Logorestaurantmanage

Privacy Policy and Legal Terms

Effective Date: May 15, 2026 — Last Updated: May 15, 2026

This document is the Privacy Policy and the legal terms of use for the RestaurantManage platform. By accessing or using any RestaurantManage product, you acknowledge that you have read, understood, and agreed to be bound by this document in its entirety, including the limitation of liability and governing law provisions below. If you do not agree, do not use the Services.

1. Operator and Scope

The RestaurantManage platform (the "Service" or "Services") is owned and operated by Utku Berberoğlu, a sole proprietor established under the laws of the Republic of Türkiye ("RestaurantManage", "we", "our", or "us"). For purposes of the EU General Data Protection Regulation 2016/679 ("GDPR") and Türkiye's Law No. 6698 on the Protection of Personal Data ("KVKK"), Utku Berberoğlu is the data controller for personal data we process for our own purposes (see Section 12).

The Services consist of the following products:

  • RestaurantManage Web — the web application at restaurantmanage.com, including admin, kitchen, cashier, reports, customer-facing QR menu, blog, and help center.
  • RestaurantManagePro — the iOS and Android mobile application for restaurant waiters and floor staff.
  • RestaurantManage Eats — the iOS and Android mobile application for diners to discover restaurants, scan QR menus, place orders, and track deliveries.
  • RestaurantManage Courier — the iOS and Android mobile application for delivery drivers and couriers to receive, navigate, and complete delivery orders.

All four products are subject to this Privacy Policy. Specific data flows and permissions vary by product as described below.

2. Information We Collect

2.1 Account Information

Web, Waiter, Courier (staff accounts): first name, last name, email address, hashed password, preferred language, role(s) (admin, kitchen, cashier, waiter, courier), restaurant association.

RestaurantManage Eats (diner accounts): first name, last name, email address, phone number, hashed password, language preference. We also generate and store an email verification one-time code during sign-up.

2.2 Delivery Address (RestaurantManage Eats only)

For delivery orders, diners save one or more delivery addresses consisting of a free-form address string and a latitude/longitude coordinate pair. The coordinate is captured either via the device GPS at the time of adding the address or entered manually. Addresses are visible to the restaurant fulfilling the order and to the assigned courier.

2.3 Precise Location

RestaurantManage Eats: precise device location is collected once, only while the app is in use, at checkout to calculate delivery distance and select the correct serving area. Location is not continuously tracked.

RestaurantManage Courier: while the courier has accepted an active delivery and the app is in the foreground, the device location is sampled every few seconds (typical: 5 seconds or 10 meters of movement) and transmitted to our servers for live distribution to the relevant restaurant and customer. Location collection stops when the delivery is completed or the app is backgrounded.

Web and Waiter app: no location data is collected.

2.4 Order Data

All products process order information including menu items, modifications, quantities, prices, taxes, payment method (cash or card type — we do not collect or store card numbers, CVVs, or processor tokens), table number (dine-in), delivery address (delivery), customer notes, order status history, and assignment to staff and couriers.

2.5 Identifiers and Authentication Tokens

We assign each user a unique internal identifier (User ID / Customer ID / Courier ID, a GUID). When you sign in, we issue a JSON Web Token (JWT) signed with our private key and stored on your device. The token contains your identifier, email, name, role(s), restaurant association (staff) or user-type marker (customer), an expiration timestamp, and issuer/audience metadata. Tokens expire after a fixed period (typically 24 hours for staff, 30 days for diners) and can be invalidated server-side at any time.

2.6 Push Notification Token

On the RestaurantManage Eats mobile app, we collect an opaque Expo push notification token issued by Apple Push Notification service (iOS) or Firebase Cloud Messaging (Android) via the Expo push gateway. The token is bound to your account and used solely to deliver order-status notifications.

2.7 Restaurant Operator Information (RestaurantManage Web)

Restaurants that subscribe to the platform provide: restaurant name, subdomain, logo, tax identification number, restaurant address, restaurant phone, restaurant coordinates, working hours, social media URLs (Instagram, Facebook), Google Maps URL, and subscription/billing information.

