Introduction
Graycrest Technologies Limited values the privacy and trust of every person who interacts with our company, platforms, websites, products, and services.
This Privacy Policy explains how Graycrest Technologies Limited collects, uses, stores, shares, protects, and manages personal data in connection with its technology products and services, including FlowDine, our restaurant ordering and operational management platform.
FlowDine is a product owned and operated by Graycrest Technologies Limited. It helps restaurants manage digital menus, QR code ordering, table orders, staff workflows, payments, order tracking, restaurant reports, and customer service processes. Through FlowDine, restaurant customers may scan a QR code, view a menu, place an order, make payment where applicable, and interact with restaurant staff through the platform.
In providing these services, we may process personal data belonging to restaurant owners, restaurant staff, restaurant customers, website visitors, business partners, vendors, and other users.
This Privacy Policy is prepared in line with the Nigeria Data Protection Act, 2023, applicable data protection principles, and privacy best practices.
Who We Are
Graycrest Technologies Limited is a software and technology company that builds digital products, custom software solutions, websites, mobile applications, cloud systems, and technology platforms for businesses.
For this Privacy Policy: "Graycrest," "we," "us," or "our" means Graycrest Technologies Limited. "FlowDine" means the restaurant technology product owned by Graycrest Technologies Limited. "User," "you," or "your" means any person who uses our website, FlowDine, related dashboards, mobile applications, restaurant portals, customer ordering pages, support channels, or any other Graycrest service.
Purpose of this Privacy Policy
This Privacy Policy is intended to help you understand:
- The type of personal data we collect.
- Why we collect personal data.
- How we use your personal data.
- When we may share your personal data.
- How long we keep your personal data.
- How we protect your personal data.
- Your rights under applicable data protection laws.
- How to contact us about privacy-related concerns.
We are committed to processing personal data fairly, lawfully, transparently, securely, and only for legitimate purposes.
Personal Data We May Collect
The personal data we collect depends on how you interact with Graycrest Technologies Limited, FlowDine, or our other services.
Information from Restaurant Owners and Business Administrators
When a restaurant signs up for FlowDine or contacts Graycrest Technologies Limited, we may collect:
- Full name
- Business name
- Email address
- Phone number
- Restaurant name
- Restaurant address
- Branch details
- Business registration details, where required
- Billing and subscription information
- Login details
- Role and permission details
- Support and communication records
Information from Restaurant Staff
When restaurant staff are added to FlowDine, we may collect:
- Name
- Email address
- Phone number
- Staff role
- Branch or restaurant assignment
- Login credentials
- Order activity logs
- Access permissions
- Staff actions performed on the platform
Information from Restaurant Customers
When customers use FlowDine to interact with a restaurant, we may collect:
- Name, where provided
- Phone number, where required
- Table number or QR code session
- Order details
- Menu items selected
- Payment reference, where payment is made
- Pickup, delivery, or service preferences, where applicable
- Feedback, complaints, or support messages
- Device and session information
In some restaurants, customers may be able to place orders without creating a full account. In such cases, we only collect the information needed to process the order, support the restaurant, confirm payment, or resolve disputes.
Payment and Transaction Information
Where payment is enabled on FlowDine, we may collect or receive:
- Transaction amount
- Payment reference
- Transaction status
- Restaurant linked to the transaction
- Date and time of payment
- Payment provider response
- Refund or dispute information
We do not intentionally store full card numbers, CVV, or sensitive card authentication details. Payments are processed through authorised third-party payment providers.
Technical and Device Information
When you use our website, FlowDine, or related services, we may collect:
- IP address
- Device type
- Browser type
- Operating system
- Login time
- Session information
- Cookies and similar identifiers
- QR code scan activity
- Error logs
- Security logs
- Usage analytics
Communication and Support Information
When you contact us, we may collect:
- Name
- Email address
- Phone number
- Message content
- Complaint details
- Support ticket details
- Records of communication with our team
How We Collect Personal Data
We may collect personal data in the following ways:
- Directly from you when you create an account, contact us, use FlowDine, submit a form, or communicate with us.
- From restaurants that use FlowDine and add staff, menus, branches, tables, or operational information.
- From restaurant customers who scan QR codes, place orders, make payments, or submit feedback.
- From payment processors and service providers who help us confirm payments or provide technical services.
- Automatically through cookies, analytics tools, logs, and security monitoring systems.
- From public or business sources where necessary for business verification, fraud prevention, or legal compliance.
Why We Use Your Personal Data
We may use personal data for the following purposes:
- To create and manage user accounts.
- To onboard restaurants onto FlowDine.
- To allow restaurants to create menus, tables, staff accounts, branches, and order workflows.
- To allow customers to place and track orders.
- To process or confirm payments.
- To generate restaurant operational reports.
- To provide customer support.
- To send service updates, alerts, invoices, and important notices.
- To improve FlowDine's functionality, performance, and user experience.
- To prevent fraud, abuse, unauthorised access, and platform misuse.
- To secure our systems and protect user accounts.
- To resolve disputes, complaints, chargebacks, and technical issues.
- To comply with tax, accounting, legal, regulatory, and audit requirements.
- To enforce our Terms and Conditions and other agreements.
- To communicate with restaurants, users, vendors, and partners.
- To conduct internal business analysis and planning.
