Transfers

DineIQ operates globally. Personal data may be transferred to and processed in countries outside your country of residence, including the United States and the European Union. Where data is transferred outside Nigeria, the United Kingdom, or the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) as approved by the relevant supervisory authorities.

 

7. Data Retention

Account data	Retained for the duration of your account and for 3 years after termination for legal compliance purposes
Customer Data (orders, menus)	Retained for the duration of your subscription. Available for export for 30 days after termination, then deleted
Guest Data	Retained for 2 years from the date of collection unless you (as data controller) configure a shorter retention period
Payment records	Retained for 7 years as required by financial regulations
Support communications	Retained for 3 years
Security logs	Retained for 12 months
Anonymised analytics	Retained indefinitely

 

 

8. Your Rights

Depending on your location, you may have the following rights in relation to your personal data:

• Right of access — Request a copy of the personal data we hold about you
• Right to rectification — Request correction of inaccurate or incomplete data
• Right to erasure (“right to be forgotten”) — Request deletion of your personal data where we have no legal basis to retain it
• Right to restriction of processing — Request that we limit how we use your data in certain circumstances
• Right to data portability — Receive your data in a structured, machine-readable format
• Right to object — Object to processing based on legitimate interests or for direct marketing purposes
• Right to withdraw consent — Where processing is based on consent, you may withdraw it at any time without affecting prior lawful processing
• Right not to be subject to automated decision-making — We do not make solely automated decisions with legal or similarly significant effects

To exercise any of these rights, contact us at hello@usedineiq.com. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

If you are in the UK or EU and are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority (ICO in the UK; your national DPA in the EU; the NDPC in Nigeria).

 

9. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, and destruction. These include:

• Encryption of data in transit (TLS/HTTPS) and at rest
• Row-level security (RLS) enforced at the database level via Supabase/PostgreSQL
• JWT-based authentication with per-request validation
• Cross-restaurant data isolation — it is architecturally impossible to access another customer’s data
• Staff invitations via tokenised, single-use, time-limited links
• Regular security reviews and dependency updates

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and applicable supervisory authorities within 72 hours of becoming aware of the breach, in accordance with NDPA, GDPR, and UK GDPR requirements.

 

10. Cookies

We use cookies and similar tracking technologies on dineiq.com and the Service. You can manage cookie preferences through our cookie consent tool. See our Cookie Policy for full details.

Essential cookies	Required for authentication, session management, and security. Cannot be disabled.
Analytics cookies	Help us understand how the Service is used (anonymised). Can be disabled.
Preference cookies	Remember your settings and preferences. Can be disabled.
Marketing cookies	We do not use marketing or advertising cookies.

 

 

11. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child without parental consent, we will delete it promptly. If you believe a child has provided personal data to us, contact privacy@usedineiq.com.

 

12. Updates to This Notice

We may update this Privacy Notice from time to time. Material changes will be communicated by email and by a prominent notice in the dashboard at least 14 days before the changes take effect. The “Last updated” date at the top of this notice indicates when it was last revised.

 

13. Contact Us

For privacy-related questions, requests, or concerns:

Email	privacy@usedineiq.com
General	hello@usedineiq.com
Website	usedineiq.com/privacy-policy
Response time	Within 30 days