2.8 Optional Feedback

Diners scanning a QR menu may optionally submit feedback consisting of an optional name (free text), free-text comments, and category ratings. Feedback is shared only with the restaurant that owns the QR code.

2.9 Device, Diagnostic, and Usage Data

We automatically collect technical information about how the Services are accessed and used: device type, operating system version, app version, IP address (only at the edge, not persisted with user records), screens visited, feature usage patterns, crash logs, and basic performance metrics (launch time, frame rate, network latency). We use this data to diagnose bugs and improve performance.

2.10 Web Analytics

The web application uses Google Analytics 4 (measurement ID G-0PCLPRV530) to count page views and understand visitor flow. Google Analytics sets first-party cookies (_ga, _ga_*) and processes the visitor's IP at its edge.

We additionally store a first-party random visitor identifier (a UUID) in your browser's local storage and as a same-site first-party cookie named rm_visitor_id. This identifier is generated by your browser, is not derived from and not linked to your name, email, phone, or any other personal information, and is used solely to count how many distinct visitors view a restaurant's QR menu over time. The cookie is set withSameSite=Lax, Max-Age=400 days, and (on HTTPS) theSecure flag. The identifier is deleted when you clear your browser's site data. On the server side, when this identifier is not present (private browsing, disabled storage, older browsers), a daily-rotating pseudonymous hash derived from your IP and User-Agent is used as a fallback for the current day only; the daily salt rotation prevents cross-day tracking in this fallback path.

2.11 Logs

Server-side logs are retained for fourteen (14) days for security, troubleshooting, and abuse prevention. Logs include timestamps, endpoint paths, restaurant identifier, request identifier, and error stack traces. We attempt to exclude end-user personal data from log content; in limited error paths (failed push delivery), an Expo push token may appear in logs.

3. Mobile App Permissions

The mobile apps may request the following device permissions. All are optional; the stated feature will not work without the corresponding permission, but the rest of the app remains usable.

3.1 Camera (RestaurantManage Eats)

Used only to scan restaurant QR codes that open the menu inside the app. We do not capture, store, or transmit images or video.

3.2 Location (RestaurantManage Eats — When In Use)

Used at checkout to calculate delivery distance and select a saved address near you. Background location is not collected.

3.3 Location (RestaurantManage Courier — When In Use)

Used during an active delivery to share your position with the assigned restaurant and customer. Background location is not collected.

3.4 Push Notifications (RestaurantManage Eats and Courier)

Used to deliver order-status notifications and new-order alerts. You may revoke this permission at any time in your device settings without affecting the rest of the app.

3.5 Vibrate, Boot Completed (Android)

Used to vibrate the device on new-order or status alerts and to re-register the notification handler after the device reboots.

4. How We Use Personal Data

  • To provide, operate, maintain, and improve the Services across web and mobile platforms.
  • To authenticate users, manage access roles, and enforce tenant isolation between restaurants.
  • To process and display restaurant orders in real time across kitchen, cashier, waiter, customer, and courier surfaces.
  • To deliver food and goods to customers, including sharing delivery details with the assigned restaurant and courier and sharing courier location with the customer and restaurant during active deliveries.
  • To compute taxes and generate receipts according to the restaurant's configured tax rules.
  • To translate menu content into multiple languages using AI-assisted translation services on menu text only (no personal data is transmitted to translation providers).
  • To generate operational and financial reports for restaurant owners and administrators.
  • To send transactional emails and push notifications: account verification, password reset, order status, security alerts, and service announcements.
  • To prevent fraud, abuse, security incidents, and policy violations.
  • To comply with legal, tax, and regulatory obligations including invoice retention requirements.
  • To diagnose crashes and measure performance through aggregated diagnostic data.

