Privacy Policy

Last updated: 22 March 2026

1. Introduction

DINEIN Rwanda ("we", "our", "us") operates the DINEIN mobile application and website (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our Service.

By accessing or using DINEIN, you agree to this Privacy Policy. If you do not agree, please do not use our Service.

2. Information We Collect

2.1 Information You Provide

  • Account and Contact Information: When you contact us or access venue or admin tools, we may collect your name, email address, and phone number.
  • Authentication Information: Venue and admin phone numbers are used for WhatsApp OTP login, account verification, and access recovery.
  • Order Information: Details of your dine-in orders, including items selected, venue, table number, and order preferences.
  • Venue Owner Information: If you register as a venue owner, we collect your business name, contact details, venue profile data, and menu data.
  • Venue Uploads: Venue users may upload menu photos, PDF documents, and related files, or capture menu images during onboarding for storage and menu extraction/OCR.
  • Communications: When you contact us, we retain the content of your messages.

2.2 Information Collected Automatically

  • Device Information: Device type, operating system, app version, network state, and device or other identifiers used for service operation and diagnostics, including notification delivery tokens for venue operational alerts.
  • Usage and Diagnostic Data: Pages visited, features used, time spent, tap interactions, crash logs, and diagnostics, including data collected by Firebase Crashlytics in release builds.
  • Cookies & Similar Technologies: We use essential cookies for session management. We do not use advertising or tracking cookies.

2.3 Permissions and Sensitive Features

  • Location: DINEIN requests location only to help guests connect to venue Wi-Fi on the device. We do not use this permission for advertising or venue discovery, and we do not transmit precise device location off the device for this feature.
  • Camera and File Access: Venue users may choose to capture menu photos with the device camera or upload photos and PDFs for onboarding and OCR/menu setup.
  • Notifications: Venue staff devices may request notification permission so DINEIN can deliver operational alerts such as new-order and table-service notifications.
  • We do not process or store payment card details. All payments are handled outside the app (cash or MoMo USSD).

3. How We Use Your Information

We use your information to:

  • Provide and maintain the DINEIN Service.
  • Process and fulfil your dine-in orders.
  • Authenticate venue and admin access through WhatsApp OTP.
  • Store and process venue-uploaded menu files for onboarding and OCR/menu extraction.
  • Send venue operational alerts such as new-order and table-service push notifications.
  • Communicate with you about your orders, account, and support requests.
  • Improve our Service through aggregated analytics, crash reporting, and diagnostics.
  • Ensure security and prevent fraud.
  • Comply with legal obligations.

4. Data Sharing

We do not sell your personal data. We may share information with:

  • Venue Partners: Your order details are shared with the restaurant where you place a dine-in order, so they can prepare and serve your food.
  • Service Providers: Trusted providers that help us operate our Service, including hosting and storage providers, WhatsApp/Meta for OTP delivery, and Firebase services for crash reporting, diagnostics, and operational push notification delivery. These providers are contractually bound to protect your data.
  • Legal Requirements: When required by law, court order, or to protect our rights and safety.

5. Data Retention

We retain your personal data only for as long as necessary to provide our Service and fulfil the purposes described in this policy. Order history is retained for 12 months. You may request deletion of your account and associated data at any time.

6. Your Rights

Under applicable Rwandan data protection law, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Erase your personal data.
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time, where processing is based on consent.

To exercise these rights, contact us at privacy@ikanisa.com.

7. Data Security

We implement industry-standard security measures, including encryption in transit (TLS), secure database access controls, and regular security audits. However, no system is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

DINEIN is not directed at children under the age of 13. We do not knowingly collect personal data from children. If you believe we have collected information from a child, please contact us immediately.

9. International Transfers

Your data may be processed on servers located outside Rwanda. Any transfers are protected by appropriate safeguards in compliance with applicable data protection regulations.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your personal data, please contact:

DINEIN Rwanda
Email: privacy@ikanisa.com
Website: dineinrw.ikanisa.com