Lawful Basis for Processing Personal Data
We only process personal data where we have a lawful basis to do so. Depending on the situation, our lawful basis may include:
Consent
We may rely on your consent for optional activities, such as marketing communication, optional cookies, or certain promotional updates.
Contract
We may process personal data where it is necessary to provide FlowDine services, manage subscriptions, process orders, support users, or perform obligations under an agreement.
Legal Obligation
We may process personal data where required by law, regulation, tax rules, accounting requirements, lawful regulatory requests, or court orders.
Legitimate Interest
We may process personal data for legitimate business purposes, such as platform security, fraud prevention, service improvement, analytics, customer support, and business reporting.
Vital Interest
We may process personal data where necessary to protect the life, health, or safety of a person.
Public Interest
We may process personal data where required for a lawful public interest purpose or under lawful authority.
Restaurant Responsibility for Customer Data
Where a restaurant uses FlowDine to collect and manage customer orders, the restaurant may be responsible for how it uses customer data available to it through the platform.
Restaurants must ensure that they:
- Use customer data only for lawful restaurant-related purposes.
- Do not misuse customer order information.
- Do not contact customers unlawfully.
- Protect staff login details.
- Give platform access only to authorised staff.
- Comply with applicable privacy and consumer protection obligations.
Graycrest Technologies Limited provides FlowDine as a technology platform and applies reasonable security safeguards to protect the data processed through the platform.
Marketing Communications
We may send marketing messages, product updates, or promotional information where we have a lawful basis to do so.
You may opt out of marketing communications at any time by following the unsubscribe instructions in the message or contacting us directly.
Even if you opt out of marketing messages, we may still send important service-related messages, such as security alerts, account notices, payment confirmations, subscription notices, or legal updates.
Data Retention
We keep personal data only for as long as necessary for the purpose for which it was collected, unless a longer period is required for legal, accounting, tax, audit, fraud prevention, dispute resolution, or regulatory reasons. For example:
- Account data may be kept while the account is active.
- Restaurant order records may be kept for operational, reporting, accounting, and dispute resolution purposes.
- Payment references may be kept for reconciliation, audit, and legal compliance.
- Support messages may be kept to help resolve complaints and improve service quality.
- Security logs may be kept to protect the platform and investigate suspicious activity.
- Marketing data may be kept until consent is withdrawn or the user opts out.
When personal data is no longer needed, we may delete, anonymise, archive, or securely destroy it.
Data Security
We use reasonable technical and organisational measures to protect personal data from unauthorised access, loss, misuse, disclosure, alteration, or destruction. These measures may include:
- Secure authentication.
- Password protection.
- Role-based access controls.
- Restricted admin access.
- Secure hosting infrastructure.
- Encryption where appropriate.
- Monitoring and logging.
- Database access control.
- Backup and recovery procedures.
- Security reviews.
- Staff confidentiality obligations.
- Incident response procedures.
No digital system is completely risk-free. However, we take data protection and platform security seriously and work to maintain appropriate safeguards.
International Data Transfers
Some of our service providers, cloud systems, or technical infrastructure may be located outside Nigeria.
Where we transfer or process personal data outside Nigeria, we will take reasonable steps to ensure that the data is protected in line with applicable data protection requirements. This may include contractual safeguards, vendor assessments, security controls, or other lawful transfer mechanisms.
Your Data Protection Rights
Subject to applicable law, you may have the right to:
- Request information about how we process your personal data.
- Request access to your personal data.
- Request correction of inaccurate or incomplete personal data.
- Request deletion of your personal data, where applicable.
- Object to certain processing activities.
- Request restriction of processing in certain cases.
- Withdraw consent where processing is based on consent.
- Request data portability where applicable.
- Lodge a complaint with the Nigeria Data Protection Commission.
We may need to verify your identity before responding to your request. Some requests may be limited where we are required to retain data for legal, security, accounting, dispute resolution, or regulatory reasons.
Children's Privacy
FlowDine is not designed specifically for children. Our services are mainly intended for restaurants, restaurant staff, restaurant owners, and restaurant customers.
Where we become aware that we have collected personal data from a child without appropriate legal basis or required consent, we will take reasonable steps to delete or restrict the data, unless retention is required by law or for safety, fraud prevention, or dispute resolution.
Data Breach Notification
If a personal data breach occurs, we will take reasonable steps to investigate, contain, and address the incident.
Where required by law, we may notify affected users, restaurants, regulators, or the Nigeria Data Protection Commission.
Users and restaurants should contact us immediately if they suspect unauthorised access, account compromise, or misuse of personal data.
Third-Party Links
Our website, FlowDine, or related services may contain links to third-party websites, payment pages, tools, or services.
We are not responsible for the privacy practices, content, or security of third-party websites or platforms. You should review the privacy policies of those third parties before providing personal data to them.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, business operations, or privacy practices.
Where we make significant changes, we may notify users through our website, email, dashboard notice, or other appropriate means.
The updated Privacy Policy will take effect from the date stated at the top of the document.
User Acknowledgement
By using FlowDine, our website, dashboards, applications, or other Graycrest Technologies Limited services, you acknowledge that you have read and understood this Privacy Policy.
Where consent is required, your continued use of the relevant service may indicate your consent to the processing described in this Privacy Policy, subject to your right to withdraw consent where applicable.
Contact Us
For questions, complaints, or requests relating to this Privacy Policy or how we process personal data, contact:
You may also contact or lodge a complaint with the Nigeria Data Protection Commission if you believe your data protection rights have been violated.