DineSensei.← Back to app

Privacy Policy

Last updated: March 7, 2026

1. Introduction

DineSensei ("we," "us," or "our") provides a web-based restaurant analytics service at dinesensei.com (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect information when you use our Service. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy. Your use of the Service is also governed by our Terms of Service.

2. Information We Collect

We collect and process the minimum information necessary to provide the Service. The categories below describe what we handle:

2.1 Sales Data (CSV Uploads)

  • Your CSV file is parsed entirely within your web browser. The raw file and its individual records are never transmitted to or stored on our servers.
  • Your browser generates an aggregated statistical summary (totals, averages, category breakdowns). This summary, not your raw data, is sent to our AI provider to generate insights when you ask a question.
  • All sales data is held only in your browser's volatile memory (RAM). When you close the tab or navigate away, it is permanently and irrecoverably deleted.
  • We have no ability to access, recover, or reconstruct your sales data at any time.

Your responsibility: You agree not to upload CSV files containing Personally Identifiable Information (PII), Protected Health Information (PHI), or unredacted financial data such as full credit card numbers or Social Security numbers. You are solely responsible for ensuring the data you analyze using the Service has been stripped of sensitive personal data. DineSensei cannot detect or filter PII from uploaded files.

2.2 Review Audit Data

  • When you use the Review Audit feature, we retrieve publicly available Google reviews for the restaurant you specify using third-party APIs.
  • We temporarily cache review audit results on our servers for up to 24 hours solely to improve performance and reduce redundant API calls. This cached data contains only publicly available review content and is automatically purged after expiration.
  • AI-generated sentiment analysis and insights are derived from this publicly available data.

2.3 Automatically Collected Information

  • We do not use cookies, web beacons, pixels, analytics trackers, or any other tracking technology.
  • We do not actively collect or store IP addresses, browser fingerprints, device identifiers, or usage analytics for profiling or tracking purposes. Our hosting provider (Microsoft Azure) may temporarily process IP addresses at the network level strictly for security, routing, and abuse prevention as part of standard infrastructure operations.
  • We do not require or collect personal information such as names, email addresses, phone numbers, or payment information through the Service. If you contact us via our contact form, you voluntarily provide your name, email, and message, which are processed by our form provider (Web3Forms) and forwarded to us.
  • There is no user account, login, or registration system.

3. How We Use Information

The limited information we handle is used solely to:

  • Process your natural-language queries and generate AI-powered analytics responses in real time.
  • Retrieve and analyze publicly available restaurant reviews at your request.
  • Temporarily cache public review data to improve response times.
  • Respond to inquiries submitted through our contact form.

We do not use any information for advertising, marketing, profiling, automated decision-making, or any purpose other than providing the Service.

4. AI Processing & Third-Party Services

We use the following third-party services to operate the Service:

4.1 Azure OpenAI Service (Microsoft)

  • Aggregated statistical summaries and your chat queries are sent to Microsoft's Azure OpenAI Service to generate AI responses.
  • Your data is not used by Microsoft or OpenAI to train, retrain, or improve any AI models. See Microsoft's data privacy commitment.
  • Microsoft may retain prompts and completions for up to 30 days solely for abuse monitoring and safety, after which they are deleted.
  • All data transmitted to Azure OpenAI is encrypted in transit (TLS 1.2+) and at rest (AES-256).

4.2 SerpAPI

  • Used to retrieve publicly available Google Maps reviews. No personal data is sent to SerpAPI. Only restaurant names or Google Maps URLs that you provide.

4.3 Google Places API

  • Used as a fallback for restaurant identification and verification. Only restaurant names or URLs are transmitted. Subject to Google's Privacy Policy.

4.4 Microsoft Azure (Hosting & Storage)

  • Our Service is hosted on Microsoft Azure Container Apps. Cached review data is stored in Azure Blob Storage with a 24-hour time-to-live (TTL) and is automatically deleted after expiration.
  • Azure infrastructure is SOC 2 Type II, ISO 27001, and GDPR compliant.

4.5 Web3Forms (Contact Form)

  • Our contact form is processed by Web3Forms. If you submit the contact form, your name, email, and message are transmitted to Web3Forms and forwarded to us. Web3Forms does not use this data for any other purpose.

5. Data Sharing & Disclosure

  • We do not sell, rent, trade, or otherwise disclose your information to any third party for marketing, advertising, or any commercial purpose.
  • We share information with third-party service providers (listed in Section 4) only as necessary to operate the Service, and solely under the terms described in this policy.
  • We may disclose information if required to do so by law, regulation, legal process, or governmental request, or to protect the rights, property, or safety of DineSensei, our users, or the public.
  • In the event of a merger, acquisition, or sale of assets, any information we hold would be subject to the successor entity's privacy policy. We will provide notice of any such change.

6. Data Retention

  • Sales data: Not retained. Exists only in your browser's memory during your session.
  • Chat conversations: Not retained on our servers. Exist only in your browser session.
  • Review audit results: Cached for up to 24 hours on Azure Blob Storage, then automatically deleted. Contains only publicly available data.
  • AI processing logs: Azure OpenAI may retain prompts/completions for up to 30 days for safety monitoring per Microsoft's policies.
  • Contact form submissions: Retained in our email inbox until manually deleted.

7. Data Security

  • All data transmitted to and from DineSensei is encrypted using HTTPS with TLS 1.2 or higher.
  • Our infrastructure runs on Microsoft Azure, which maintains SOC 2 Type II, ISO 27001, ISO 27018, and GDPR certifications.
  • Since we do not store your sales data or personal information, the risk of a data breach affecting your proprietary business information is minimized.
  • We implement access controls and follow security best practices for all server-side components.

8. Your Rights

Depending on your jurisdiction, you may have the following rights:

For All Users

  • Since we do not collect or store personal data through the Service, there is generally no personal information to access, correct, or delete.
  • Cached review audit results (containing only publicly available data) are automatically purged within 24 hours.
  • If you have submitted a contact form and wish to have your inquiry deleted, please contact us.

For California Residents (CCPA/CPRA)

  • We do not sell or share personal information as defined by the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).
  • We do not collect personal information as defined under CCPA through the Service. No categories of personal information have been collected, sold, or disclosed for a business purpose in the preceding 12 months.
  • You have the right to non-discrimination for exercising your privacy rights.

For EU/EEA/UK Residents (GDPR)

  • To the extent any data processed by the Service constitutes personal data under GDPR, the legal basis for processing is your consent (by choosing to use the Service) and our legitimate interest in providing the Service.
  • You have the right to access, rectify, erase, restrict processing, object to processing, and port your data. Given that we do not store personal data, these rights are inherently satisfied.
  • Data transmitted to Azure OpenAI may be processed in the United States. Microsoft provides Standard Contractual Clauses and complies with EU-U.S. Data Privacy Framework requirements.

Do Not Track

We do not track users across websites. Our Service does not respond to "Do Not Track" browser signals because we do not engage in tracking of any kind.

9. Children's Privacy

Our Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will take steps to remove such information.

10. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised Privacy Policy.

11. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please reach out through our contact page.