Dashi POS

Privacy Policy

Last updated: March 4, 2026 | This policy may be updated from time to time. We will notify you of significant changes.

Table of Contents

1. Scope

This Privacy Policy describes how Dashi Technologies Inc. and its subsidiaries and affiliates (collectively "Dashi," "we," "us," and/or "our") collects, uses, discloses, and protects personal information in connection with our Services.

This Policy covers three groups of individuals:

Merchants: Restaurants, cafés, bars, and other food-service establishments that use Dashi's platform to manage reservations, waitlists, orders, payments, marketing, loyalty programmes, and analytics. Merchant use of the Services is also governed by our Merchant Terms of Service.

Merchant Employees: Individuals who access the Services on behalf of a Merchant.

Guests: Individuals who interact with the Services at a Merchant's establishment, through a partner, or directly through Dashi — including individuals who create a Dashi Diner Profile.

2. Key Definitions

"Services" means all products and services developed or administered by Dashi, including our point-of-sale system, reservation and waitlist management, digital ordering, 3D interactive menus, gamified loyalty programmes, payment processing, marketing tools, analytics, mobile applications, and web platforms.

"Guest Data" means personal information relating to a Guest that is processed through or stored in Dashi's systems in connection with a Merchant's use of the Services — including name, phone number, email address, reservation and waitlist details, party size, timestamps, visit history, dietary preferences, notes, and communication preferences.

"Dashi Diner Profile" means a consumer account created by Dashi when a Guest independently opts in to Dashi's consumer services (such as the loyalty network, consumer app, or account features).

3. Our Role: When Dashi Is a Processor and When Dashi Is a Controller

Understanding who controls your personal information matters. Under Canadian privacy law (PIPEDA), the organization that decides why and how personal information is used is considered the "controller" and bears primary accountability.

When a Merchant is the controller and Dashi is the processor:

When you make a reservation, join a waitlist, place an order, or provide your information to a Merchant through the Services, the Merchant determines why your information is collected and how it is used. Dashi processes that information on the Merchant's behalf — for example, to manage your reservation, send you a confirmation, or enable the Merchant's loyalty programme. In this context, questions about how your Guest Data is used should be directed to the Merchant.

When Dashi is an independent controller:

When you independently create a Dashi Diner Profile — for example, by signing up on a Dashi loyalty page, downloading the Dashi app, or creating a Dashi account — you enter a direct relationship with Dashi. In this context, Dashi determines the purposes and means of processing your information, and this Privacy Policy governs that use directly.

Both relationships can exist at the same time. Making a reservation at a restaurant (Merchant-controlled) and signing up for a Dashi account (Dashi-controlled) are separate.

4. Personal Information We Collect

A. Merchants

When you sign up for the Services, we collect:

  • Name, business name, address, email, and phone number
  • Business registration and tax information
  • Banking and payment information for billing and payouts
  • Government identification as required for verification
  • Communications through our support channels

B. Merchant Employees

When a Merchant grants you access to the Services, we may collect:

  • Name, email, and phone number
  • Role and permission information
  • Activity logs related to your use of the Services

C. Guests — Through Merchant Services

When you interact with a Merchant through the Services (reservations, waitlists, orders, payments), the following information may be collected by the Merchant through Dashi:

  • Name, phone number, and email address
  • Reservation, waitlist, and order details (date, time, party size, preferences)
  • Payment information for transactions
  • Dietary preferences and restrictions (voluntary)
  • Visit history at that Merchant
  • Communication preferences (marketing opt-in/opt-out status)
  • Feedback and ratings
  • Staff notes related to your visit

This information is Guest Data controlled by the Merchant. Dashi processes it on the Merchant's behalf.

D. Guests — Through Dashi Diner Profile

When you independently create a Dashi Diner Profile, Dashi collects:

  • Name, email, and phone number
  • Account credentials
  • Your communication preferences with Dashi
  • Loyalty programme participation and rewards data
  • Visit history that you have opted in to share across venues (only with your explicit consent)
  • App usage data and preferences

This information is controlled by Dashi directly.

E. Automatic Collection

When you use our websites or apps, we may automatically collect:

  • Device information (type, operating system, browser)
  • IP address and approximate location
  • Usage data (pages visited, features used, timestamps)
  • Cookies and similar tracking technologies (see Section 9)

5. How We Use Personal Information

For Merchants and Merchant Employees

  • Provide, maintain, and improve the Services
  • Process payments and manage billing
  • Provide customer support and training
  • Communicate about your account and service updates
  • Analyse usage to improve our platform
  • Comply with legal obligations

For Guests — Merchant-Directed Processing

When Dashi processes Guest Data on a Merchant's behalf, we use it to:

  • Manage reservations, waitlists, and orders
  • Process payments
  • Send Service Communications configured by the Merchant (confirmations, reminders, waitlist updates)
  • Provide the Merchant with operational reporting and guest insights
  • Facilitate the Merchant's marketing and loyalty programmes (only where the Merchant has configured these features and valid consent exists)
  • Maintain the Suppression List to prevent messages to opted-out Guests

For Guests — Dashi's Own Services

When Dashi acts as controller for Dashi Diner Profile data, we use it to:

  • Create and maintain your Dashi account
  • Provide loyalty programme features and rewards
  • Enable cross-venue visit history (only with your explicit opt-in)
  • Send you communications about your Dashi account and features
  • Personalise your experience
  • Improve and develop Dashi's products and services
  • Generate aggregated, de-identified insights (see Section 7)

Aggregated and De-identified Analytics

Dashi may create and use aggregated or de-identified data to improve our products, develop industry insights and trends, and create city-level or neighbourhood-level benchmarking. This data does not identify you. Dashi will not attempt to re-identify any individual from aggregated or de-identified data and will not disclose identifiable data to other merchants.

