Last updated: April 11, 2026
Data Processing Overview (Guests)
Activities that may be mirrored in business DPAs
Purpose
This overview summarizes typical processing activities for guest data. Enterprise customers (restaurant groups) may execute a separate Data Processing Agreement (DPA) that incorporates technical and organizational measures, subprocessors, and cross-border transfer tools.
Subject matter and duration
Subject matter: guest account, reservation, order, and communications data processed through Smart Dining. Duration: for the life of the account and as needed for legal, tax, and dispute resolution afterward.
Nature of processing
Collection through apps and sites; storage in cloud databases; transmission to restaurants and processors; automated fraud screening; logging and monitoring; deletion or anonymization according to retention rules.
Subprocessors
We maintain a current list of infrastructure, communications, analytics, and payment subprocessors available to enterprise customers upon request. We impose written security and confidentiality obligations.
Assistance with data subject requests
Where we process data on behalf of a Restaurant, we assist the Restaurant in responding to individuals’ rights requests as required by the DPA and law.