Sub-Processor Disclosure

Effective as of April 4, 2026

This page lists the third-party sub-processors that DinePro engages to process personal data on our behalf. We maintain contractual agreements with each sub-processor requiring them to protect your data in accordance with applicable data protection laws, including the GDPR and CCPA.

1. What is a Sub-Processor?

A sub-processor is a third-party service provider that processes personal data on behalf of DinePro in order to deliver our platform and services. We carefully vet each sub-processor to ensure they meet our standards for data security and privacy compliance.

Each sub-processor is bound by contractual obligations that include:

  • Processing personal data only on our documented instructions
  • Implementing appropriate technical and organizational security measures
  • Assisting DinePro in fulfilling data subject rights requests
  • Deleting or returning personal data upon termination of services

2. Our Sub-Processors

The following is a complete list of third-party sub-processors that DinePro engages to process personal data:

Anthropic — AI Ordering Assistant

  • Purpose. Powers the conversational AI ordering experience for restaurant guests via the Claude API.
  • Data shared. Conversation messages, menu selections, dietary preferences, and order modifications.
  • Data handling. Zero-retention API agreement — Anthropic does not store or use data for model training.
  • Location. United States

Square — Payment Processing & POS

  • Purpose. Handles order submission, payment processing, and kitchen fulfillment for all transactions.
  • Data shared. Order details, transaction amounts, and payment card data (handled directly by Square).
  • Certification. PCI DSS Level 1 certified — the highest level of payment security.
  • Location. United States

Twilio — SMS Messaging

  • Purpose. Delivers transactional SMS messages for waitlist notifications, ordering links, and STOP/HELP keyword handling.
  • Data shared. Phone numbers and message content.
  • Location. United States

AWS (Amazon Web Services) — Cloud Infrastructure

  • Purpose. Provides cloud hosting, database infrastructure, and SNS messaging that powers the DinePro platform.
  • Data shared. All platform data (encrypted at rest using AES-256 and in transit using TLS 1.2+).
  • Location. United States (us-west-2)

Stripe — Subscription Billing

  • Purpose. Processes recurring subscription payments for restaurant operators.
  • Data shared. Billing name, email address, and payment method.
  • Location. United States

Expo (EAS) — Push Notifications

  • Purpose. Delivers push notifications to the DinePro staff mobile app for real-time order and help request alerts.
  • Data shared. Device push tokens and notification content (order summaries, help request alerts).
  • Location. United States

Plausible Analytics — Website Analytics

  • Purpose. Provides privacy-focused, cookie-free analytics for the DinePro marketing website.
  • Data shared. Page views and referrer information only. No personal data or cookies are collected.
  • Location. European Union

3. Changes to This List

We may update this sub-processor list from time to time as we add or change service providers. When we make material changes, we will update the "Effective as of" date at the top of this page.

If you have entered into a Data Processing Agreement (DPA) with DinePro, we will notify you of any new sub-processors in accordance with the terms of that agreement, giving you the opportunity to object before the new sub-processor begins processing data.

4. Contact Us

If you have questions about our sub-processors or data processing practices, please contact us at:

  • Email. privacy@dinepro.io
  • Website. dinepro.io/contact

Last updated: April 4, 2026