Privacy policy
This policy is published by Delitero ("we", "us"), the operator of delitero.com and the ordering service described below. It is written to be read: what we store, why, and what we will never do with it.
support@delitero.com1. Overview
Delitero is self-serve online ordering software for restaurants in the United States. This policy covers everyone who touches the service: restaurants (the owners, managers, staff, and drivers of restaurants that use Delitero), diners (people who order food from a restaurant's ordering page or embedded widget; diners have no Delitero account), and visitors to delitero.com.
The short version: we store what is needed to take and fulfill orders, plus the waitlist addresses people leave us on delitero.com, and nothing else. Card numbers go to Stripe, never to us. There are no advertising trackers and no analytics cookies on any customer-facing page. We do not sell personal data, and we never market to a restaurant's diners.
2. Information we store
Restaurant accounts. When you sign up and run a restaurant on Delitero we store: your account name, email address, and password (stored only as a salted hash, never in plain text); your restaurant profile (name, phone, email, address, time zone, opening hours, tax rate, pickup and delivery settings, and the phone number you choose for order escalation calls); your menu (categories, items, descriptions, prices, availability, and the photos you upload); your team (the name, email, and role of each member you invite); your kitchen devices (device names, pairing state, and any push notification token the device registers); your courier accounts (each driver's name, email, phone, password hash, and on-shift status); your Stripe connected account identifier and whether charges are enabled (we never store your bank details or any card data); your promotions and receipt branding; and your order history with its event log.
While a courier is out on a delivery, their app may send location updates so you can see where your delivery is. Location is kept only for the active delivery and is visible to your restaurant, never to diners or the public.
Diners. A diner places an order without an account. For each order we store: name and phone number, and an email address if the diner chooses to give one (used to send the receipt); for delivery orders, the delivery address (street, unit, city, state, ZIP) and any delivery note; the order itself (items, options, per-item notes, order note, prices, tax, delivery fee, tip, any promo code used, timestamps, and the order's status history); and payment references reported to us by Stripe after payment (the card brand, the last four digits of the card, and Stripe's payment and charge identifiers). We never receive or store the full card number (see section 4).
Automatically. Like any web service, our infrastructure processes IP addresses and basic request metadata (URLs, timestamps, user agent) to serve requests, enforce rate limits, prevent abuse, and debug problems. These server logs are operational, not marketing data. We run no analytics scripts, no advertising pixels, and no third-party trackers on the ordering pages, the admin portal, or the marketing site.
Waitlist. If you leave your email address on the waitlist page, we store that address, the time you submitted it, and the page on our site whose button sent you there. We use it for one thing: telling you when signups open. The form sets no cookie. Your IP address is processed to rate limit the form, as described in the paragraph above, and is not stored with your address.
3. How we use information
We use the data above for running the ordering service, with one exception, the waitlist described below. Concretely: showing a restaurant's menu and taking orders; passing each order to the restaurant's kitchen and, for delivery, to the restaurant's driver; processing payment through Stripe and recording the result; sending transactional email only (order receipts to diners who gave an email, and account emails to restaurant users such as email verification, password reset, and team invites); alerting the restaurant when a paid order sits unaccepted (first on the kitchen screen, then by SMS, then by a voice call to the restaurant's own configured number, via Twilio; these messages go to the restaurant, never to diners); showing restaurants their own order history and sales figures; and securing the service through rate limiting, abuse prevention, and debugging.
We send no marketing email. No newsletter exists, and diner emails are never used for promotion. The one exception is the waitlist: if you asked us to tell you when signups open, we will send you that single announcement, and nothing after it unless you become a customer.
We do not use personal data for advertising, profiling, or training models, and we do not combine data across restaurants.
4. Payments and Stripe
Card details never touch Delitero's servers. The payment form on the ordering page is Stripe's Payment Element: the card number, expiry, and security code go from the diner's browser directly to Stripe. Each payment is a direct charge on the restaurant's own Stripe account.
After payment, Stripe tells us the outcome and the card's brand and last four digits, which we store so the restaurant and the diner can recognize the payment on receipts and order screens.
Stripe processes payment data under its own terms and privacy policy (stripe.com/privacy). Refunds are issued by the restaurant and processed by Stripe back to the original payment method.
5. Cookies and device storage
We use almost none, and none for tracking.
Admin portal: one session cookie that keeps you signed in. It is httpOnly (not readable by page scripts) and expires after 7 days. Signing out or changing your password invalidates sessions.
Ordering pages and widget: no cookies. After you place an order, your browser's sessionStorage holds a summary of it so your confirmation and status page can show your items on the same device. It never leaves your browser and is cleared when the tab session ends. The order status link itself contains a long unguessable order ID; treat the link like a receipt and do not share it if you do not want someone to see the order.
