Privacy Policy
Last Updated: April 8, 2025
1. Introduction
The Restaurant Index, Inc.(“The Restaurant Index,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy describes the types of personal information we collect, how we use and protect it, and the choices and rights available to you.
This Privacy Policy applies to the The Restaurant Index platform, our website at https://www.therestaurantindex.com, and all related subdomains, mobile applications, APIs, and services (collectively, the “Services”). By using the Services, you agree to the collection, storage, use, and disclosure of your personal information as described in this Privacy Policy.
This Privacy Policy does not apply to information that is lawfully made available to the general public from government records, or to third-party websites or services that we link to but do not control. We recommend reviewing the privacy practices of any third-party platform before sharing your information with them.
2. Information We Collect
We collect several categories of personal information depending on how you use the Services.
Your name, email address, phone number, job title, and company name collected when you create an account or contact us. We use this to manage your account, communicate with you, and provide support.
Your username and password (stored in hashed form). Used to secure your account and prevent unauthorized access.
Billing name, billing address, and payment card details (processed by our payment processor — we do not store full card numbers). Used to process your Subscription and comply with financial record-keeping obligations.
Business name, location, cuisine type, and operational metrics you provide during onboarding or import via integrations — including sales figures, average ticket size, order volumes, menu items, labor hours, and other performance data. Used to generate your dashboard and competitive benchmarks.
Data synced from third-party platforms you connect to the Services, such as point-of-sale systems (e.g., Square, Toast), delivery platforms (e.g., DoorDash, Uber Eats, Grubhub), and reservation systems (e.g., OpenTable, Resy). The scope of data received depends on the permissions you grant when connecting each integration. Used to populate your dashboard and generate benchmarks.
Pages visited, features used, search queries, clicks, session duration, and interactions within the platform. Collected via cookies and similar tracking technologies. Used to improve the Services, personalize your experience, and conduct analytics.
IP address, browser type and version, operating system, device identifiers, language settings, and referring URLs. Used to ensure secure, optimized delivery of the Services and to diagnose technical issues.
Messages you send us via support tickets, email, in-app chat, or other channels. Used to respond to your inquiries and improve customer support.
Profiles and preferences inferred from your usage of the Services, such as the metrics you monitor most frequently or the features you engage with most. Used to personalize your experience and improve the platform.
3. How We Collect Your Information
Directly from you, when you:
- Create an account or complete onboarding;
- Fill out forms, submit support requests, or contact us by email or phone;
- Connect integrations and grant permissions to third-party platforms;
- Participate in surveys, product research, or promotional offers.
Automatically through your use of the Services, including:
- Cookies and similar tracking technologies that record usage and interaction data;
- Server logs that capture device, browser, and IP information;
- Scheduled data syncs from connected integrations (e.g., daily POS syncs).
For more information about cookies, see the Your Choices and Rights section below.
From third parties, including:
- Point-of-sale and integration platforms you authorize to share data with us;
- Analytics and infrastructure vendors who process data on our behalf;
- Publicly available sources, such as business directories or health inspection databases, used to supplement benchmarking data.
When we receive information about you from third parties and combine it with information we already hold, this Privacy Policy governs the combined dataset.
4. How We Use Your Information
We use the personal information we collect for the following purposes:
Provision of the Services. To create and manage your account, operate the platform, generate benchmarks and dashboards, process payments, sync integrations, and respond to your requests.
Security and Fraud Prevention. To authenticate users, maintain secure sessions, detect and prevent unauthorized or fraudulent activity, and protect the integrity of the Services and your data.
Communication and Customer Support. To send transactional notifications (e.g., integration sync confirmations, billing receipts), respond to support inquiries, and communicate about changes to the Services or these policies. With your consent, we may also send promotional and marketing communications, which you may opt out of at any time.
Service Improvement and Development. To analyze usage patterns, conduct product research, test new features, and improve the functionality, performance, and design of the Services. We may use automated tools and machine learning to support these efforts, as described further in Section 9.
Benchmarking and Aggregated Research. To produce anonymized, aggregated industry benchmarks across the restaurant operators on our platform. Individual restaurant data is never disclosed in identifiable form in benchmarking outputs. De-identified, aggregated data may be retained and used indefinitely.
Compliance with Legal Obligations. To comply with applicable laws and regulations, respond to lawful requests from authorities, enforce our Terms of Use, and protect our legal rights.
Vendor and Partner Relationship Management. To manage our relationships with service providers and technology partners who help us operate the Services.
5. How We Share Your Information
We do not sell your personal information. We share personal information only in the limited circumstances described below.
Service Providers and Vendors. We share personal information with vendors who perform services on our behalf, such as cloud hosting, payment processing, analytics, customer support, and email delivery. These vendors are contractually required to use personal information only as necessary to perform services for us and to protect it appropriately.
Integration Partners. When you connect a third-party integration, data is exchanged between the Services and that platform pursuant to the permissions you grant. Each third-party platform's use of your data is governed by its own privacy policy.
Analytics and Advertising Partners. We share device and usage data (such as IP address, browser information, and activity data) with analytics providers to understand how the Services are used and improve them. We may use this data for interest-based advertising on third-party platforms, and certain data exchanges with advertising partners may constitute a “sale” or “sharing” of personal information under applicable US state privacy laws. You may opt out as described in Section 8.
Legal, Regulatory, and Safety Disclosures. We will disclose personal information to law enforcement, regulatory authorities, or courts when required by law, when necessary to protect our legal rights or the rights of others, or to prevent fraud, abuse, or illegal activity.
