1. Who We Are
Plato is an Augmented Reality menu SaaS platform. We are the data controller for all personal data collected through the Plato platform. Our contact details are provided at the bottom of this policy.
2. What Data We Collect
We collect the following categories of data:
| Category | Data Collected | Source |
|---|---|---|
| Account Data | Restaurant name, email address, phone number, hashed password, logo image, Google ID and avatar (if social login used) | Provided by you at registration |
| Menu Content | Dish names, descriptions, prices, food photographs, 3D model files (.glb), QR code URLs | Uploaded by you to the dashboard |
| Subscription Data | Plan selection, subscription status, billing date, Paystack customer reference ID | Generated when you select a plan and pay |
| Technical Access Data | IP addresses, browser and device user-agent strings, timestamps of AR page visits — captured automatically by web server logs | Automatically collected when anyone visits an AR dish page |
3. Why We Collect This Data
We collect and process your data for the following purposes:
- To create and manage your restaurant account on Plato
- To deliver the AR menu service — hosting your dish content and serving it to customers via QR codes
- To process payments and manage your subscription via Paystack
- To send you transactional emails — account confirmation, payment receipts, subscription reminders
- To monitor platform performance, detect abuse and maintain security
- To comply with our legal obligations under Ghanaian law
4. Legal Basis for Processing
We process your data on the following bases:
- Contract performance — processing is necessary to deliver the Plato service you signed up for
- Legitimate interests — monitoring platform security and preventing fraud
- Legal obligation — retaining certain records as required by Ghanaian law
- Consent — where you have explicitly agreed, such as during account registration
5. Third Parties We Share Data With
We do not sell your data. We share data only with the following trusted third parties who help us operate the platform:
| Third Party | Purpose | Data Shared |
|---|---|---|
| Paystack | Payment processing and subscription management | Email, payment amount, plan details |
| Hosting Provider | Server infrastructure for the Plato platform | All platform data as stored on the server |
| Google (if social login used) | Authentication via Google OAuth | Google ID, name, email, avatar |
Each third party operates under their own privacy policy. We encourage you to review Paystack's privacy policy at paystack.com.
6. Data Retention
We retain your data for as long as your account is active. If you cancel your account:
- Your account data and menu content will be deleted within 30 days of cancellation
- Payment and subscription records may be retained for up to 7 years to comply with financial record-keeping requirements under Ghanaian law
- Server access logs are typically retained for 90 days and then purged
7. Your Rights
Under the Ghana Data Protection Act 2012, and where applicable under GDPR, you have the following rights:
- The right to access the personal data we hold about you
- The right to correct inaccurate or incomplete data
- The right to request deletion of your data (subject to legal retention obligations)
- The right to object to or restrict certain types of processing
- The right to data portability — receiving your data in a structured, machine-readable format
- The right to withdraw consent at any time where processing is based on consent
To exercise any of these rights, contact us at hello@platoar.com. We will respond within 30 days.
8. Data Security
We take reasonable technical and organisational measures to protect your data, including:
- Passwords stored using bcrypt hashing — never in plain text
- HTTPS encryption for all data transmitted to and from the platform
- Access to the admin panel restricted to authorised personnel only
- Regular security reviews of platform infrastructure
No system is completely secure. In the event of a data breach likely to result in risk to your rights, we will notify you and the relevant authority as required by law.
9. International Users
Plato is operated from Ghana. If you access Plato from outside Ghana — including from the European Economic Area — your data will be transferred to and processed in Ghana. By using Plato, you consent to this transfer.
For EEA users, we process your data in accordance with GDPR principles including lawfulness, fairness, transparency, purpose limitation and data minimisation, to the extent applicable.
10. Cookies
Plato uses session cookies essential to the functioning of the platform — for example, to keep you logged in to your restaurant dashboard. We do not currently use advertising or tracking cookies. If this changes, we will update this policy and notify registered users.
11. Children
Plato is a business platform intended for restaurant operators aged 18 and above. We do not knowingly collect data from anyone under 18. If you believe a minor has registered an account, please contact us immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify registered restaurants by email and update the effective date at the top of this page. Continued use of Plato after changes are posted constitutes your acceptance of the revised policy.
Contact Us
For any privacy-related queries, data access requests or complaints:
Email: hello@platoar.com
Location: Accra, Ghana
You also have the right to lodge a complaint with the Data Protection Commission of Ghana if you believe your data has been mishandled.