Privacy Policy

OrderBrain Ltd (“OrderBrain,” “we,” “us”) is a company registered in England and Wales. We provide an AI phone agent for restaurants (“Service”) at orderbrain.ai and app.orderbrain.ai.

This Privacy Policy explains how we collect, use, store and share personal data we obtain from visitors to orderbrain.ai, from restaurants who sign a pilot or subscription agreement with us (“Customer”), and from individuals who interact with our Service through a Customer (for example, by phoning a UK restaurant whose calls are answered by OrderBrain).

We are registered with the UK Information Commissioner's Office (ICO). Our registration number will be confirmed on this page once issued.

OrderBrain plays two different roles depending on who you are:

• Controller — for the personal data of Customer staff (the people at a restaurant who sign up for and operate OrderBrain), and for visitors to our marketing site.
• Processor — for the personal data of callerswho phone a restaurant using OrderBrain. The restaurant is the Controller of that caller data; OrderBrain processes it on the restaurant's instructions under a Data Processing Agreement (see /legal/dpa).

This Privacy Policy describes the personal data we handle in both roles, and is clear about which is which.

From Customer staff

• Name, work email, work phone, role
• Account credentials (password is hashed; we never see the plaintext)
• Operator dashboard activity logs (logins, actions taken, IP address, user agent)
• Billing information (limited to what Stripe surfaces to us — last four digits of card, billing address)

From phone callers (where OrderBrain is the Processor)

• Caller phone number (from Twilio Caller-ID)
• Audio recording of the call
• Transcript of the call (Whisper / Azure Speech)
• Order or reservation details the caller volunteers (name, party size, items, address)
• Allergen questions asked and answered
• Sentiment label (positive / neutral / negative / frustrated) inferred from transcript

From orderbrain.ai marketing-site visitors

• Signup wizard submissions (restaurant name, contact name, email, phone, sector, plan choice)
• Standard server logs (IP, user agent, page viewed, timestamp) retained 30 days

• Performance of a contract— for operating the Service for a paying Customer, including processing caller data per the Customer's instructions.
• Legitimate interests — for marketing-site analytics, security monitoring, dunning, and fraud prevention. We balance these against the rights of data subjects and offer opt-out where applicable.
• Legal obligation — for HMRC record-keeping (subscription invoices), ICO compliance, and law-enforcement requests where required.
• Consent— for marketing emails to non-Customer visitors. Caller consent for call recording is handled separately via the verbal consent phrase played at the start of every recorded call (see “Call recording” below).

Where the Customer has enabled call recording, the Service plays a verbal consent phrase (“This call may be recorded for order accuracy and quality assurance” — configurable per Customer) before the recording begins. The phrase is logged with the call so consent can be evidenced if challenged.

For UK callers, recording for the purpose of accurate order capture and Natasha's Law allergen-audit compliance falls under the legitimate-interest lawful basis. We recommend Customers also display a notice at point of phone capture (a sticker on the phone, or copy on their website) so callers are informed of the recording before they call.

All production data (Postgres, blob storage, Key Vault, Container Apps) lives in Microsoft Azure UK South. We do not transfer personal data outside the UK except where a subprocessor we use is established elsewhere — see “Subprocessors” below. All international transfers are protected by the UK-approved Standard Contractual Clauses and an International Data Transfer Addendum (IDTA) where the receiving country does not have a UK adequacy decision.

We use the following subprocessors. Each operates under a written data-processing agreement with us that mirrors the terms we offer Customers in our DPA.

• Microsoft Azure (cloud hosting) — UK South. Microsoft is the controller of the underlying infrastructure; we are the controller of the data we place on it.
• Twilio Inc. (phone routing + recording) — US/EU/UK regions depending on call origin. UK SCC + IDTA in place.
• Stripe Payments UK Ltd (subscription billing) — UK.
• Twilio SendGrid (transactional email) — US. UK SCC + IDTA.
• Microsoft Azure OpenAI Service(language model for transcription, allergen Q&A, menu extraction) — UK South / West Europe. We do not opt into Microsoft's human-review pathway; prompts and completions are not used to train Microsoft's foundation models.

The current list is maintained at /legal/dpa § Subprocessors. We will notify Customers at least 30 days before adding a new subprocessor.

• Call audio and transcripts: 90 days by default; Customer may configure shorter
• Order and reservation records: 7 years (UK tax retention)
• Allergen Q&A audit log: 7 years (Natasha's Law evidence)
• Marketing-site server logs: 30 days
• Closed Customer accounts: 30 days, then irreversibly deleted (except where law requires longer)

Under UK GDPR you have the right to access, rectify, erase, restrict, port, or object to our processing of your personal data, and to lodge a complaint with the ICO.

For caller data (where we are a Processor), send your request to the Customer (restaurant) whose number you called — they are the Controller. We will assist them in responding.

For Customer staff and marketing-site data (where we are the Controller), email privacy@orderbrain.ai. We respond within 30 days.

We follow the security baseline described in our DPA (Annex 2). Highlights:

• Transport encryption (TLS 1.2+) on every endpoint
• Encryption at rest for Postgres, blob storage, and Key Vault
• HMAC-SHA256 signing on every cross-product webhook (Savorq MOS integration)
• Role-based access for super-admin functions, with an append-only audit log
• UK GDPR data residency in Azure UK South

orderbrain.ai uses only strictly-necessary cookies (the session cookie for the super-admin console and the merchant dashboard). We do not use third-party analytics or advertising cookies on the marketing site or the merchant dashboard.

We will update this page when we change how we process personal data. The last-updated date at the top is authoritative. Material changes will be notified to Customer staff by email and announced in the merchant dashboard.