← SWDIO

Privacy Policy

Effective 20 June 2026

1. Who we are

SWDIO (“we”, “us”) provides a digital QR-menu platform for restaurants. This policy explains what personal data we process, why, and the rights you have. For any privacy question or request, contact us at brainiostream@gmail.com.

2. Data we collect

  • Account data — your name and email address, and a securely hashed (never plaintext) password.
  • Restaurant content — the menus, categories, items, prices, descriptions, photos and settings you create.
  • Order data — when a guest places an order from a table, we store the selected items, quantities, table number and any note. We do not require guests to provide names or contact details.
  • Usage analytics — anonymous, aggregated events (e.g. menu views, item views) tied to a random session identifier, used to give restaurant owners statistics. These are not linked to a named individual.
  • Technical data — limited request metadata (such as IP address) used transiently for security and rate-limiting.

3. How we use it

To provide and operate the service, authenticate you, deliver menus to your guests, show you analytics, send transactional emails (such as password resets), prevent abuse, and comply with legal obligations. We do not sell your personal data, and we do not use it for third-party advertising.

4. Legal basis (GDPR)

We process account and restaurant data to perform our contract with you; security and anti-abuse processing rests on our legitimate interests; and any optional processing rests on your consent, which you may withdraw at any time.

5. Sharing & processors

We share data only with service providers who help us run the platform, under appropriate safeguards: our hosting/database provider, and our email delivery provider (used to send transactional emails). They process data on our instructions only.

6. Retention

We keep account and restaurant data for as long as your account is active. Password-reset tokens are single-use and expire within one hour. When you delete your account, we delete your account data and the restaurants you solely own, along with their menus, orders and analytics (see section 8).

7. Cookies

We use only first-party, essential cookies — no third-party tracking or advertising cookies:
  • authjs.session-token — keeps you signed in.
  • swdio_lang — remembers your interface language.
  • swdio_cookie_ok — remembers that you dismissed the cookie notice.

8. Your rights

Subject to applicable law, you may request access to, correction of, export of, or deletion of your personal data, and you may object to or restrict certain processing. You can delete your account and owned data yourself from Account → Danger zone, or email us at brainiostream@gmail.com and we will act on your request. You also have the right to lodge a complaint with your local data-protection authority.

9. Security

Passwords are hashed with bcrypt, reset tokens are stored only as hashes, traffic is served over HTTPS, and access to data is restricted. No system is perfectly secure, but we take reasonable measures to protect your information.

10. International transfers

Where data is processed outside your country, we rely on appropriate safeguards such as standard contractual clauses with our processors.

11. Children

SWDIO is intended for businesses and is not directed at children under 16. We do not knowingly collect their personal data.

12. Changes

We may update this policy; material changes will be reflected by a new effective date above and, where appropriate, a notice in the app.

13. Contact

Questions or requests: brainiostream@gmail.com.

This document is provided for transparency and does not constitute legal advice. Consider having it reviewed by a qualified professional for your jurisdiction.

Terms of Service