5. Legal Bases for Processing (GDPR / KVKK)

Where the GDPR or KVKK applies, we rely on the following legal bases for processing personal data:

  • Performance of a contract (GDPR Art. 6(1)(b); KVKK Art. 5(2)(c)) — for account creation, order processing, delivery, payment recording, and customer support.
  • Legal obligation (GDPR Art. 6(1)(c); KVKK Art. 5(2)(ç)) — for invoice and order retention required by tax law, anti-money-laundering rules, and other regulatory obligations.
  • Legitimate interests (GDPR Art. 6(1)(f); KVKK Art. 5(2)(f)) — for security, fraud prevention, abuse detection, service improvement, and limited first-party analytics, balanced against your interests and rights.
  • Consent (GDPR Art. 6(1)(a); KVKK Art. 5(1)) — for non-essential cookies, marketing communications, and any other processing where consent is required. You may withdraw consent at any time without affecting prior lawful processing.

6. Data Sharing and Recipients

We do not sell, rent, or trade your personal data. We do not share personal data with third parties for cross-context behavioral advertising or any other advertising purpose. We share data only as follows:

  • Within the subscribing restaurant: order, customer, delivery, and courier data is shared among authorized staff of the same restaurant strictly on a tenant-isolated basis.
  • Between the customer, the restaurant, and the courier (delivery orders): the customer's name, phone number, delivery address, latitude/longitude, and any customer note is shared with the restaurant and the assigned courier so the order can be fulfilled. During an active delivery, the courier's live GPS position is shared with the restaurant and the customer.
  • Service providers and sub-processors: we use third parties to host the platform, deliver emails and push notifications, render maps, translate menus, and store images. A current list is in Section 7.
  • Legal and regulatory disclosure: we may disclose personal data to law enforcement, courts, regulators, or other public authorities where required by law, court order, subpoena, or to defend our legal rights.
  • Business transfers: if RestaurantManage is involved in a merger, acquisition, asset sale, or bankruptcy, personal data may be transferred as part of that transaction, subject to equivalent privacy protections.

7. Third-Party Sub-Processors and Integrations

We use the following third-party services to operate the platform. Each has its own privacy policy; we encourage you to review them. We are not responsible for the privacy practices of third parties.

  • 3W Infra B.V. (Amsterdam, Netherlands) — production database and API hosting.
  • Google LLC — Gmail SMTP — outbound transactional emails (account verification, password reset).
  • Expo, Inc. — push notification delivery to Apple Push Notification service (APNs) and Firebase Cloud Messaging (FCM); build and update distribution.
  • Apple, Inc. — App Store distribution and APNs delivery for iOS apps.
  • Google LLC — Google Play / Firebase Cloud Messaging — Play Store distribution and FCM delivery for Android apps.
  • Groq, Inc. — AI-assisted menu translation (Llama 3.3 model). We transmit only the menu item name and description; no personal data is sent.
  • Google LLC — Google Analytics 4 — web traffic analytics on the marketing site.
  • OpenStreetMap Foundation and OpenFreeMap — map tile rendering for the restaurant takeaway panel and courier navigation map.

We may add, replace, or remove sub-processors at any time. Material changes will be notified in advance to active Subscribers under our Data Processing Addendum.

8. International Data Transfers

RestaurantManage is headquartered in the Republic of Türkiye and our production database and API are hosted in Amsterdam, Netherlands. Personal data we collect may therefore be transferred to, stored, and processed in Türkiye, the European Economic Area, the United Kingdom, the United States (for sub-processors such as Google, Apple, Expo, Groq), and any other jurisdiction where our sub-processors operate.

From the EEA / UK to third countries: transfers to countries not benefiting from a European Commission adequacy decision are made under the European Commission's Standard Contractual Clauses (Implementing Decision (EU) 2021/914) and, where applicable, the UK Addendum issued by the UK Information Commissioner's Office, together with appropriate technical and organizational supplementary measures assessed under the framework established by the Court of Justice of the European Union in Case C-311/18 (Schrems II).

From Türkiye abroad: transfers abroad are made under KVKK Article 9 either (a) on the basis of your explicit consent, (b) under the standard contract (standart sözleşme) mechanism introduced by Law No. 7499 of 2024 and registered with the Kişisel Verileri Koruma Kurulu within five business days, (c) under a written undertaking authorized by the Kurul, or (d) to countries on the Kurul's adequate protection list. A copy of the relevant transfer mechanism is available on request.

9. Data Retention

  • Account data: retained for the duration of your account and, after deletion, for the period required by Turkish Tax Procedure Law (Vergi Usul Kanunu Art. 253) and the Turkish Commercial Code (TTK Art. 82) — typically ten (10) years for restaurant operators, three (3) years for end consumers.
  • Order, payment, and tax records: ten (10) years as required by tax law.
  • Delivery address and live GPS coordinates: delivery address records associated with completed orders are retained with the order for the period above; live GPS samples transmitted during an active delivery are broadcast in real time and not persistently stored.
  • Push notification tokens: retained while your account is active; overwritten when the token rotates.
  • Server logs: fourteen (14) days.
  • Email verification codes: until used or expired.
  • Marketing opt-in records: until consent is withdrawn plus a reasonable demonstrability period.
  • Crash and diagnostic data: up to ninety (90) days.
  • Anonymous QR feedback: retained until the restaurant deletes it or terminates its subscription.

Where retention is no longer required, we delete or irreversibly anonymize the data. Some records (e.g. order totals and dates) may be retained in pseudonymized form for statutory reasons after your account-level identifiers are removed.

10. Data Security

We implement technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. These include: encrypted transport (HTTPS/TLS) for all client-server communication; JWT-signed authentication with rotating secrets; password hashing using industry-standard algorithms; role-based access controls; tenant isolation between restaurants; audit logging of sensitive operations; rate limiting; and periodic security review.

HOWEVER, NO METHOD OF ELECTRONIC TRANSMISSION OR STORAGE IS 100% SECURE. WE DO NOT WARRANT OR GUARANTEE THAT THE SERVICES OR ANY PERSONAL DATA WILL BE FREE FROM UNAUTHORIZED ACCESS, HACKING, DATA LOSS, OR OTHER SECURITY INCIDENT. To the maximum extent permitted by law, we disclaim all liability arising from any security incident not directly caused by our gross negligence or willful misconduct. In the event of a personal data breach as defined under GDPR Art. 4(12) or KVKK Article 12, we will notify the competent supervisory authority and affected individuals within the time limits and to the extent required by applicable law.

11. Cookies and Tracking Technologies

The web application uses cookies and similar technologies (local storage, SDK identifiers) for:

  • Strictly necessary functions (authentication via the token key in local storage, language preference, onboarding state, security) — deployed without consent under the strictly-necessary exception of Article 5(3) of ePrivacy Directive 2002/58/EC.
  • Analytics — Google Analytics 4 cookies (_ga, _ga_*), loaded after first user interaction or an eight-second timeout. In the EEA and UK, these are loaded only with your prior consent.
  • First-party visitor identifierrm_visitor_id stored in browser local storage and as a same-site first-party cookie, used to count distinct visitors to a restaurant's QR menu. A random UUID, not linked to any personal data, never transmitted to third parties, and not used for cross-site tracking, advertising, or profiling.

We do not use third-party advertising cookies, retargeting pixels, or cross-context behavioral tracking. Mobile apps store authentication tokens, user profile, and feature state in the device's local secure storage (AsyncStorage). No tracking SDKs are integrated into the mobile apps.

12. Data Controller vs Processor (B2B)

For personal data we process on behalf of a subscribing restaurant (a "Subscriber") — including data relating to the Subscriber's own customers, diners, employees, couriers, suppliers, and other contacts ("Subscriber Personal Data") — the Subscriber is the data controller within the meaning of GDPR Art. 4(7) and KVKK Article 3(1)(ı), and RestaurantManage acts as a data processor within the meaning of GDPR Art. 4(8) and KVKK Article 3(1)(ğ). We process Subscriber Personal Data only on the documented instructions of the Subscriber and in accordance with our Data Processing Addendum, which implements the requirements of GDPR Art. 28(3).

