Privacy Policy

1. Data We Collect

We collect data to provide a seamless, real-time digital dining and operational experience. The information collected depends on how you interact with the MirnoFlow platform:

2. Legal Basis and Purpose of Processing

In compliance with the KSA PDPL, MirnoFlow processes personal data based on explicit consent and the performance of a contract. We process data for the following specific purposes:

• Order Fulfillment: Routing diner orders directly to the restaurant's Kitchen Display System (KDS) in real time.
• Identity Verification: Utilizing OTP SMS/Email services to authenticate diners and securely log in restaurant administrators.
• Regulatory Compliance: Assisting merchants in displaying mandatory Saudi Food and Drug Authority (SFDA) nutrition, allergen, and calorie disclosures.
• Platform Analytics: Aggregating non-identifiable dining trends to help restaurants track high-performance menu items.

3. Data Sharing and Third-Party Processors

We do not sell, rent, or trade personal data to third-party marketers. Data is shared strictly with essential technical infrastructure providers to operate the application services:

• Database & Infrastructure Support: We utilize Supabase as our secure data storage and management layer.
• Communication Services: Authentication OTPs and transactional communications are securely routed using Resend.
• Payment Gateways: Financial processing is routed through licensed Saudi local payment aggregators (such as Moyasar, Geidea, or PayTabs) to process Mada, Apple Pay, and credit card transactions safely.
• Legal Authorities: Data may be disclosed if explicitly mandated by Saudi law, SDAIA regulations, or formal judicial decrees.

4. Data Localization and Security

• Storage Framework: In compliance with local Saudi data residency requirements, all primary transactional and user records are hosted and managed securely, utilizing strict encryption protocols for data both at rest and in transit (SSL/TLS).
• Security Standard: We maintain rigorous physical, electronic, and procedural safeguards to prevent unauthorized access, alteration, or leaks of customer or corporate business records.

5. Your Rights Under the KSA PDPL

Under the Saudi Personal Data Protection Law, both Diners and Merchants possess explicit statutory rights regarding their personal information:

• Right to Knowledge/Access: You have the right to know exactly what data we collect and request a copy of the personal information stored in our system.
• Right to Correction: You have the right to request updates or corrections to any inaccurate or incomplete data.
• Right to Destruction: You may request the permanent deletion of your personal data from our servers, subject to the resolution of active financial transactions or local accounting preservation laws.
• Right to Withdraw Consent: You can revoke your consent for data processing at any time (e.g., opting out of automated system communications).

6. Cookies and Tracking Technologies

MirnoFlow utilizes minimalist local browser storage and session cookies to track active customer trays, keep menu translations (Arabic/English/Urdu) localized, and preserve table identity metrics while a customer browsing session remains active. Disabling browser cookies may prevent the instant table ordering interface from operating smoothly.

7. Contact and Regulatory Compliance

For any questions regarding this Privacy Policy, your legal data rights, or to submit a formal data destruction request, please contact our internal data officer: