Restoflow ← Back to Home

Privacy Policy

# Restoflow Privacy Policy

Last updated: 18 April 2026

## Who this policy applies to

This Privacy Policy explains how Restoflow collects and uses personal data when you visit the Restoflow website, request a demo, create or administer an account, or use the Restoflow restaurant shift and operations management service, including features that work with Telegram.

Restoflow is operated by Ampelus Production Management Solution Inc. ("Ampelus", "we", "us", or "our"), a company registered in Alberta, Canada. For the purposes of this policy, "Restoflow" means the website, product, related communications, support activities, and any linked pages that refer to this policy.

## Service provider and contact details

Service provider: Ampelus Production Management Solution Inc. (doing business as Ampelus Inc.)
Corporate address: 903 8 Ave SW, Calgary, AB T2P 0P7, Canada
General contact: CustomerSupport@ampelus.ca
Privacy contact: adolnik@ampelus.ca

For users in the EEA or Switzerland, Ampelus publicly identifies Konstantin Golokteev as its EEA and Switzerland representative and privacy contact:
Konstantin Golokteev
Rheinwallgraben 28, 41460 Neuss, Germany
kgolokteev@ampelus.ca
+49 155 10956577

## Data protection roles

Depending on the context, Ampelus may act either as a controller or as a processor.

When you browse the website, request a demo, communicate with us as a prospect, subscribe to updates, receive support, or administer a contract with us, we generally act as the controller of that personal data.

When a restaurant or other customer uses Restoflow to manage shifts, tasks, checklists, standards, acknowledgements, or internal workflows involving staff data, we generally act as a processor on that customer's behalf. In those cases, the customer organisation is usually the controller and remains responsible for giving its staff the required privacy information and for having a lawful basis to use the service.

## Categories of personal data we may collect

We may collect the following categories of personal data, depending on how you interact with Restoflow:

- identity and contact data, such as name, work email, phone number, job title, restaurant name, and message content;
- account and access data, such as username, password hash, role, permissions, login history, and security settings;
- service and workflow data, such as schedules, assignments, checklist responses, acknowledgements, timestamps, manager comments, and other information entered into the service by customer users;
- Telegram-related service data, such as Telegram username, Telegram ID, delivery status, message interaction logs, and bot command history, to the extent needed for the integration to function;
- billing and commercial data, such as plan, invoices, payment status, and limited payment metadata received from payment providers;
- technical and usage data, such as IP address, browser type, device information, language, timestamps, pages viewed, crash diagnostics, performance metrics, and security logs.

Restoflow is not designed for the routine collection of special-category or highly sensitive personal data. Customers should not use the service for medical records, biometric data, union data, disability data, disciplinary files, or similar sensitive HR records unless they have independently confirmed that such use is strictly necessary and lawful.

## Sources of personal data

We collect personal data directly from you, from the customer organisation that sets up or administers the service, from Telegram and other integrated third-party services where required for technical operation, and automatically from browsers, devices, servers, and related logs.

## How we use personal data

We use personal data to operate the website and service, provide onboarding and support, create and administer accounts, process payments, send service communications, maintain security, prevent abuse, troubleshoot incidents, improve the product, comply with legal obligations, and protect or defend legal rights.

Where we act as a processor, we process customer data only on the customer's instructions, except where the law requires otherwise.

## Legal bases

Where applicable data protection law requires a legal basis, we rely on one or more of the following: performance of a contract, steps taken at your request before entering into a contract, legitimate interests, consent, and compliance with legal obligations.

For employee or contractor data that our customers upload or manage through Restoflow, the customer is responsible for identifying the appropriate legal basis under the laws that apply to that workplace or employment relationship.

## Sharing of personal data

We may share personal data with service providers that support our operations, such as hosting and infrastructure providers, database and backup providers, monitoring and security vendors, email and communications providers, payment processors, professional advisers, and integration partners such as Telegram where required for the service to work.

We may also disclose personal data to courts, regulators, law-enforcement agencies, or other public authorities where required by law or reasonably necessary to establish, exercise, or defend legal claims. If our business is involved in a merger, financing, reorganisation, or sale of assets, personal data may also be transferred subject to appropriate confidentiality and legal safeguards.

## International data transfers

Because Ampelus operates internationally, personal data may be accessed, stored, or processed in Canada, the European Union or EEA, and other jurisdictions where Ampelus or its service providers operate.

Where cross-border transfers are subject to additional legal requirements, we will use appropriate safeguards, such as contractual protections, internal access controls, and other measures recognised under applicable law.

## Retention

We keep personal data only for as long as reasonably necessary for the purposes described in this policy, unless a longer retention period is required or permitted by law.

In practice, website enquiries and demo requests are usually retained for the period reasonably needed to answer the request and manage the commercial relationship. Account, billing, and transaction records are retained for the period needed for contract administration and applicable tax or accounting retention periods. Customer data processed through the service is retained in line with the customer relationship, documented deletion requests, backup cycles, dispute preservation needs, and legal obligations.

## Security

We use technical and organisational measures designed to protect personal data against unauthorised access, loss, misuse, destruction, or alteration. These measures may include access controls, password policies, role-based permissions, encrypted connections, monitoring, logging, and regular review of security practices.

No internet-based service can be guaranteed to be completely secure. You should also use appropriate security measures on your side, including strong passwords, secure devices, and careful access management.

## Your rights

Depending on where you are located, you may have rights to request access, correction, deletion, restriction, portability, objection, or withdrawal of consent where consent is the legal basis.

If Ampelus acts as a processor on behalf of your employer or another customer organisation, you should normally direct your request to that organisation first. We may assist our customers with such requests where required.

To submit a privacy request, you may contact adolnik@ampelus.ca or, where relevant, the EEA and Switzerland representative identified above. You may also have the right to complain to the data protection authority in your country of residence, work, or the place of the alleged infringement where the law provides that option.

## Children's data

Restoflow is intended for business use and is not directed to children. We do not knowingly collect children's personal data through Restoflow for independent consumer purposes.

## Cookies and similar technologies

Restoflow may use cookies and similar technologies as described in the Cookie Policy. Where consent is required for non-essential cookies, Restoflow will rely on the relevant consent mechanism before those technologies are activated.

## Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in the service, law, or our operational practices. The updated version will be posted on the website with a revised "Last updated" date. Where required by law, we will provide additional notice of material changes.

## Contact

Questions about this Privacy Policy may be sent to:
Privacy contact: adolnik@ampelus.ca
Corporate address: Ampelus Production Management Solution Inc., 903 8 Ave SW, Calgary, AB T2P 0P7, Canada

For EEA or Switzerland privacy matters, you may also contact:
Konstantin Golokteev
kgolokteev@ampelus.ca
Rheinwallgraben 28, 41460 Neuss, Germany
+49 155 10956577