Skip to main content

Privacy Policy

Last updated 2 June 2026

RestroLegal is a compliance add-on to Restrofi, operated by Restrofi. This policy explains what we collect, why, and the choices you have.

RestroLegal is a software tool that assists with legal and compliance workflows. It is not a law firm and does not provide legal advice. AI-generated drafts and reviews must be verified by a qualified professional before use.

1. Who we are

RestroLegal is operated by Restrofi (“we”, “us”). You can reach us at [email protected]. Because RestroLegal is an add-on to your Restrofi account, the Restrofi Privacy Policy also applies.

2. Information we collect

  • Account data — your name, email, restaurant details, and plan, drawn from your Restrofi account.
  • Compliance content you provide — FSSAI licences, contracts, GST notices, employee/POSH documents and the context you enter for drafting.
  • Staff data — names, emails, phone numbers and roles synced from your Restrofi account, used to tailor recommendations and to send documents you choose to email.
  • Email settings — if you configure your own SMTP, the credentials are stored encrypted at rest and used only to send the emails you initiate.
  • Usage data — basic logs needed to operate and secure the service.

3. How we use it

  • To provide the service: tracking deadlines, reviewing contracts, triaging notices, drafting documents and sending the emails you request.
  • To generate AI summaries and drafts. Document text you submit is processed by our AI provider (Google Gemini) solely to produce your output; it is not used to train third-party models.
  • To suggest the policies and documents your business is likely required to maintain.
  • To secure, support and improve the product.

4. Sharing

We do not sell your data. We share it only with processors that run the service (hosting, database, email delivery and the AI provider) under appropriate agreements, or where required by law. Emails you send are delivered to the recipients you choose.

5. Data retention & security

We keep your compliance records for as long as your account is active or as needed to provide the service, and delete or anonymise them on request where we are not required to retain them. SMTP passwords are encrypted; access is restricted to your restaurant.

6. Your rights

You can access, correct, export or delete your data by writing to [email protected]. You can disconnect custom SMTP or stop syncing staff at any time in Settings.

7. Changes

We may update this policy; material changes will be notified in-app or by email. Continued use after an update constitutes acceptance.