Tableside Customer Privacy Practices
Effective Date: January 23, 2026
For complete details, please review the full document.
Download PDF of Full Customer Privacy PracticesNot a customer yet? See our Website Privacy Policy for information about visiting TablesidePOS.com.
Already a customer? This summary covers our data processing practices, security measures, compliance certifications, and your rights. These practices supplement the data ownership and security terms in Section 5 of our Terms of Service.
Questions? privacy@TablesidePOS.com
YOUR DATA, YOUR RIGHTS
| Data Type | Who Controls It | How We Use It | Your Rights |
|---|---|---|---|
| Account Data (Your business info, billing) | Tableside (Data Controller) | Provide service, billing, support | Access, correct, delete, export |
| Operational Data (Transactions, inventory, employees) | You (Data Controller) / Tableside (Data Processor) | Only as you direct - we process on your behalf | Full control - access, modify, delete, export anytime |
| Employee Data | You (Data Controller) / Tableside (Data Processor) | Scheduling, time tracking, performance - as you direct | Employees contact you; you control their data |
| Customer/Guest Data | You (Data Controller) / Tableside (Data Processor) | Loyalty, reservations, marketing - as you direct | Customers contact you; you control their data |
| Payment Card Data | PCI Level 1 Certified Payment Processor | We never store full card numbers - tokenized only | Contact your payment processor for card data |
| Anonymized Data | Tableside | Platform improvement, AI training, industry insights | Opt out anytime - email privacy@TablesidePOS.com |
| Social Media Data | You (Data Controller) / Tableside (Data Processor) / Social Platforms (Joint Controllers) | Social login, posting, advertising - as you direct | Manage via platform settings + contact you for restaurant data |
KEY POLICIES AT A GLANCE
| Topic | Details |
|---|---|
| Data Storage | Stored in the United States; encrypted in transit (TLS 1.3) and at rest (AES-256); SOC 2 Type II certified data centers |
| Payment Security | PCI DSS SAQ 4/3 compliant; we never store full card numbers; end-to-end encryption on all transactions |
| Security Measures | Multi-factor authentication (MFA); role-based access control; 24/7 monitoring; firewall and DDoS protection |
| Third-Party Vendors | We use carefully selected service providers; detailed subprocessor list available to customers - contact privacy@TablesidePOS.com |
| Data Retention | Active while your account is open; 30-day grace period after cancellation to export; transaction and payment records kept 7 years (legal requirement) |
| Breach Notification | We notify you within 72 hours of a confirmed breach; we provide template letters and guidance for your own notification obligations |
| Anonymized Data Use | Used for platform improvement and industry benchmarks; you can opt out at any time without affecting your service or pricing |
| Children's Privacy | Platform is for adults in professional settings; we do not knowingly collect data from children under 13 |
| State Privacy Laws | We comply with CCPA (California), VCDPA (Virginia), CPA (Colorado), CTDPA (Connecticut), and UCPA (Utah) |
| EU/UK (GDPR) | Standard Contractual Clauses available; Data Processing Agreement upon request; you may lodge complaints with your local Data Protection Authority |
| DPA Availability | Available for EU/UK customers or enterprise requirements - email privacy@TablesidePOS.com with subject "DPA Request" |
This summary highlights key points from the full Tableside Customer Privacy Practices document. For complete details, please review the full document.
Questions? Email privacy@TablesidePOS.com