6. How We Share Personal Information

Dashi may share personal information in the following circumstances:

With Merchants: We share Guest Data with the relevant Merchant to fulfil reservations, orders, and other services you have requested. We do not share your Guest Data from one Merchant with a different Merchant without your consent.

With service providers (Sub-processors): We use third-party providers to help deliver the Services, including cloud hosting, SMS and email delivery, payment processing, analytics, and customer support. These providers are contractually required to protect your information and may only use it for the purposes we specify.

For legal compliance: We may disclose information when required by law, regulation, legal process, or governmental request, or to protect the rights, safety, or property of Dashi, our users, or others.

Business transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, personal information may be transferred as part of the transaction. We will provide notice of any such transfer.

With your consent: We may share information for other purposes when you have given us specific consent.

We never sell personal information to third parties for marketing purposes.

7. Marketing Communications and CASL

Merchant Marketing

When a Merchant sends you Marketing Communications (promotional offers, events, loyalty promotions) through the Services or using data exported from the Services, the Merchant is responsible for ensuring it has valid consent under Canada's Anti-Spam Legislation (CASL) and for the content of those messages. Questions about a Merchant's marketing practices should be directed to the Merchant.

Your Rights Under CASL

You have the right to:

  • Opt out of Marketing Communications at any time by using the unsubscribe mechanism in the message, replying "STOP" to SMS messages, or contacting the Merchant directly
  • Have your opt-out honoured within 10 business days (Dashi's platform processes opt-outs immediately at the system level)
  • Not receive Marketing Communications without valid consent

Dashi Communications

If you have a Dashi Diner Profile, Dashi may send you communications about your account, loyalty rewards, and Dashi features. You can manage your communication preferences in your account settings or by contacting us.

8. Retention of Personal Information

We retain personal information for as long as reasonably necessary to provide the Services, comply with legal obligations, resolve disputes, and protect our legitimate interests.

Guest Data processed for Merchants is retained for the duration of the Merchant's use of the Services and for a reasonable period after discontinuation to allow for data export (typically 30 days), after which it is deleted or anonymised from active systems within 90 days, subject to legal retention requirements.

Dashi Diner Profile data is retained for as long as you maintain your Dashi account. You may request deletion at any time (see Section 10).

Consent Records (records of marketing opt-ins and opt-outs) are retained for at least 24 months after the last Marketing Communication sent, to support CASL compliance.

Breach records are retained for at least two years as required under PIPEDA.

9. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to provide and improve the Services, remember your preferences, analyse usage patterns, personalise your experience, and ensure security. You can control cookie settings through your browser. For more details, see our Cookie Policy.

10. Your Rights and Choices

Depending on applicable law, you may have the right to:

  • Access your personal information held by Dashi
  • Correct inaccurate or incomplete information
  • Delete your personal information or Dashi Diner Profile
  • Withdraw consent for marketing or other optional processing at any time
  • Export your data in a portable format
  • Object to certain processing activities

For Guest Data controlled by a Merchant: Direct your request to the Merchant. Dashi will provide reasonable assistance to the Merchant in responding.

For Dashi Diner Profile data or information Dashi controls: Contact us using the information in Section 14. We will respond to your request within the time required by applicable law.

11. Security

We implement comprehensive security measures to protect personal information, including:

  • Encryption of data in transit and at rest
  • Access controls and authentication requirements
  • Regular security assessments and monitoring
  • Employee training on data protection
  • Incident response procedures

No system is completely secure, and we encourage you to take steps to protect your own information, including keeping your login credentials confidential.

Breach Notification

If we become aware of a security incident that creates a real risk of significant harm, we will comply with PIPEDA's mandatory breach reporting and notification requirements. Where Dashi is processing Guest Data on a Merchant's behalf, we will notify the Merchant without undue delay so that the Merchant can fulfil its own legal obligations. We maintain breach records as required by law.

12. Cross-Border Processing

Personal information may be processed and stored in Canada and in other jurisdictions depending on our hosting infrastructure and Sub-processors. Where personal information is transferred outside Canada, we use contractual and organisational measures to provide a comparable level of protection. Foreign authorities may have lawful access to personal information under the laws of those jurisdictions.

13. Children's Privacy

Our Services are not directed at individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us so we can delete it.

14. How to Contact Us

If you have questions about this Privacy Policy, our privacy practices, or wish to exercise your rights, contact us:

Email: privacy@dashipos.com

Mail:

Dashi Technologies Inc.

Attn: Privacy Office

8171 Yonge St

Toronto, ON L3T 2C6

Last updated: March 4, 2026 | This policy may be updated from time to time. We will notify you of significant changes.

Terms of ServiceMerchant TermsCookie PolicyContact Us