Privacy Policy

This Privacy Policy describes how JyotixEdge Pvt. Ltd. ("PRISMO", "we", "us", or "our") collects, uses, stores, and shares information when you use our restaurant operations platform available at prismosuite.com and related applications (collectively, the "Service"). By using the Service, you agree to this Policy. If you do not agree, please do not use the Service.

01Who we are

PRISMO is an operations platform for restaurants that provides inventory management, vendor procurement, demand forecasting, and marketing automation services. The Service is operated by JyotixEdge Pvt. Ltd., with its registered office in Ahmedabad, Gujarat, India.

02Information we collect

2.1 Information you provide to us

When you register for and use the Service, we collect information you choose to give us, including:

• Business information: restaurant name, business type, address, GST number, PAN, FSSAI license, and trade license.
• Account information: full name, email address, phone number, password, and user role.
• Operational data: vendor records, invoices, purchase orders, menu and recipe data, inventory records, and sales data you upload or generate through the Service.
• Uploaded content: invoice images and PDFs, menu photos, and other files you upload for OCR or marketing purposes.
• Payment information: billing address and payment method details (processed through a PCI-DSS compliant third-party payment processor. We do not store full card numbers).

2.2 Information collected automatically

• Device and usage data: IP address, browser type, device identifiers, operating system, pages viewed, features used, and timestamps.
• Cookies and similar technologies: used to keep you signed in, remember preferences, and measure Service performance.
• Log data: error logs and diagnostic information to maintain Service reliability.

2.3 Information from third parties

If you connect third-party services (for example, WhatsApp Business, Meta platforms, POS systems, or payment processors), we receive information from those services as permitted by their own privacy policies and the permissions you grant.

03How we use your information

We use the information we collect to:

• Provide, operate, and maintain the Service.
• Process invoices via OCR, generate forecasts, and produce marketing content on your behalf.
• Send transactional messages (account notices, alerts, approvals, and receipts).
• Provide customer support and respond to your requests.
• Improve the Service, including training our machine learning models on aggregated and de-identified data.
• Detect, prevent, and respond to fraud, abuse, and security incidents.
• Comply with legal obligations, including tax, audit, and regulatory requirements in India.

We do not sell your personal information to third parties, and we do not use your business operational data to advertise to you.

04WhatsApp and Meta platform data

PRISMO integrates with Meta platforms to help restaurants communicate with customers and publish marketing content. When you connect a Meta product to PRISMO, we request only the minimum permissions required to operate the features you enable.

4.1 WhatsApp Business API

If you connect your WhatsApp Business account, we access:

• Message content: inbound and outbound messages you send or receive through PRISMO, including text, media, templates, and interactive messages.
• Customer contact data: phone numbers and display names of customers who message you.
• Message status: delivery receipts, read receipts, and message timestamps.
• Template and phone number metadata: your approved message templates, display name, and phone number quality rating.

We use this data solely to send and receive messages on your behalf, route incoming messages to your team within PRISMO, deliver automated alerts and order updates you configure, and show you reporting and analytics for your own messaging. We do not use WhatsApp message content to train machine learning models, and we do not share message content with any third party except sub-processors strictly necessary to provide the Service.

4.2 Facebook and Instagram Graph API

If you connect your Facebook Page or Instagram Business account, we may access:

• Page and account information: page name, ID, profile picture, category, and admin permissions you grant.
• Content publishing: the ability to publish posts, stories, and reels that you explicitly create and approve within PRISMO.
• Content and engagement data: posts, comments, captions, reactions, reach, and engagement metrics for content published through PRISMO or on connected accounts.
• Media assets: images and videos you upload or that PRISMO generates on your instruction.

We use this data solely to schedule and publish content you approve, show you engagement analytics within PRISMO, and route relevant comments or messages to your team. We do not publish on your accounts without an explicit instruction from an authorised user.

4.3 Meta Business Login and Facebook Login

If you sign in to PRISMO using Meta Business Login or Facebook Login, we receive basic profile information (name, email address, profile picture, and a user ID) to identify your account. We do not post to your personal timeline and we do not access your friends list.

4.4 Limited Use and your control

Our use of information received from Meta APIs complies with the Meta Platform Terms, Developer Policies, and the WhatsApp Business Terms, including all Limited Use requirements. We do not sell, license, transfer, or otherwise share data obtained from Meta APIs with data brokers, advertising networks, or any party for advertising or marketing purposes unrelated to your own use of the Service.

You can disconnect any Meta integration at any time from within PRISMO settings, from your Meta Business Suite, or by contacting privacy@prismosuite.com. On disconnection, we will stop accessing the relevant APIs immediately and will delete associated tokens and cached data within 30 days, except where retention is required by law.

05How we share information

We share information only as described below:

• Service providers: cloud hosting (AWS), email delivery, payment processing, OCR and AI model providers, analytics, and customer support tools. These providers are bound by contractual confidentiality and data protection obligations.
• Within your organisation: with other users of your tenant account, according to the role-based access controls you configure.
• Legal compliance: when required by law, court order, or to protect the rights, property, or safety of PRISMO, our users, or the public.
• Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy continuing to apply.

Our AI processing partners may include Anthropic, Google Cloud, OpenAI, ElevenLabs, Sarvam AI, and fal.ai, used strictly for document OCR, content generation, and quality evaluation on your instruction. Data Processing Agreements are in place with every such provider before production use. These providers do not train their public models on your data.

06Data storage and security

Your data is stored on Amazon Web Services (AWS) infrastructure in the Asia Pacific (Mumbai) region (ap-south-1). We apply industry-standard safeguards including:

• Encryption at rest (AES-256) and TLS 1.2+ in transit.
• Multi-tenant data isolation enforced by PostgreSQL row-level security. Each restaurant's data is logically separated at the database layer.
• Role-based access controls (RBAC) and the principle of least privilege for our personnel.
• Only PII-scrubbed prompts leave the India region for AI processing. Every cross-border AI call is logged for audit in compliance with India's Digital Personal Data Protection Act (DPDP).
• Continuous logging, monitoring, and alerting for security incidents.
• Regular backups and tested disaster recovery procedures.

No system is perfectly secure. If we become aware of a data breach that affects your personal information, we will notify you and the applicable authorities as required by law.

07Data retention

We retain your personal information for as long as your account is active and for a reasonable period thereafter to comply with legal, accounting, and tax obligations. Typical retention periods:

• Account data: for the life of the account plus 12 months.
• Financial records (invoices, GST data): 8 years, as required under Indian tax law.
• Backup copies: up to 90 days beyond active deletion.
• Logs and diagnostic data: up to 12 months.

You may request deletion of your account and personal data at any time (see Section 8).

08Your rights

Depending on your jurisdiction, you may have the following rights:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate or incomplete information.
• Deletion: request that we delete your personal information, subject to legal retention requirements.
• Portability: request an export of your data in a machine-readable format.
• Withdrawal of consent: where processing is based on consent, you can withdraw it at any time.
• Objection: object to certain processing activities.

To exercise any of these rights, email privacy@prismosuite.com. We will respond within 30 days.

09Children's privacy

The Service is intended for businesses and is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided information to us, please contact us and we will delete it.

10International transfers

PRISMO is operated from India. If you access the Service from outside India, you understand that your information may be transferred to, stored in, and processed in India and any other country where our service providers operate. We use appropriate contractual safeguards for any such transfers.

11Changes to this policy

We may update this Policy from time to time. If we make material changes, we will notify you by email or through an in-Service notice at least 14 days before the changes take effect. The "Last updated" date at the top of this page reflects the most recent version.

12Contact us