For personal data we process for our own purposes — including Subscriber account data, billing data, support communications, product analytics, and our marketing to Subscribers — we are the data controller.

For data relating to RestaurantManage Eats end users (diners) and RestaurantManage Courier users (couriers), we are an independent controller for product improvement, account administration, and security purposes; the Subscriber is the controller for the specific orders fulfilled through it.

13. Your Rights

Depending on your jurisdiction, you have the following rights with respect to your personal data. To exercise any right, contact us at info@restaurantmanage.com.

13.1 Rights under GDPR (EU/EEA/UK)

Under GDPR Articles 15–22, you have the right to:

  • Access the personal data we hold about you (Art. 15).
  • Request rectification of inaccurate or incomplete data (Art. 16).
  • Request erasure of your data ("right to be forgotten") (Art. 17), subject to legal-retention exceptions.
  • Request restriction of processing (Art. 18).
  • Receive your data in a structured, commonly used, machine-readable format and transmit it to another controller (data portability, Art. 20).
  • Object to processing based on our legitimate interests, including profiling (Art. 21).
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Art. 22). We do not currently make any such decisions.
  • Withdraw consent at any time, without affecting the lawfulness of prior processing based on consent (Art. 7(3)).
  • Lodge a complaint with your national supervisory authority. A list is available at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

13.2 Rights under KVKK (Türkiye)

Under KVKK Article 11, you have the right to:

  • Learn whether your personal data is being processed.
  • Request information about the processing if it is.
  • Learn the purpose of processing and whether the data is used in accordance with that purpose.
  • Know the third parties (domestic or foreign) to whom your data has been transferred.
  • Request rectification of incomplete or inaccurate data.
  • Request erasure or destruction of your data under the conditions of KVKK Article 7.
  • Request that rectification, erasure, or destruction be communicated to third parties to whom the data was transferred.
  • Object to a result that operates against you arising from automated processing.
  • Claim compensation for damage suffered due to unlawful processing.

Requests must comply with the Regulation on Procedures and Principles of Application to the Data Controller (Communiqué No. 30356, 10 March 2018). You may submit your request from the email address registered to your account to info@restaurantmanage.com. We will respond within thirty (30) days at the latest.

13.3 Rights under CCPA / CPRA (California)

California residents have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (Cal. Civ. Code §§ 1798.100 et seq.):

  • Right to Know the categories and specific pieces of personal information we collect, the sources, the business purposes, and the third parties to whom we disclose it.
  • Right to Delete personal information we hold about you, subject to statutory exceptions.
  • Right to Correct inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing. We do not sell personal information for monetary consideration and we do not share personal information for cross-context behavioral advertising.
  • Right to Limit Use of Sensitive Personal Information (account credentials, precise geolocation).
  • Right to Data Portability.
  • Right to Non-Discrimination for exercising any of these rights.

We verify identity before responding to rights requests as required by Cal. Civ. Code § 1798.130(a)(3). Authorized agents may submit requests on your behalf under Cal. Civ. Code § 1798.135(c). Response time: forty-five (45) days, extendable to ninety (90) per § 1798.130(a)(2).

14. How to Delete Your Account and Data

You may delete your account and associated personal data in any of the following ways:

  • From within the mobile app: open RestaurantManage Eats or RestaurantManage Courier, go to Profile / Account, tap "Delete Account", and confirm with your password. Your account is deactivated immediately and personal identifiers are removed from active systems within seventy-two (72) hours. Routine backups are purged within thirty (30) days.
  • From the web admin panel: restaurant administrators can delete staff accounts from the Users section.
  • By email: send a deletion request to info@restaurantmanage.com from the email address associated with your account. We will process the request within fourteen (14) days, verify your identity, and confirm completion.

Data we retain after deletion: records that we are legally required to keep — most notably invoices and order totals for tax purposes — are retained in pseudonymized form (your name and contact details removed; aggregate amounts and dates preserved) for the legally required period.

