Privacy Policy

Effective Date: March 11, 2026 · Last Updated: March 11, 2026
This Privacy Policy describes how Turnkey Web Tools, Inc. ("RRDine," "we," "us," or "our") collects, uses, and shares information when you use the RRDine platform at rrdine.com and associated subdomains. By using RRDine, you agree to the practices described here.

Who We Are
Data We Collect
How We Use Your Data
How We Share Your Data
Restaurant Customer Data
Stripe & Payment Data
Cookies & Tracking
Data Retention
Security
Your Rights
California Privacy Rights (CCPA)
Children's Privacy
Changes to This Policy
Contact Us

1. Who We Are

RRDine is operated by Turnkey Web Tools, Inc., a California corporation. We provide a commission-free online ordering platform for independent restaurants.

For the purposes of data protection law, Turnkey Web Tools, Inc. is the data controller for information collected from restaurant owners and staff. Individual restaurants are the data controllers for information collected from their customers through their ordering pages.

2. Data We Collect

We collect different types of data depending on how you interact with RRDine.

A. Restaurant Owners & Staff

Data	How We Collect It	Purpose
Name & email address	Account registration	Account access, billing communication
Password (hashed)	Account registration	Authentication
Restaurant name, address, phone	Onboarding form	Platform setup, customer display
Business hours, cuisine type	Settings	Menu availability, search
Logo & cover images	Media uploads	Customer-facing ordering page
Stripe account ID	Stripe Connect onboarding	Payment routing
Subscription & billing status	Stripe Cashier	Access control, billing
IP address & browser info	Automatically on login	Security, fraud prevention

B. Restaurant Customers (Ordering Page Visitors)

Data	How We Collect It	Purpose
Name	Checkout form	Order identification
Phone number	Checkout form	Order status SMS notifications
Email address (optional)	Checkout form	Order confirmation, review request
Order contents & special instructions	Order submission	Fulfillment
Table number (dine-in)	QR code scan	Order routing
Payment method (tokenized)	Stripe.js	Payment processing (card data never touches our servers)
Star rating & review text (optional)	Post-order review page	Restaurant analytics

C. Marketing Website Visitors

If you visit rrdine.com without registering, we collect standard server log data (IP address, browser type, pages visited, referring URL) for security and analytics purposes. We do not use third-party analytics trackers.

3. How We Use Your Data

We use the data we collect to:

Operate the platform — provide the ordering page, dashboard, and all core features
Process payments — route orders to the correct Stripe account and collect platform fees
Send transactional communications — order confirmations, status updates, billing receipts, staff invitations, review requests
Provide customer support — investigate and resolve support requests
Ensure security — detect and prevent fraud, abuse, and unauthorized access
Improve the platform — analyze aggregate usage patterns to inform product development
Comply with legal obligations — respond to lawful requests from authorities

We do not sell your personal data. We do not use your data for advertising targeting on third-party platforms.

We share data only with the parties necessary to operate the platform:

Stripe — for payment processing and Stripe Connect. Stripe receives payment method data, order amounts, and restaurant Stripe account identifiers. See Stripe's Privacy Policy.
Twilio — for SMS order notifications. Twilio receives customer phone numbers and message content when SMS is triggered. See Twilio's Privacy Policy.
Mailgun / SMTP provider — for transactional email delivery (order confirmations, review requests). Receives recipient email and message content.
Cloud infrastructure providers — our hosting and storage providers process data on our behalf under data processing agreements.

We do not share your data with advertisers, data brokers, or analytics platforms. We may disclose data if required by law, court order, or to protect the rights, property, or safety of RRDine, our users, or the public.

In the event of a merger, acquisition, or sale of assets, user data may be transferred as part of that transaction. We will provide notice before your data is subject to a different privacy policy.

5. Restaurant Customer Data

When your customers place orders through your RRDine ordering page, they provide data to you (their restaurant) — not to RRDine directly. You are the data controller for your customers' data. RRDine processes that data on your behalf as a data processor.

