Summary
- We collect only what's needed to operate the platform.
- We don't sell your data or your diners' data.
- We don't use your data to train models.
- You can export your data at any time, in CSV.
- Payments go directly to your Stripe account — we don't hold your funds.
1. Who this applies to
This policy covers two kinds of users:
- Restaurant operators — the businesses and staff using the Nordkestrel admin portal.
- Diners — customers who order through a Nordkestrel-hosted storefront.
Where practices differ, we call it out below.
2. What we collect
Restaurant operators
- Account info — name, email, phone (optional), role in the restaurant. Managed via Clerk.
- Restaurant info — business name, address, hours, menu, branding, tax settings.
- Operational data — orders placed, payouts, staff actions (audit log).
- Billing info — handled by Stripe; we see plan, invoice status, and the last four digits of the card.
Diners
- Order details — items, modifiers, price, timestamps, fulfillment choice.
- Contact — name, email, phone (where the diner provides them for pickup/delivery coordination).
- Payment — processed by Stripe; we never see the card number or CVV.
- Technical — IP, browser, device type for fraud and rate-limit protection. We do not use third-party ad trackers.
3. Why we collect it
- To operate the service (show menus, process orders, route payouts, send receipts).
- To secure the platform (detect abuse, rate-limit, audit sensitive actions).
- To support you (diagnose issues, respond to requests).
- To communicate with you about your account (billing, security, product changes).
We do not run behavioral ad networks and do not share your data with ad platforms.
4. Who we share it with
We use a small set of service providers, each bound by a data-processing agreement:
- Cloudflare — hosting, DNS, DDoS protection.
- Stripe — payment processing. Cardholder data never touches our servers.
- Clerk — authentication and session management.
- Resend — transactional and campaign email delivery.
We share data with these providers only as needed to deliver the service. We do not sell your data.
5. How long we keep it
- Active account data — as long as the account is active.
- Deleted accounts — operational data is purged within 30 days of confirmed deletion; backups rotate out within 90 days.
- Tax-relevant records — retained for the period required by applicable tax law, even after account deletion.
- Audit logs — retained for 12 months for security investigations.
6. Your rights
Depending on where you live, you have the right to:
- Access the data we hold about you;
- Correct inaccurate data;
- Export your data in a portable format;
- Delete your data (subject to legal retention requirements);
- Withdraw consent for optional processing.
Restaurant operators can export and delete most data directly from the dashboard. For anything else — or for diner data requests — contact us and we will respond within 30 days.
7. Diner requests
Diner data (orders, contact info, saved payment methods) is stored on behalf of the restaurant that took the order. If you are a diner requesting access or deletion, contact the restaurant directly — they control the data. We will assist the restaurant in fulfilling the request.
8. Security
See our security page for the technical controls we apply. In short: TLS in transit, encryption at rest, principle-of-least-privilege access, audit logging on admin actions.
9. International transfers
Nordkestrel is operated from Canada. Data may be processed in Canada, the United States, and the European Union depending on which region a given provider serves your request from. We rely on the contractual protections offered by our providers (Cloudflare, Stripe, Clerk, Resend) for cross-border transfers.
10. Children
Nordkestrel is not intended for children under 13. We do not knowingly collect data from children. If you believe we have, contact us and we will remove it.
11. Changes to this policy
We may update this policy. Material changes will be communicated by email and through a notice on this page at least 14 days before taking effect.
12. Contact
Privacy questions or data requests: contact us.