15. Children's Privacy

The Services are not directed to children. We do not knowingly collect personal data from individuals below the applicable age threshold in their jurisdiction:

  • United States: thirteen (13) years, under the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506.
  • European Union: sixteen (16) years by default under GDPR Art. 8(1), unless your member state has set a lower threshold (no lower than 13).
  • Türkiye: RestaurantManage Eats and the consumer-facing web menu are intended for users thirteen (13) years and older with consent of a legal guardian where required under TMK Art. 16. RestaurantManage Courier is intended for users eighteen (18) years and older.

If we become aware that we have collected personal data from a child below the applicable age, we will delete it promptly. Parents or guardians who believe their child has provided personal data may contact us at info@restaurantmanage.com.

16. Marketing Communications

We may send you transactional emails and notifications (account verification, password reset, order status, security alerts, service incidents). These are necessary for the Services and cannot be opted out of while you maintain an active account.

With your prior consent (or, where permitted by law on a soft opt-in basis from prior purchasers of similar Services), we may send marketing communications about new features, offers, and related products. You may withdraw consent at any time by clicking the unsubscribe link in any marketing email or by emailing info@restaurantmanage.com. Withdrawal does not affect the lawfulness of prior processing or our right to send transactional messages.

Commercial electronic messages directed to recipients in Türkiye are subject to Law No. 6563 (Electronic Commerce Regulation) and the İYS (İleti Yönetim Sistemi).

17. Changes to This Policy

We may modify this Privacy Policy from time to time. For material changes, we will provide reasonable notice — typically thirty (30) days — by (a) sending an email to the address associated with your account, (b) displaying a prominent in-app or in-web notice, and (c) posting the updated version with a new "Last Updated" date at the top of this page. For non-material changes (clarifications, typo fixes, sub-processor list updates within the same risk profile, legal-citation refinements), we may post the updated version without prior individual notice. Your continued use of the Services after the effective date of an update constitutes acceptance of the updated policy. If you do not agree to a material change, your sole remedy is to discontinue use and, for paid Subscriptions, request termination per the Subscription Agreement.

18. Disclaimer of Warranties

THE SERVICES ARE PROVIDED ON AN "AS IS" AND "AS AVAILABLE" BASIS WITHOUT WARRANTIES OF ANY KIND, WHETHER EXPRESS, IMPLIED, STATUTORY, OR OTHERWISE. To the maximum extent permitted by applicable law, RestaurantManage and its sole proprietor, affiliates, employees, licensors, and suppliers disclaim all warranties of merchantability, fitness for a particular purpose, title, non-infringement, accuracy of data, quiet enjoyment, and any warranties arising from a course of dealing or usage of trade. We do not warrant that the Services will be uninterrupted, error-free, secure, or free of viruses or other harmful components, nor do we warrant the accuracy, completeness, timeliness, or suitability of any content, menu item data, translations, mapping, routing, tax calculations, allergen declarations, currency conversions, or third-party information displayed through the Services. Some jurisdictions do not allow the exclusion of certain warranties; in those jurisdictions, some of the above exclusions may not apply to you.

19. Limitation of Liability

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT SHALL RESTAURANTMANAGE, ITS SOLE PROPRIETOR, AFFILIATES, EMPLOYEES, LICENSORS, OR SUPPLIERS BE LIABLE FOR ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, EXEMPLARY, OR PUNITIVE DAMAGES, INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, REVENUE, GOODWILL, DATA, BUSINESS INTERRUPTION, OR SUBSTITUTE SERVICE COSTS, ARISING OUT OF OR IN CONNECTION WITH YOUR USE OF THE SERVICES, WHETHER BASED ON CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY, OR ANY OTHER LEGAL THEORY, AND WHETHER OR NOT RESTAURANTMANAGE HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The aggregate liability of RestaurantManage for all claims arising out of or relating to the Services in any twelve (12) month period shall not exceed the greater of: (a) the total fees actually paid by the Subscriber to RestaurantManage during the twelve (12) months immediately preceding the event giving rise to the claim, or (b) one hundred United States Dollars (USD 100) for users on free tiers or non-paying end consumers.