As a restaurant owner using RRDine, you are responsible for:

Having a lawful basis for processing your customers' personal data
Providing your customers with your own privacy notice if required by applicable law
Responding to customer requests regarding their personal data
Ensuring your use of customer data complies with applicable laws in your jurisdiction

RRDine retains customer order data on your behalf to power your analytics dashboard and order history. This data is stored only for your restaurant and is not shared with other restaurants on the platform.

6. Stripe & Payment Data

RRDine never sees or stores full credit card numbers, CVV codes, or raw payment credentials. All payment data is handled directly by Stripe's secure infrastructure using Stripe.js, which tokenizes card data in the customer's browser before it ever reaches our servers.

What we do store:

Stripe Payment Intent IDs (reference numbers, not payment credentials)
Order totals and transaction amounts
Your restaurant's Stripe Connected Account ID

For questions about how Stripe handles payment data, refer to stripe.com/privacy.

7. Cookies & Tracking

RRDine uses a minimal set of cookies necessary to operate the platform:

Session cookie — keeps you logged in to your dashboard. Required for authentication. Expires when you close your browser or after 120 minutes of inactivity.
CSRF token cookie — protects against cross-site request forgery. Required for security.
Remember-me cookie — optional, set when you check "Remember me" at login. Expires in 30 days.

We do not use advertising cookies, Google Analytics, Facebook Pixel, or any third-party tracking scripts on the RRDine platform or marketing website.

8. Data Retention

Active accounts — data is retained for as long as your account is active
Cancelled accounts — data is retained for 30 days after cancellation, then permanently deleted
Trial accounts (expired, unconverted) — data is retained for 30 days after trial expiration, then deleted
Order data — retained for the life of your account plus 30 days post-cancellation
Billing records — retained for 7 years to comply with financial record-keeping requirements
Server logs — retained for 90 days for security purposes

You may request earlier deletion of your personal data by contacting support@rrdine.com. Note that some data may be retained to comply with legal obligations or resolve disputes.

9. Security

We implement industry-standard security measures to protect your data:

All data transmitted between your browser and our servers is encrypted via TLS (HTTPS)
Passwords are hashed using bcrypt — we cannot see your password
API credentials and OAuth tokens are encrypted at rest
Payment processing is handled entirely by Stripe's PCI-DSS compliant infrastructure
Access to production systems is restricted to authorized personnel

No system is 100% secure. If you discover a security vulnerability, please report it responsibly to support@rrdine.com.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access — request a copy of the personal data we hold about you
Correction — request correction of inaccurate or incomplete data
Deletion — request deletion of your personal data (subject to legal retention requirements)
Portability — request your data in a machine-readable format
Restriction — request that we limit processing of your data in certain circumstances
Objection — object to processing based on legitimate interests

To exercise any of these rights, email support@rrdine.com with the subject line "Privacy Request." We will respond within 30 days.

11. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you additional rights:

Right to Know — you may request disclosure of the categories and specific pieces of personal information we have collected about you in the past 12 months
Right to Delete — you may request deletion of personal information we have collected, subject to certain exceptions
Right to Opt-Out of Sale — we do not sell personal information, so this right is not applicable
Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights

To submit a CCPA request, email support@rrdine.com or call 1-800-673-4898. We may need to verify your identity before fulfilling a request.

12. Children's Privacy

RRDine is not directed at children under the age of 13, and we do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected data from a child under 13, please contact us immediately at support@rrdine.com and we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and/or post a notice on the platform at least 14 days before the changes take effect. The "Last Updated" date at the top of this page reflects the most recent revision. Your continued use of RRDine after the effective date constitutes acceptance of the updated policy.

14. Contact Us

Questions, concerns, or requests about this Privacy Policy:

Email: support@rrdine.com
Mail: Turnkey Web Tools, Inc., Attn: Privacy, 36068 Hidden Springs Rd, Suite C 1022, Wildomar, CA 92595
Phone: 1-800-673-4898