Legal

Privacy Policy

We built NowServe to be quiet. We collect what we need to deliver your website, run your menu, and bill you correctly — and almost nothing else. Here is exactly what that looks like.

Last updated May 2, 2026

The short version

NowServe is a subsidiary product offered by Now Tech Inc., which publishes its broader software development and IT consulting services under the brand Now Tech at nowtechinc.com. When we say “we” or “us,” we mean Now Tech Inc. in its role operating NowServe. We collect the information you give us during onboarding so we can design, build, and host your restaurant’s digital experience. We use a single first-party page-view counter on the QR menus we host. We do notuse third-party trackers, behavioral ad cookies, or cross-site fingerprinting. We do not sell your data or your diners’ data to anyone.

1. Who this policy covers

This policy applies to two distinct groups:

  • Restaurant owners who sign up for an account at nowserve.co to commission a website, manage a QR menu, or use our hosting.
  • Diners who scan a QR code or visit a website hosted by us. We collect very little about diners — see §4 below.

2. What we collect from restaurant owners

Everything in this section comes from forms you fill out, files you upload, or actions you take inside the dashboard.

Account information

  • Your name, email address, and password (passwords are hashed by our auth system; we never see them in plain text).
  • Optional: a restaurant name typed during signup.
  • Session cookies set by the auth system to keep you logged in.

Onboarding & project information

  • Restaurant name, cuisine type, your existing domain (if any), and a short description.
  • The setup tier (Starter / Plus / Pro) and hosting tier you select.
  • Files you upload as brand assets — logos, menu PDFs, photography, ZIPs of existing brand kits.
  • QR menu content you author: categories, items, descriptions, prices, and item photos.
  • QR code styling preferences and the destination URL you point your QR code to.

Payment & billing

  • We capture a record of every payment instruction we send you (e.g. the bank-transfer details snapshot used for your 30% deposit and your final payment).
  • We store the timestamps and status of each payment you confirm — not your bank account number.
  • For annual hosting plans, payment is processed by Stripe. We never see your card number; Stripe returns a confirmation that we link to your project.

Operational & support

  • Status-change history for your project (who moved it, when, and an optional note) so we can support you over time.
  • Emails you send us and our replies.

3. What we collect from diners on QR menus we host

The page-view script we drop on QR menus is intentionally minimal:

  • A single counter increments once per page view, bucketed by UTC calendar day, per restaurant.
  • No visitor ID, no cookie, no localStorage, no device fingerprint, no precise location.
  • Your IP address is read briefly so we can rate-limit abusive traffic. It is never written to our database alongside your activity.

That’s the entire data flow. We can tell a restaurant owner “your menu was viewed 412 times yesterday,” and nothing more.

4. How we use what we collect

  • To deliver the service: design and build your site, host your menu, render your QR codes, send invoices.
  • To support you: respond to questions, troubleshoot issues, audit changes to your project.
  • To bill correctly: reconcile deposits and final payments, manage annual hosting renewals.
  • To protect the platform: rate-limit endpoints, detect abuse, maintain security and uptime.
  • To improve product: read aggregate page-view counters to understand which menus are being visited; we never read individual diner activity because we don’t collect it.

5. Subprocessors

We use a small number of vendors to run NowServe. Each receives only the data they need to do their job.

  • MongoDB Atlas — primary database for accounts, projects, menus, and aggregate analytics.
  • Supabase Storage — encrypted storage for the brand assets and menu item photos you upload, served via signed URLs.
  • Stripe — annual hosting checkout (Essential / Growth Partner / Concierge tiers).
  • Vercel — application hosting and global delivery for the dashboard and the websites we build for you.
  • Transactional email — account verification, project updates, and invoices may be relayed via a mail provider or SMTP relay configured by Now Tech for operational messaging.
  • DevForms (devforms.xyz) — if you submit the contact form at nowserve.co/contact, the fields you enter are sent as plain JSON to a DevForms-hosted endpoint that stores submissions for Now Tech operators to retrieve and reply to — the same lifecycle as emailing us directly, with less mail client friction.

We will update this list before adding a new subprocessor that materially changes how your data is handled.

6. Cookies

We set one type of cookie: a functional, first-party session cookie that keeps you signed in to your dashboard. We do not set cookies on the QR menus or websites we host on your behalf, and we do not embed analytics cookies, ad cookies, or social-media trackers anywhere on nowserve.co.

7. How long we keep your data

  • Account and project records are kept for the life of your account, plus a reasonable period afterwards for tax, legal, and support reasons.
  • Aggregate daily page-view counters are kept indefinitely; they contain no personal data.
  • You can request deletion of your account and your project at any time (see §9).

8. Where your data lives

Our databases and storage live with our subprocessors listed above. Depending on the service, your data may be stored in or transit through the United States and the European Union. Where required, we rely on standard contractual clauses with our subprocessors.

9. Your rights

Regardless of where you live, you can email us at privacy@nowserve.co to:

  • Ask for a copy of the personal data we hold about you.
  • Correct inaccurate data.
  • Delete your account and the personal data tied to it. (Aggregate, non-identifying counters may remain.)
  • Export your menu and brand assets so you can take them elsewhere.
  • Object to or restrict certain processing.

We aim to respond within 30 days. If you’re in the EU/UK, you also have the right to lodge a complaint with your local supervisory authority.

10. Security

Passwords are hashed. Brand assets are served from private buckets via short-lived signed URLs. Public APIs are rate-limited. Admin access is gated and auditable. No system is perfect — if you find a security issue, please report it to security@nowserve.coand we’ll work with you.

11. Children

NowServe is built for restaurant owners and operators. We do not knowingly collect personal information from children under 13 (or 16 in the EU/UK). If you believe a child has provided us information, please contact us and we will delete it.

12. Changes to this policy

When we change anything material, we will update the “Last updated” date at the top and, where appropriate, notify account holders by email before the change takes effect.

13. Contact

Privacy questions, deletion requests, and complaints: privacy@nowserve.co. General NowServe inquiries: see our contact page.

NowServe is operated by Now Tech Inc., a United States-based software development and IT services firm. Corporate information and broader services overview: nowtechinc.com. Corporate contact published by our parent organization: info@nowtechinc.com · +1 (347) 282-8242.

This Privacy Policy is governed by the laws of the State of New York, United States, except where superseded by mandatory local law that protects consumers in your jurisdiction and cannot be waived.