Nothing in this Privacy Policy excludes or limits liability that cannot be excluded or limited under applicable law, including liability for death or personal injury caused by negligence, fraud or fraudulent misrepresentation, gross negligence, willful misconduct, or any other liability that cannot be limited by contract.

20. Indemnification

You agree to defend, indemnify, and hold harmless RestaurantManage, its sole proprietor, affiliates, licensors, and service providers from and against any and all claims, liabilities, damages, judgments, awards, losses, costs, expenses, and fees (including reasonable attorneys' fees) arising out of or relating to: (i) your access to or use of the Services; (ii) your violation of this Privacy Policy or any other applicable terms; (iii) your violation of any third-party right, including without limitation any intellectual property, privacy, consumer-protection, food-safety, or tax regulation; (iv) any content you submit, post, or transmit through the Services, including menu items, pricing, allergen declarations, customer data, and order content; and (v) any dispute between you and a third party (including diners, couriers, employees, suppliers, or other restaurants). RestaurantManage reserves the right to assume the exclusive defense and control of any matter subject to indemnification, in which case you agree to cooperate with our defense. This Section 20 does not apply to consumers to the extent prohibited by applicable mandatory consumer-protection law.

21. User Content and Data Accuracy

You are solely responsible for the accuracy, completeness, legality, and quality of all data, content, and information you submit to the Services, including without limitation menu item names, descriptions, prices, allergen and dietary declarations, nutritional information, tax categories, delivery addresses, customer contact details, order contents, and staff records. RestaurantManage does not verify, validate, or moderate Subscriber-provided content and assumes no responsibility for errors or omissions therein. You acknowledge that incorrect allergen or dietary declarations may cause harm to end consumers and you agree to bear sole responsibility for any resulting claim.

The Services are software tools and do not constitute legal, tax, accounting, financial, medical, nutritional, food-safety, or regulatory advice. Tax rates, currency conversions, allergen warnings, nutritional information, route times, and similar outputs are provided for convenience only and may not reflect current law or conditions in your jurisdiction. You should consult a qualified professional before relying on any output of the Services for legal, regulatory, or health-related decisions.

22. Third-Party Services Disclaimer

The Services integrate with or link to third-party services, including without limitation Apple App Store, Google Play, Google Maps, OpenStreetMap, payment processors, SMS gateways, email providers, AI translation services, mapping tile providers, and cloud hosting providers (collectively, "Third-Party Services"). RestaurantManage does not control, endorse, or assume responsibility for any Third-Party Service, including its content, accuracy, availability, security practices, privacy policies, or terms of use. Your use of any Third-Party Service is governed solely by the agreement between you and that third party. RestaurantManage shall not be liable for any loss or damage arising from your reliance on or use of Third-Party Services, including delivery routing errors, mapping inaccuracies, payment processor failures, or translation errors.

23. Force Majeure

Neither party shall be liable for any failure or delay in the performance of its obligations under this Privacy Policy (excluding payment obligations) to the extent such failure or delay results from causes beyond its reasonable control, including without limitation acts of God, earthquake, flood, fire, war, armed conflict, terrorism, civil unrest, riots, strikes or labor disputes, epidemic or pandemic, governmental or regulatory action, embargo, sanctions, internet or telecommunications outage, denial-of-service attack or other cyberattack, failure of third-party hosting or cloud infrastructure providers, power failure, or any other event of force majeure (mücbir sebep). The affected party shall promptly notify the other party and use commercially reasonable efforts to resume performance. This provision does not excuse personal-data breach notification obligations under applicable law, which remain in full force.

