Privacy Policy

Last updated: May 14, 2026

This Privacy Policy explains how Thailand QR Order ("ThaiQROrder", "we", "our") collects and uses information when you use our QR code ordering service at https://www.thaiqrorder.com/en, the business dashboard at business.thaiqrorder.com, and the customer menu pages reached by scanning a restaurant's QR code.

1. Who we are

ThaiQROrder is a software-as-a-service platform that lets Thai restaurants and small businesses accept orders through QR codes. Customers scan a QR code on a table to view a menu and place an order directly with the restaurant. We do not operate the restaurants themselves; we provide the software.

2. Information we collect

2.1 Business owners

When a restaurant owner signs up for the business dashboard, we collect:

  • Phone number (used as the primary identifier and for OTP login)
  • Store name, slug, category, region, and contact details
  • Menu items, categories, prices, and optional images uploaded by the owner
  • Business hours, delivery / pickup settings, and PromptPay QR image
  • Login activity and IP address for security purposes

2.2 Customers placing orders

When a customer places an order by scanning a QR code, we collect:

  • Phone number (so the restaurant can contact the customer if needed)
  • Table number (for dine-in orders), or approximate location (only for delivery orders, with explicit consent)
  • Order contents, total, and any notes provided by the customer
  • Language preference (stored locally in the browser)

2.3 Website visitors

When you visit our marketing pages, we collect standard server logs (IP address, browser user agent, referrer, requested URLs) for security and reliability. We use Cloudflare as a CDN / WAF, which may process request metadata on our behalf.

2.4 Contact form

If you submit an inquiry through our contact page, we collect the name, email, optional phone, subject, and message you provide, together with your IP address and a Cloudflare Turnstile anti-bot token.

3. How we use information

  • To deliver the QR ordering service and route orders to the correct restaurant
  • To authenticate business owners via one-time codes sent by SMS
  • To send transactional notifications (order confirmations, webhook events, admin alerts)
  • To provide analytics, billing, and support
  • To prevent abuse, spam, and security incidents

4. Payments

Customer payments for food orders are handled directly between the customer and the restaurant (typically via PromptPay, cash on delivery, or in-store payment). ThaiQROrder does not process, store, or have access to your bank details, card numbers, or PromptPay transactions. Monthly subscription fees paid by business owners to ThaiQROrder are billed separately.

5. Sharing

We do not sell personal data. We share information only with:

  • The restaurant whose QR code a customer scanned (order details)
  • Infrastructure providers we use to run the service (hosting, database, CDN, email, SMS, file storage)
  • Law enforcement or regulators when required by law

6. Cookies and local storage

We use minimal cookies, primarily for session management on the business dashboard and admin. The customer menu uses localStorage to remember language preference and cart contents between page loads on the same device. No third-party advertising cookies are set.

7. Data retention

Business owner accounts and their menu data are retained while the account is active. Order records are retained for at least one year for accounting and dispute resolution. When a store is deleted, associated assets (QR codes, menu images, store images) are removed from our storage. Contact form submissions are retained for up to 12 months.

8. Security

Traffic is served over HTTPS. Passwords and session tokens are hashed or encrypted. Database access is restricted to authorised personnel. We apply security updates regularly and review our infrastructure for vulnerabilities. However, no system is perfectly secure, and we cannot guarantee absolute security.

9. Your choices

You may:

  • Request a copy of the personal data we hold about you
  • Ask us to correct or delete your personal data
  • Withdraw consent to non-essential processing at any time

Requests can be submitted through our contact page.

10. Children

ThaiQROrder is intended for businesses and adult customers. We do not knowingly collect personal information from children under 13. If you believe a child has submitted information to us, please contact us and we will remove it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top of the page indicates when the policy was last changed. Continued use of the service after changes constitutes acceptance.

12. Contact

Questions about this Privacy Policy can be submitted through our contact page.