Corporate Transactions. In the event of a merger, acquisition, financing, restructuring, or sale of all or substantially all of our assets, personal information may be transferred to the relevant parties as part of that transaction.
Professional Advisors. We may share personal information with our auditors, attorneys, accountants, and other professional advisors who support our legal, financial, and operational obligations, subject to confidentiality requirements.
With Your Consent or at Your Direction. We will share your information when you direct us to, such as when you use a feature that sends information to a third party on your behalf.
6. Data Security
We implement industry-standard administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encrypted data transmission (TLS), encrypted storage, access controls, and regular security reviews.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your personal information, we cannot guarantee its absolute security.
You are responsible for keeping your account password confidential and for notifying us immediately at privacy@therestaurantindex.com if you suspect any unauthorized access to your account.
7. Data Retention
We retain your personal information for as long as your account is active, for as long as necessary to provide the Services you have requested, and for a reasonable period thereafter to fulfill the purposes described in this Privacy Policy. We also retain personal information as required by our legal obligations, to resolve disputes, and to enforce our agreements.
When you close your account, we will delete or anonymize your personal information within a commercially reasonable time, except where retention is required by law or where we have a legitimate interest in retaining the information (for example, to defend against legal claims).
Aggregated, de-identified benchmark data derived from your operational data — which cannot reasonably be used to identify you or your restaurant — may be retained and used indefinitely for research and product improvement.
8. Your Choices and Rights
Subject to applicable law, you may have the following rights with respect to your personal information. To exercise any of these rights, please contact us at privacy@therestaurantindex.com. We will not discriminate against you for exercising any privacy right.
Access. You may request a copy of the personal information we hold about you.
Correction. If any personal information we hold is inaccurate or incomplete, you may update it directly through your account settings or by contacting us.
Deletion. You may request that we delete some or all of your personal information. Note that we may be required to retain certain information to comply with legal obligations or resolve disputes.
Portability. Where required by law, you may request a copy of your personal information in a structured, commonly used, machine-readable format.
Objection or Restriction. You may object to or request that we restrict our processing of your personal information in certain circumstances, such as where we are relying on a legitimate interest as our legal basis.
Marketing Opt-Out. You may opt out of marketing and promotional communications at any time by clicking “unsubscribe” in any email we send or by contacting us. You will continue to receive transactional and service-related messages.
Opt-Out of Sale / Targeted Advertising. To the extent our sharing of device and usage data with advertising partners constitutes a “sale” or “sharing” under applicable US state privacy laws, you may opt out by contacting us at privacy@therestaurantindex.com. We honor Global Privacy Control (GPC) browser signals as a valid opt-out request.
Cookies. Most browsers allow you to control cookie settings. You can typically refuse cookies or delete existing cookies through your browser settings, though doing so may affect the functionality of the Services.
Revocation of Consent. Where we rely on your consent to process personal information, you may withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal, and may mean we can no longer provide certain features of the Services.
Appeals. If we deny a privacy rights request and you reside in a US state that provides a right to appeal (including Virginia, Colorado, Connecticut, Oregon, and Texas), you may appeal our decision by replying to our initial determination. We will respond within the time period required by applicable law.
To submit a request, email us at privacy@therestaurantindex.com. We may ask you to verify your identity before fulfilling a request. We will respond within the timeframe required by applicable law and will inform you if we are unable to fulfill your request and why.
California Residents. In addition to the rights above, California residents may request information about our disclosure of personal information to third parties for their own direct marketing purposes (“Shine the Light” requests). To make such a request, contact us at privacy@therestaurantindex.com. Although we do not have actual knowledge that we sell or share the personal information of consumers under the age of 16, our Services are not directed to children under 16 and we do not knowingly collect their information.
9. Other Important Information
Changes to This Privacy Policy. We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. We will post the revised policy on this page with an updated “Last Updated” date. If we make material changes, we will notify you by email or through the Services. Your continued use of the Services after the effective date of any change constitutes your acceptance of the updated Privacy Policy.
Children. The Services are not directed to children under the age of 16, and we do not knowingly collect personal information from children under 16. If we learn that we have inadvertently collected such information, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@therestaurantindex.com.
Conflict with Terms of Use. Where there is a conflict between this Privacy Policy and our Terms of Use with respect to the processing of personal information, this Privacy Policy will prevail.
International Users. The Services are operated in the United States. If you access the Services from outside the United States, your personal information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Services, you acknowledge and consent to this transfer. We process personal information in accordance with this Privacy Policy regardless of where you are located.
Automated Decision-Making. We may use automated systems, including machine learning, to support features such as benchmark generation, anomaly detection in your operational data, and personalized recommendations. These systems analyze usage patterns and performance data to improve the relevance of insights we surface to you. We do not use fully automated decision-making to take actions with legal or similarly significant effects on you without human involvement. If you have questions about how automated tools affect your use of the Services, contact us at privacy@therestaurantindex.com.
Accessibility. This Privacy Policy is intended to be accessible to all users. If you need this document in an alternative format or require additional assistance, please contact us.
10. Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or our privacy practices, please contact us:
Privacy inquiries: privacy@therestaurantindex.com
Legal matters: legal@therestaurantindex.com
https://www.therestaurantindex.com
We will respond to privacy requests within 45 days of receipt. If we need additional time, we will notify you within the initial 45-day period and may extend our response by up to an additional 45 days where permitted by applicable law.