Privacy Policy

Square Software sh.p.k. ("we", "us", or "our") operates the OrderEasy platform, including the marketing website (ordereasy.al), the customer ordering application (app.ordereasy.al), the business dashboard (dashboard.ordereasy.al), the kitchen display system (kds.ordereasy.al), the admin panel (admin.ordereasy.al), and the OrderEasy Waiters mobile application (collectively, the "Platform"). This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our services.

By using the Platform, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Platform.

2.1 Account Information

When your restaurant manager creates a staff account for you, we collect your name, email address, phone number, and assigned role (e.g., waiter, kitchen staff, manager).

2.2 Work Activity Data

We collect data related to your work activities, including:

• Shift clock-in and clock-out times
• Orders created, modified, or completed
• Tables served and payment transactions processed
• Performance metrics (order count, service ratings)

2.3 Device Information

We may collect basic device information such as device type, operating system version, and app version for troubleshooting and compatibility purposes.

2.4 Information We Do NOT Collect

• Precise GPS location
• Personal messages, contacts, or photos
• Payment card numbers (payments are processed by the restaurant's payment terminal)
• Biometric data

We use the collected information to:

• Authenticate your identity and provide access to the App
• Enable order management, table assignment, and shift tracking
• Send real-time notifications about orders, kitchen updates, and waiter calls
• Generate performance reports for restaurant management
• Improve the App and troubleshoot technical issues

We do not use your data for advertising, profiling, or any purpose unrelated to restaurant operations.

Your personal data is shared only with:

• Your restaurant's management — owners and managers of the restaurant where you work can view your work activity, shift data, and performance metrics.
• Infrastructure providers — we use third-party hosting and cloud services to operate the platform. These providers process data on our behalf under strict contractual obligations.

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes.

Your data is stored on servers located in Albania. We implement industry-standard security measures to protect your data, including:

• Encrypted data transmission (HTTPS/TLS)
• Secure authentication with JWT tokens
• Password hashing using bcrypt
• Role-based access controls
• Regular security audits

We retain your account data for as long as your staff account remains active with a restaurant on the OrderEasy platform. When your account is deactivated by the restaurant manager, your personal data is soft-deleted and permanently removed within 90 days, unless retention is required by law.

Aggregated, anonymized work statistics (e.g., order counts) may be retained for analytics purposes after account deletion.

To improve our service and analyze usage, the Platform uses Google Analytics 4, an analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google acts as a data processor on our behalf, under a Data Processing Amendment (DPA) that complies with Article 28 of the GDPR.

7.1 Your Consent

No analytics cookies or tracking scripts are activated without your explicit consent. When you first visit the Platform, a banner appears asking you to accept or decline analytics. Your choice is stored locally in your browser and can be changed at any time.

7.2 Data Collected

If you consent, Google Analytics may collect:

• Your IP address (anonymized — the last octet is removed by Google before storage)
• The URL of the current page and the referring page
• Basic device information (browser type, operating system, screen resolution)
• Session and user identifiers (cookies stored in your browser)
• Events in the Platform (page views, clicks, logins, orders placed)

7.3 Legal Basis

Processing is based on your explicit consent under Article 6(1)(a) of the GDPR and Albanian Law 124/2024. Without consent, nothing is collected and nothing is transmitted to Google.

7.4 Data Retention

Analytics data is retained on Google's servers for a period of 14 months, after which it is automatically anonymized and/or deleted according to Google's policies.

7.5 International Transfers

Google may transfer data to the United States. Such transfers are covered by the EU Standard Contractual Clauses (SCCs) and the EU-U.S. Data Privacy Framework adequacy decision, ensuring a level of protection equivalent to GDPR.

7.6 Withdrawal of Consent

You can withdraw consent at any time through any of the following methods:

• Clear the Platform's cookies from your browser settings — the consent banner will reappear on your next visit
• Install Google's official opt-out add-on to disable Google Analytics: https://tools.google.com/dlpage/gaoptout
• Contact us at info@square.al and we will process your request

7.7 Firebase Analytics (Mobile App)

The OrderEasy Waiters mobile application uses Firebase Analytics (a Google LLC product) to monitor performance and usage. Because the app is used by restaurant staff under their employment contract, the legal basis is the employer's legitimate interest under Article 6(1)(f) of the GDPR. Staff can disable analytics at any time via the app settings.

For more information about how Google uses your data, please read Google's privacy policy at https://policies.google.com/privacy.

You have the right to:

• Access — request a copy of the personal data we hold about you
• Correction — request correction of inaccurate personal data
• Deletion — request deletion of your personal data (subject to legal retention requirements)
• Portability — request your data in a portable format

To exercise any of these rights, contact us at info@square.al. We will respond within 30 days.

The App is intended for use by restaurant staff aged 16 and older. We do not knowingly collect personal data from children under 16. If you believe we have collected data from a child under 16, please contact us immediately.

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page and updating the "Last updated" date. Continued use of the App after changes constitutes acceptance of the updated policy.

If you have questions or concerns about this Privacy Policy, contact us at: