Terms of Service & Privacy Policy
How we handle your data when you order at a Servly-powered restaurant.
What is Servly?
Servly is a digital ordering platform for restaurants. When you scan a QR code at a participating restaurant, you can browse the menu, place an order, and pay at the counter — all from your phone. Servly acts as a technology provider connecting you with the restaurant.
Important: Servly does not prepare, handle, or deliver food. The restaurant is solely responsible for food quality, preparation, hygiene, and FSSAI compliance.
A. Data We Collect
| Data | When Collected | Why |
|---|---|---|
| Phone number | When you place your first order (OTP verification) | To create your account, verify identity via OTP, and enable order communication |
| Name | When you create your account | To personalise your experience and associate orders with your identity |
| Order details | Each time you place an order | To process your order and share it with the restaurant for fulfillment |
| IP address | Automatically on each visit | For platform security, fraud prevention, and legal compliance under the DPDP Act |
| Device information | Automatically on each visit | Browser type and OS — to ensure the application renders correctly on your device |
What we do NOT collect
- Your precise GPS location (unless you explicitly share it)
- Your contacts, photos, or media files
- Any biometric data (fingerprint, face scan)
- Credit card, debit card, or bank account details (payments are in cash)
B. How We Use Your Data
| Purpose | Legal Basis (DPDP Act 2023) |
|---|---|
| Processing and fulfilling your food order | Legitimate use — Section 7(a): data voluntarily provided for a specified purpose |
| Sharing order details with the restaurant | Legitimate use — necessary for order fulfillment |
| Sending OTP codes and order status updates | Legitimate use — necessary for service delivery |
| Platform security and fraud prevention | Legitimate use — necessary for safe operation of the service |
| Service improvement through anonymised analytics | Anonymised data falls outside the scope of the DPDP Act |
What we will NEVER do
- Sell your personal data to any third party
- Use your data for purposes beyond what is listed above
- Share your phone number with restaurants for independent marketing
- Train artificial intelligence models on your personal data
- Send marketing messages without your explicit, separate consent
C. Data We Share With the Restaurant
When you place an order, the restaurant receives your name, order details, and phone number (only if needed for order communication).
Each restaurant is contractually required to: use your data only for order fulfillment, not share it with third parties, not use your phone number for marketing, and delete your data upon termination of their agreement with Servly.
D. Data Retention
| Data Type | How Long We Keep It |
|---|---|
| Account data (name, phone number) | Until you request deletion, plus 6 months for fraud prevention |
| Order history | 24 months from the date of each order |
| Consent records | 3 years after your last interaction with Servly |
| IP address and device logs | 12 months |
Financial records (GST/tax) may be retained for up to 8 years as legally required.
E. Your Rights Under the DPDP Act 2023
To exercise any of these rights, contact our Grievance Officer. We will acknowledge your request within 48 hours.
F. Data Security
- Encryption in transit (HTTPS/TLS) and at rest
- Database-level tenant isolation using PostgreSQL Row Level Security (RLS)
- Rate limiting on all public-facing endpoints to prevent abuse
- Access controls ensuring only authorised personnel can access customer data
- Audit logging of all sensitive operations
In the event of a personal data breach, we will notify the Data Protection Board of India and all affected users as required under Section 8(6) of the DPDP Act, 2023.
G. Children's Data
Servly is intended for users aged 18 years and above. If you are under 18, you may use Servly only with the knowledge and consent of your parent or legal guardian. We do not knowingly collect personal data from children without verifiable parental consent, as required under Section 9 of the DPDP Act, 2023.
H. Third-Party Services
| Service | Purpose | Data Shared |
|---|---|---|
| Oracle Cloud Infrastructure | Backend hosting and database | All platform data (stored securely) |
| Cloudflare | Frontend hosting, CDN, DDoS protection | Page requests, IP address |
| MSG91 | OTP delivery via SMS | Phone number (for verification only) |
J. Terms of Use
- Service Description: Servly is a technology intermediary — the restaurant is solely responsible for food quality, preparation, hygiene, and service.
- Account: One account per phone number. You are responsible for keeping your OTP code confidential.
- Orders: Once confirmed, orders cannot be cancelled through Servly. Contact the restaurant directly for modifications.
- Payments: All payments are made in cash directly to the restaurant. Servly does not process or store any payment or financial information.
- Acceptable Use: You agree not to use Servly for fraudulent orders, impersonation, harassment, or any purpose unlawful under Indian law.
- Limitation of Liability: Servly is not responsible for food quality, preparation time, hygiene standards, or any health issues arising from food consumed. Servly's total liability shall not exceed the value of your most recent order.
- Dispute Resolution: Disputes shall be resolved through arbitration in Ahmedabad, Gujarat, under the Arbitration and Conciliation Act, 1996.
- Governing Law: These terms are governed by the laws of India, subject to the exclusive jurisdiction of courts in Ahmedabad, Gujarat.
K. Grievance Officer
As required under Section 8(10) of the Digital Personal Data Protection Act, 2023:
If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India (once constituted and operational).