MakanBizMakanBiz

Privacy Policy

Last updated: April 2026

1. Who We Are

MakanBiz is a QR code ordering platform for restaurants, built and operated by Roninverse Studio. This policy explains how we handle data for both Merchants (restaurant owners) and End Users (customers who place orders).

2. Data We Collect

From Merchants

  • Account information: name, email address, password (hashed).
  • Business information: restaurant name, address, tax settings.
  • Menu content: item names, descriptions, images, pricing.
  • Payment information: processed and stored by Stripe (we do not store card numbers).
  • Usage data: login activity, feature usage, order statistics.

From End Users (Customers)

  • Order information: items selected, table number, order type (dine-in or takeaway).
  • Customer name (for takeaway orders only, voluntarily provided).
  • Payment details: processed entirely by Stripe. We receive confirmation of payment status but do not access or store card details.

End Users are not required to create an account to place an order.

3. How We Use Your Data

  • To operate the ordering platform and process orders.
  • To manage Merchant accounts and subscriptions.
  • To process payments and calculate platform fees.
  • To provide analytics and reporting to Merchants about their business performance.
  • To send service-related communications (account updates, billing notifications).
  • To improve and maintain the platform.

4. Data Storage and Security

Application data is stored in Supabase with Row-Level Security (RLS) enabled on all tables. This ensures Merchants can only access their own data.

All connections are encrypted using TLS. Passwords are hashed and never stored in plain text. Payment data is handled by Stripe, which is PCI-DSS Level 1 compliant.

Menu images are stored in Supabase Storage with access controls. Data is hosted on infrastructure provided by Supabase and Vercel.

5. Third-Party Services

We use the following third-party services:

We do not sell your data to third parties. Data is only shared with the services listed above as necessary to operate the platform.

6. Cookies

MakanBiz uses minimal cookies:

  • Authentication cookies— Essential for keeping you logged in. These are session-based and managed by Supabase Auth.
  • Stripe cookies— Set during payment processing for fraud prevention.

We do not use advertising cookies or third-party tracking scripts.

7. Data Retention

Merchant account data is retained while your account is active. If you delete your account, your data will be retained for 30 days (in case of accidental deletion) and then permanently removed.

Order history is retained for Merchant analytics and may be exported before account deletion. End User data associated with orders is retained as part of the Merchant's business records.

8. PDPA Compliance (Malaysia)

We comply with Malaysia's Personal Data Protection Act 2010 (PDPA). Under the PDPA, you have the right to:

  • Access your personal data held by us.
  • Request correction of inaccurate or incomplete personal data.
  • Withdraw consent for data processing (which may affect your ability to use the service).
  • Request deletion of your personal data, subject to our legal obligations.

To exercise any of these rights, contact us at hello@roninverse.studio. We will respond within 21 days as required by the PDPA.

9. Children's Privacy

MakanBiz is a business tool for restaurant owners. We do not knowingly collect data from children under 18. Merchant accounts must be registered by individuals of legal age to operate a business.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Significant changes will be communicated via email to registered Merchants. The "Last updated" date at the top reflects the most recent revision.

11. Contact

For privacy-related inquiries, contact us at hello@roninverse.studio.

Roninverse Studio
Malaysia