Marketing site (delitero.com): no cookies, no analytics, no trackers.
Because there are no advertising or analytics cookies anywhere, there is no cookie banner and nothing to opt out of.
6. Your customers' data
If you run a restaurant on Delitero, your diners are your customers. Their names, contact details, addresses, and order history belong to your business. Our role is to process that data to run your ordering.
We never sell it, never rent it, never use it to market anything to your diners, and never share it with other restaurants. If you leave Delitero, your customer data leaves with you (section 9), and your diners' relationship with you is unaffected.
7. Service providers
We use three infrastructure providers, each processing data only to provide their service to us.
Cloudflare hosts the entire platform (compute, databases, file storage) and sends our transactional email. Serving is US-based for this US-only product. It processes all service data described in section 2, in encrypted-at-rest storage, plus email contents and recipient addresses.
Stripe processes payments on each restaurant's own Stripe account. It processes the card and payment data described in section 4.
Twilio delivers the SMS and voice alerts to restaurants about unaccepted orders, where the restaurant has this configured. It processes the restaurant's configured phone number and the alert content (order number, not diner details).
We add no others without updating this policy.
8. When we share information
We do not sell personal data. We do not share it with advertisers, data brokers, or "partners". Data leaves Delitero only in these cases: to the service providers in section 7, to run the service; between the parties to an order (the restaurant sees the diner's order details, and the restaurant's assigned driver sees the delivery name, phone, address, and items, never prices or payment details); if the law requires it (we comply with valid legal process, and where lawful and practical we will tell the affected restaurant); and if the business changes hands (if Delitero is acquired or merges, data transfers to the successor bound by this policy's commitments, and restaurants will be notified).
9. Data you can export
Everything your restaurant has in Delitero is visible in your admin portal: your menu, your team, your settings, and your full order history including your customers' contact details.
A self-serve one-click export does not exist yet. Until it ships, the commitment is manual: email us at support@delitero.com and we will provide your complete order history and customer data in a portable format, whether your account is open or closed. Your data is yours; we will not hold it hostage.
10. Data retention
Honest state of affairs: the service does not yet delete data automatically.
Completed orders and their event logs are kept indefinitely so restaurants have a permanent order history and sales record. Unpaid checkout attempts are cancelled automatically after 2 hours; their details remain in the order log. Restaurant account data is kept while the account is open. Courier location points are kept only for the delivery in progress. Operational server logs are short-lived and used only as described in section 2.
There is no self-serve account deletion yet. If you want your account and its data deleted, or if you are a diner who wants your order data deleted, email support@delitero.com. We will honor the request, except where the restaurant needs the record for tax, accounting, or legal reasons (for diner data, we will refer the request to the restaurant, which is the business you bought from).
Waitlist addresses are kept until signups open and the announcement has been sent. After that we delete them; like everything else in this section, that deletion is manual today. To be removed sooner, email support@delitero.com.
11. Security
All traffic is encrypted in transit (TLS). Data is encrypted at rest by our infrastructure provider. Passwords are stored as salted hashes, never in plain text. Admin sessions use httpOnly cookies; API access is role-gated per team member, and role changes and removals take effect immediately. Changing or resetting a password revokes all other sessions for the account. Kitchen devices authenticate with their own revocable tokens, so no owner credentials sit on a kitchen counter. Card data never reaches our systems (section 4).
No system is perfectly secure. If we learn of a breach affecting your data, we will notify you and the authorities as required by law.
12. Your choices and rights
You can view and correct restaurant account data in the admin portal at any time. Diners can contact the restaurant or us about their order data (section 10).
Depending on where you live, state privacy laws (such as the California Consumer Privacy Act) may give you rights to access, correct, delete, or port personal data, and to opt out of its sale or sharing. We do not sell or share personal data in the sense those laws regulate, and we will honor access, correction, and deletion requests as described above regardless of whether a statute currently obliges us to.
To exercise any of this, email support@delitero.com. We will verify the request and respond within 45 days.
13. Children
The service is not directed at children. You must be 18 or older to open a restaurant account. Ordering pages are general-audience commerce pages, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has submitted personal information to us, email support@delitero.com and we will delete it.
14. United States only
Delitero serves restaurants in the United States, and the service is hosted and operated for the US. Do not use the service from jurisdictions where its data practices would not be lawful.
15. Changes and contact
When this policy changes we will post the updated version with a new effective date. For material changes we will email restaurant account owners before the change takes effect. Keeping your account after the effective date means the updated policy applies.
Privacy questions and requests: support@delitero.com.
This policy will be restated under Delitero's legal entity once it is formed; any material change follows the notice process in section 15. Privacy questions? support@delitero.com.