Privacy Policy

Last updated: 20 June 2026

This Privacy Policy explains how Insylo AI ("Insylo", "we", "us") collects, uses, protects and shares information when you use our platform, websites, applications and APIs (the "Service"). It applies to business owners and their teams ("Merchants") and to the diners and end-users ("Customers") who use a Merchant's menu. By using the Service you agree to this Policy, which should be read together with our Terms & Conditions.

Our core promises

  • We do not sell your data, and we do not share it with anyone for their own purposes.
  • Your revenue and financial data is never accessed or shared with anyone without the owner's consent.
  • We only use trusted sub-processors needed to run the Service, under confidentiality.

1. Roles (who controls your data)

For data about a Merchant's own customers and operations, the Merchant is the data controller and Insylo acts as a processor, handling that data on the Merchant's instructions to provide the Service. For our own account, billing and website data, Insylo is the controller.

2. Information we collect

  • Account & business details: name, email, phone, business name, address, logo, plan and team members.
  • Menu & catalogue: items, categories, prices, photos, descriptions and tax settings.
  • Orders & sales: items ordered, quantities, order times, table numbers and order status.
  • Reviews & feedback: ratings, review text and replies.
  • Customer data the Merchant collects: diner name, phone, and order history.
  • Payment metadata: amount, status and references from our payment processor. We do not store full card numbers.
  • Revenue & financial figures: totals, billing and reports tied to a Merchant's account.
  • Usage & device data: log data, device/browser info and cookies used to operate and secure the Service.

3. How we use information

  • to provide, maintain and secure the Service and your account;
  • to process orders and payments and generate bills, invoices and reports;
  • to provide analytics, insights and AI-assisted features to the Merchant;
  • to send service messages and, where permitted, product updates;
  • to prevent fraud and abuse and to comply with law.

4. Revenue and financial data — special protection

Your revenue and financial figures belong to you. We access them only as needed to provide the features you use (for example, to show your own reports and process your subscription billing). We do not access, disclose, sell or share your revenue or financial data with any third party, and we do not use it for AI model training, without the business owner's explicit consent, except where strictly required by law. Within your business, access to this data is limited to the roles you authorise.

5. AI features and model training

To build and improve our AI features (such as review replies, menu and marketing suggestions, and insights), we may train and evaluate models using certain operational data — for example, reviews, menu and items sold, and order patterns. Where feasible we use aggregated or de-identified data for this purpose, and we apply safeguards so that one business's confidential information is not exposed to another business through our models.

We do not train models on your revenue or financial figures, or on personally identifiable Customer contact details, without consent. We do not sell your data to third parties or hand it to external advertisers for their own model training.

6. When we share information

We do not sell your data and do not share it with anyone for their own purposes. We share information only:

  • with sub-processors that help us run the Service (e.g. cloud hosting, payment processing, messaging and analytics), under contracts requiring confidentiality and security;
  • with a Merchant, for the Customer data and orders relating to that Merchant's business;
  • where you direct us to (for example, an integration you enable);
  • to comply with law, enforce our terms, or protect the rights and safety of users; and
  • as part of a business transfer (e.g. merger or acquisition), with notice.

7. Sub-processors

We rely on reputable providers for cloud hosting and database, payment collection (such as Razorpay and UPI rails), messaging (such as WhatsApp/Meta and email/SMS), and product analytics. These providers process data only to deliver their service to us and are bound by confidentiality.

8. Data retention

We keep information for as long as your account is active and as needed to provide the Service, then for any additional period required to meet legal, tax, accounting or dispute-resolution obligations. You can request deletion as described below; some records may be retained where the law requires.

9. Security

We use technical and organisational measures — including encryption in transit, access controls and role-based permissions — to protect your data. No method of transmission or storage is completely secure, but we work to protect your information and to notify you of significant incidents as required by law.

10. Your rights and choices

Subject to applicable law, including the Digital Personal Data Protection Act, 2023, you may request access to, correction of, or deletion of your personal data, and you may withdraw consent. Merchants can manage much of their data directly in the dashboard and control who on their team can view sensitive areas such as revenue reports. To exercise your rights, contact us using the details below. Customers should contact the Merchant for data the Merchant controls.

11. Cookies

We use cookies and similar technologies to keep you signed in, remember preferences, secure the Service and understand usage. You can control cookies through your browser settings; disabling some may affect functionality.

12. Children

The Service is intended for businesses and adults. We do not knowingly collect personal data from children except non-identifying order information a Customer may provide when placing an order.

13. Changes to this Policy

We may update this Policy from time to time. If we make material changes we will update the "last updated" date and, where appropriate, notify you through the Service.

14. Contact us

For privacy questions or requests, contact us via our contact page or at privacy@insyloai.com.

By using Insylo AI you acknowledge that you have read and understood this Privacy Policy.