Privacy

Last updated: 2026-05-09

Roles

Each restaurant or restaurant group is the data controller for guest personal data submitted through their QR campaigns. GuestLoop QR acts as the processor for that data. GuestLoop QR is an independent controller for billing, account administration, security, and product analytics.

Lawful basis

Anonymous operational feedback is collected under legitimate interests (improving service quality). Guest contact information for follow-up is collected only with your explicit consent, separately from any marketing consent. Marketing consent is never pre-checked, and is recorded with the consent text, timestamp, and policy version shown to you.

Your rights

You may request access to, correction of, deletion of, restriction of, or objection to processing of your personal data. You can withdraw any consent at any time. Contact the restaurant directly, or write to privacy@example.com. We respond within statutory timeframes (typically 30 days).

Retention

Default retention: feedback with contact info — 24 months; closed recovery tickets — 12 months; consent logs — until withdrawn plus 36 months; aggregate analytics — 36 months without identifiers; security logs — 12 months. Restaurants may set shorter retention periods.

Security

TLS in transit, AEAD encryption at rest for guest contact PII, role-based access control, audit logging, principle of least privilege, and tenant isolation. Daily backups and a documented incident response plan.

International transfers

Where data leaves your home region, we use contractual safeguards (DPA, SCCs where required) and document transfer impact assessments.