24. Account Termination

We may, at our sole discretion and without prior notice (except where notice is required by mandatory consumer-protection law), suspend, restrict, or terminate your access to all or part of the Services if: (a) you breach this Privacy Policy or any applicable terms; (b) we reasonably suspect fraud, abuse, money laundering, sanctions violation, or illegal activity in connection with your account; (c) your payment is overdue; (d) continued provision of the Services would violate applicable law or expose us to legal risk; or (e) ordered by a court, regulator, or app store. Upon termination, you remain liable for amounts accrued, and we will return or delete Subscriber Personal Data in accordance with our Data Processing Addendum. Termination of a consumer account will be preceded by reasonable notice and a statement of reasons in accordance with the Digital Services Act (Regulation (EU) 2022/2065) Art. 17 where applicable.

25. Governing Law and Jurisdiction

This Privacy Policy and any dispute arising out of or relating to it or the Services shall be governed by and construed in accordance with the laws of the Republic of Türkiye, without giving effect to any choice-of-law or conflict-of-law rules. The parties irrevocably submit to the exclusive jurisdiction of the Istanbul Çağlayan Courts and Enforcement Offices (İstanbul Çağlayan Mahkemeleri ve İcra Daireleri) for the resolution of any dispute. Disputes between merchants (tacir) shall first be submitted to mandatory commercial mediation (arabuluculuk) under Turkish Commercial Code Art. 5/A before litigation may be commenced.

Notwithstanding the foregoing, if you are a consumer habitually resident in the European Union, the European Economic Area, the United Kingdom, or Switzerland, you retain the protection of mandatory provisions of the law of your country of residence under Article 6 of Regulation (EC) No 593/2008 (Rome I), and you may bring proceedings in the courts of your country of residence in accordance with Article 18 of Regulation (EU) No 1215/2012 (Brussels I Recast). EU consumers may also use the Online Dispute Resolution platform of the European Commission at https://ec.europa.eu/consumers/odr.

If you are a resident of the United States, you and RestaurantManage agree that any dispute, claim, or controversy arising out of or relating to this Privacy Policy or the Services shall be brought solely in your or RestaurantManage's individual capacity, and not as a plaintiff or class member in any purported class action, collective action, private attorney general action, or other representative proceeding. You hereby waive any right to participate in a class action lawsuit or class-wide arbitration. If a court determines that this class waiver is unenforceable, then the entire dispute resolution provision shall be null and void as to that claim.

26. Dispute Resolution / Informal Negotiation

Before filing any claim against RestaurantManage, you agree to attempt to resolve the dispute informally by sending a written notice describing the claim and the relief sought to info@restaurantmanage.com. The parties shall negotiate in good faith for at least sixty (60) days following receipt of such notice. Only if the dispute is not resolved within that period may either party initiate court or mediation proceedings. The statute of limitations and any filing-fee deadlines shall be tolled during the informal-resolution period. Nothing in this section prevents either party from seeking urgent injunctive or interim relief from a court of competent jurisdiction.

27. Survival, Severability, Entire Agreement

The following provisions survive termination or expiration of this Privacy Policy for any reason: definitions; Sections 9 (Data Retention), 10 (Data Security), 13 (Your Rights), 18 (Disclaimer of Warranties), 19 (Limitation of Liability), 20 (Indemnification), 23 (Force Majeure), 25 (Governing Law and Jurisdiction), 26 (Dispute Resolution), and any other provision that by its nature should survive.

If any provision of this Privacy Policy is held by a court of competent jurisdiction to be invalid, illegal, or unenforceable, that provision shall be modified to the minimum extent necessary to make it enforceable or, if no modification is possible, severed from this Privacy Policy, and the remaining provisions shall continue in full force and effect.

This Privacy Policy, together with the applicable Subscription Agreement, Data Processing Addendum, mobile end-user license agreements, and any policies referenced herein, constitutes the entire agreement between you and RestaurantManage with respect to the subject matter and supersedes all prior or contemporaneous communications and proposals, whether oral or written. No modification, amendment, or waiver of any provision shall be effective unless made in writing and signed (including by electronic signature) by an authorized representative of RestaurantManage, except as expressly permitted in the Changes to This Policy section above.

28. Contact and Complaints

If you have any questions, concerns, or complaints about this Privacy Policy or your personal data, please contact us:

Supervisory authorities for unresolved complaints: