Direct Dine Logo Blog
Contact Us

Privacy Policy

Last Updated: May 8, 2026

Direct Dine ("we", "us", "our") operates the directdine.com website and the Direct Dine platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our Service. Please read this policy carefully. By using the Service, you consent to the practices described herein.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you:

  • Register for an account: business name, owner name, email address, phone number, restaurant address.
  • Join our waiting list: restaurant name, email address or phone number, and your message.
  • Subscribe to our service: billing information processed by our third-party payment processor (Stripe). We do not store your full credit card number.
  • Contact us: any information you include in your correspondence.

1.2 Information Collected Automatically

When you visit our website, we may automatically collect non-personally-identifiable information, including:

  • Device and browser information: browser type, operating system, screen resolution, and device type.
  • Usage data: pages viewed, scroll depth, buttons clicked, time spent on pages, and navigation patterns.
  • Referral data: the website that referred you to us, UTM campaign parameters.
  • Anonymised IP address: we truncate the last octet of your IP address before storage to prevent identification.

This data is collected only after you provide cookie consent and is used solely for marketing analytics to improve our website experience. We do not use this data to identify individual visitors.

1.3 Cookies and Similar Technologies

We use the following types of cookies:

  • Essential cookies: required for the website to function (e.g., CSRF protection). These cannot be disabled.
  • First-party analytics cookies: set by Direct Dine to understand how visitors interact with our website. These are only set after you provide consent via our cookie banner.
  • Google Analytics cookies (_ga, _ga_*): set by Google Analytics 4 to measure aggregated traffic, page views, and engagement. These are only loaded after you provide consent via our cookie banner. We enable IP anonymisation and do not enable Google Signals, advertising features, or remarketing.
  • Cloudflare Web Analytics: our hosting provider Cloudflare collects anonymised performance metrics (page load times, country-level location) via a small JavaScript beacon. This service is cookieless, does not track you across sites, and does not collect personal data. See Cloudflare's Privacy Policy for details.

We do not use third-party advertising cookies, remarketing pixels, or social media trackers. If your browser sends a "Do Not Track" signal, no analytics cookies (first-party or Google Analytics) are loaded regardless of your consent choice.

2. How We Use Your Information

We use the collected information for the following purposes:

  • Provide and maintain our Service: process orders, manage accounts, and operate the platform.
  • Communicate with you: respond to inquiries, send service updates, and provide customer support.
  • Improve our website: analyse aggregated, anonymised usage patterns to enhance user experience.
  • Process payments: facilitate billing through our payment processor.
  • Legal compliance: comply with applicable laws, regulations, and legal processes.

We do not sell your personal information. We do not use your data for automated decision-making or profiling.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, our legal basis for processing your personal data depends on the context:

  • Contract performance: processing necessary to provide the Service you have subscribed to (Article 6(1)(b) GDPR).
  • Consent: analytics cookies are only set after you provide explicit consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.
  • Legitimate interest: communicating service updates and ensuring security (Article 6(1)(f) GDPR).
  • Legal obligation: retaining data required by tax or commercial law (Article 6(1)(c) GDPR).

4. Your Rights

4.1 Rights Under GDPR (EEA, UK, Switzerland)

You have the right to:

  • Access your personal data and obtain a copy.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data ("right to be forgotten").
  • Restrict processing of your data.
  • Data portability: receive your data in a structured, machine-readable format.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time without affecting the lawfulness of prior processing.
  • Lodge a complaint with your local Data Protection Authority.

4.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used.
  • Delete personal information we have collected from you.
  • Opt-out of the sale of personal information. Note: we do not sell personal information.
  • Non-discrimination: we will not discriminate against you for exercising your CCPA rights.

4.3 How to Exercise Your Rights

To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days (or within the timeframe required by applicable law). We may need to verify your identity before processing your request.

5. Data Sharing and Third Parties

We may share your information only in the following circumstances:

  • Payment processors: Stripe processes payments on our behalf. Their use of your data is governed by Stripe's Privacy Policy.
  • Analytics provider: Google LLC processes website usage data on our behalf via Google Analytics 4, only after you provide cookie consent. Their use of your data is governed by Google's Privacy Policy.
  • Hosting and CDN provider: Cloudflare, Inc. delivers our website, provides DDoS protection, and collects anonymised performance metrics via Cloudflare Web Analytics. Their use of data is governed by Cloudflare's Privacy Policy.
  • Legal requirements: if required by law, subpoena, or legal process.
  • Business transfer: in connection with a merger, acquisition, or sale of assets, with notice to you.
  • With your consent: for any other purpose disclosed at the time of collection.

We do not share data with advertising networks, data brokers, or social media platforms, and we do not enable Google Analytics advertising or remarketing features.

6. Data Retention

  • Account data: retained for the duration of your subscription plus 90 days after cancellation.
  • Waiting list data: retained until you request removal or for a maximum of 24 months.
  • First-party analytics data: aggregated, anonymised analytics are retained for up to 24 months on our servers, then automatically purged.
  • Google Analytics data: retained by Google for 14 months at the user/event level, after which it is automatically deleted by Google.
  • Legal/tax records: retained as required by applicable law (typically 7 years for financial records).

7. Data Security

We implement industry-standard security measures including:

  • TLS/SSL encryption for all data in transit.
  • Encryption at rest for sensitive data.
  • Role-based access controls and multi-factor authentication for administrative access.
  • Regular security audits and monitoring.
  • Isolated database architecture to ensure tenant data separation.

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

8. International Data Transfers

Our servers are located in the United States. If you access our Service from outside the US, your information may be transferred to and processed in the US. Google Analytics, our analytics processor, may also process data on Google's global infrastructure (including the United States). We ensure appropriate safeguards (such as the EU-US Data Privacy Framework and Standard Contractual Clauses) are in place for any cross-border data transfers as required by GDPR.

9. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will delete it promptly. If you believe we have inadvertently collected such information, please contact us at [email protected].

10. Do Not Track

Our website respects "Do Not Track" (DNT) browser signals. If your browser sends a DNT signal, we will not set analytics cookies regardless of your cookie consent status.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new "Last Updated" date. For significant changes, we will provide additional notice (such as email notification to account holders). Your continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For GDPR-related inquiries, you may also contact your local supervisory authority.

We value your privacy

We use analytics cookies to understand how visitors interact with our website. No personal data is collected. You can read our Privacy Policy for details.