1. Introduction
Welcome to Zento ("we," "us," or "our"). Zento is an all-in-one restaurant operations platform designed for independent operators. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the Zento mobile application and any related services (collectively, the "Service").
Please read this policy carefully. If you do not agree with the terms of this Privacy Policy, please do not use the Service. By accessing or using Zento, you acknowledge that you have read and understood this policy.
This policy does not constitute legal advice. If you have specific legal questions about your data rights, you should consult a qualified legal professional.
2. Information We Collect
We collect information you provide directly to us, information generated automatically through your use of the Service, and information from your device.
2.1 Account Information
When you create a Zento account, we collect:
- Your name and email address
- Your restaurant or business name
- A password (stored in hashed form — we never store plain-text passwords)
- Optional profile information you choose to provide (phone number, business address)
2.2 Business Data You Enter
To power the Service, we store the operational data you input, including:
- Order details (customer names, dates, quantities, notes, status)
- Menu items, categories, and pricing
- Customer profiles, preferences, and dietary information
- Team member names and assigned tasks
- Scheduling and weekly plan data
This data is yours. We use it solely to provide and improve the Service on your behalf.
2.3 Usage Data
We automatically collect certain information when you use the Service:
- Features accessed and screens viewed
- Timestamps and session duration
- Error logs and crash reports
- Search queries within the app
- Interactions with the AI Assistant (queries and responses)
2.4 Device Information
We collect standard device and network information, including:
- Device model and operating system version
- App version
- IP address (used to determine approximate country/region)
- A unique device identifier generated by the operating system
- Time zone and locale settings
3. How We Use Your Information
We use the information we collect to:
- Provide and maintain the Service — deliver the core features of Zento, including order management, scheduling, menus, customer records, and team coordination.
- Power the AI Assistant — process your queries to generate contextual, intelligent answers about your restaurant operations.
- Improve the Service — analyse usage patterns to fix bugs, improve performance, and inform new feature development.
- Send essential communications — deliver transactional emails such as account confirmation, password reset, and important service updates. We do not send marketing emails unless you have explicitly opted in.
- Ensure security and prevent fraud — detect and respond to abuse, unauthorised access, or violations of our Terms of Service.
- Comply with legal obligations — respond to lawful requests from public authorities where required.
We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. Data Storage & Security
Your data is stored on secure servers located in the European Union and/or the United States. We use industry-standard security measures including:
- Encryption in transit (TLS 1.2 or higher) for all data transmitted between your device and our servers
- Encryption at rest for database content containing personal information
- Access controls limiting who within our organisation can access production data
- Regular security reviews and dependency updates
While we take reasonable steps to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security.
5. Third-Party Services
Zento uses a limited number of third-party services to deliver the Service:
5.1 Anthropic (AI Assistant)
The Zento AI Assistant is powered by Anthropic's Claude API. When you interact with the AI Assistant, your query and relevant contextual data from your account may be sent to Anthropic's servers to generate a response. Anthropic processes this data in accordance with their Privacy Policy. We do not share your full personal profile with Anthropic — only the minimal context required to answer your query.
Anthropic does not use data submitted via their API to train their models by default, unless you have separately agreed to such use with Anthropic.
5.2 Hosting Infrastructure
Our servers are hosted on reputable cloud infrastructure providers. These providers process data on our behalf under data processing agreements and do not have the right to use your data for their own purposes.
5.3 Analytics
We may use anonymised, aggregated analytics to understand feature usage. No personally identifiable information is shared with analytics providers in identifiable form.
6. Data Retention
We retain your account and business data for as long as your account is active. If you request deletion of your account, we will permanently delete your personal information and business data within 30 days, except where we are required to retain it for legal compliance purposes (e.g., tax records, dispute resolution).
Anonymised, aggregated data (which cannot identify you) may be retained indefinitely to improve the Service.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Right of access — request a copy of the personal data we hold about you.
- Right to rectification — request correction of inaccurate or incomplete data.
- Right to erasure — request deletion of your personal data ("right to be forgotten").
- Right to restriction — request that we limit how we process your data in certain circumstances.
- Right to data portability — request your data in a structured, commonly used, machine-readable format.
- Right to object — object to processing of your personal data in certain circumstances.
- Right to withdraw consent — where processing is based on consent, withdraw that consent at any time.
To exercise any of these rights, please contact us at support@tryzento.com. We will respond within 30 days. We may need to verify your identity before processing your request.
If you are located in the European Economic Area (EEA) or United Kingdom, you have the right to lodge a complaint with your local data protection authority if you are unsatisfied with our response.
8. Children's Privacy
The Zento Service is designed for use by restaurant and food service operators and is not directed at children under the age of 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will take steps to delete that information promptly.
If you believe a child has provided us with personal information, please contact us at support@tryzento.com.
9. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Effective date" at the top of this page
- Send an in-app notification or email to registered users
Your continued use of the Service after the updated policy takes effect constitutes your acceptance of the revised policy. We encourage you to review this page periodically.
10. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
- Email: support@tryzento.com
- Response time: We aim to respond to all privacy-related enquiries within 5 business days.
For general support questions, please visit our Support page.