This Privacy Policy explains the method for collection, use, and disclosure of your personal data by Tabsquare Pte. Ltd and its related companies (collectively, “Tabsquare“) when you use the solutions, platforms, applications or services (collectively “Services“) provided by Tabsquare, purpose of use of such personal data, and method for handling of such personal data.


Tabsquare recognizes the importance of protecting the personal data collected from you in your usage of the Services, and takes reasonable steps to maintain the security, integrity and privacy of any personal data collected in accordance with this privacy policy.


1. Who we are

Tabsquare [with office address at 20 Kallang Avenue #05-05 Pico Creative Centre Singapore 339411] is a service provider for AI-Powered in-restaurant technology solutions that leverage data and deep learning algorithms in the F&B industry. We provide an engaging dining experience for restaurants’ customers and help restaurants to eliminate the unwanted dilemma of operations. 


If you have any questions about data protection at Tabsquare, you can contact our data protection officer at any time by sending an email to


This privacy policy applies to all personal data obtained by us through your use of our website or Services. It does not apply to any websites controlled by third parties not affiliated with us that our website or app may link to (“Third Party Sites”). The relevant privacy policies set out in the respective Third Party Sites shall apply in those cases.


2. Privacy is your right and the choice is yours

You have the choice which information you would like to share with us. Please be aware, however, that when signing up to our platform, you are required to accept our terms of use. Legally speaking, this means you will enter into a contract with us under which you are entitled to use the platform, in accordance with the terms of use. Of course, we need some information from you to be able to perform our obligations under this contract. However, it is entirely up to you to choose whether you would like to provide such information or would rather not use our platform.


You can take the following steps to control and manage how much personal data you share with us:

  • Direct marketing: If you do not want to receive newsletters from us, you can unsubscribe at any time. In this case, we will not be able to send you any cool offers.

You may also withdraw your consent for the processing of your personal data for certain purposes (e.g. marketing) by submitting your request via email to


3. Your Legal Rights

Under the EU General Data Protection Regulation (GDPR) and other data protection laws, you can assert the following legal rights against us: 

(a) Right to access

You have the right to be informed which data we store about you and how we process this data.


(b) Right to rectification

If you notice that stored data is incorrect, you can always ask us to correct it.


(c) Right to erasure
You can ask us at any time to delete the data we have stored about you. 


(d) Right to restriction of processing
If you do not wish to delete your data, but do not want us to process it further, you can ask us to restrict the processing of your personal data. In this case, we will archive your data and only reintegrate it into our operative systems if you wish us to do so. However, during this time you will not be able to use our platform, otherwise we will process your data again. We will also restrict the processing of your data if you have requested us to delete it but we are not able to comply with your request due to the applicability of statutory retention periods.


(e) Right to data portability
You can ask us to transmit the data stored about you in a machine-readable format to you. In this context, we will make the data available to you in a customary format.


(f) Right to withdraw your consent to the processing of your personal data

You can withdraw your consent to our collection, use and disclosure of your personal data at any time for any or all of the Purposes (as defined below). Upon receiving your withdrawal request, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be Processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. Please note that depending on the nature and scope of your request, we may not be in a position to continue providing our Services to you and we shall, in such circumstances, notify you before completing the processing of your request.

We will endeavour to process your request within ten (10) business days upon receipt, and will notify you accordingly if we require additional time.


(g) Right to object
You are free to object to receiving newsletters or any other direct marketing communications at any time. 


(h) Automated decision making

On the platform, we do not subject you to any decisions based solely on automated processing, including profiling, producing a legal effect for you or similarly significantly affecting you. However, we do operate on our platform various fraud detection and prevention systems; these will determine in an automated way, based on your behavior on our platform, whether you might be a fraudulent actor.


We also provide you with a personalized user experience on our platform so you will see contents based on your previous orders or meal preferences. You are free to request us to provide you with a non-customized experience instead of tailoring the platform to your needs.


In any case, you always have the right to contact us and challenge a decision made by our automated systems. To do this, just get in touch with us.


(i) Right of complaint
If you believe that we have done something wrong with your personal data or your rights, you can complain to a supervisory authority at any time. You can raise a complaint about our processing of your personal data with the data protection authority in the EU Member State of your habitual residence, at our seat of business, your place of work or the place where you think a violation of the GDPR has occurred. 

To exercise your rights, you may send in your request via email to at any time and we will process such requests in accordance with this privacy policy and our obligations under applicable laws.

We will respond to your request as soon as practicable, in any case within thirty (30) days upon receiving your access request. We will also inform you within the time frame if we are unable to adhere to your request (with reasons) or require additional time to effect the request.


4. An overview of the personal data we process

In this section you can find general information about the categories of personal data we process about you. For your understanding, personal data is information that directly identifies you (such as your name) or enables us to indirectly identify you (for example, on the basis of a user ID linked with the personal data in your profile).


You will find more detailed information on our processing activities below, in the next section. But our data processing activities on the platform can be summarized by reference the main categories of personal data:

(a) Profile data (master data)

This includes your email address or telephone number. 

Why do we process this category?

This data is your master data, which we will need for our Services. 


(b) Delivery data

This includes your name, delivery address, phone number, order details and order ID. 

Why do we process this category?

In accordance with the principle of data minimization, we only provide the riders and restaurants (as the case may be) with the information that they need from you to prepare and deliver your order and otherwise provide services requested to you.


(c) Order history data

This includes your order history, invoices, order ID, comments on orders, information on payment method, delivery address, successful orders and cancelled orders. 

Why do we process this category?

Each time you place an order, this information will be added to your profile. You can view all this information in your profile at any time. We will use this information to improve our Services and optimize the platform for your interests.


(d) Location data

This includes your address, postcode, city, country and your device’s longitude and latitude.

Why do we process this category?

We need these data to be able to deliver your orders (or enable the restaurant you have ordered from to deliver it to you). We create the longitude and latitude automatically in order to be able to process your delivery address in our other linked systems, such as our Rider app, and to display your address to our riders or riders of restaurants.


(e) Device information and access data

This includes your device ID, device identification, operating system and corresponding version, time of access, configuration settings, and your IP address.

Why do we process this category?

Each time you access our platform, this information is stored by us for technical reasons. We also use parts of this information to detect suspicious behaviour at an early stage and to protect our platform.


(f) Customer care data

This includes your name, address, telephone number, email address, and your ID from any social media (if applicable).

Why do we process this category?

If you contact us, we collect this data because we need to know who we are talking to and what we have been talking about so that we can help you with your reason for contacting us. This also applies if you leave comments on social media on our fan pages. We do not combine this data with your profile data on our platform, but we can still identify you by your social media ID.


(g) Marketing contact and communications data

This includes your name, email address, telephone number, and device ID.

Why do we process this category?

If you would like to receive an email newsletter, or an SMS from us, we need certain information to send you the messages. Instead of addressing you with “Hey You”, we find it more customer friendly to address you with your name. This category of personal data is also used by us to contact you, for example, if a product cannot be delivered and we want to offer you an alternative instead.


5. Our detailed processing activities and processing purposes

We process your personal data only in accordance with relevant data protection laws. We pay particular attention to the fact that all principles for the processing of personal data are taken into account. Therefore, we only process your data if this is lawful and you can reasonably expect it to be processed.


In order to be able to offer you our Services, the processing of your personal data is essential. You do provide us with some of this data proactively by entering them on your device. Other data we collect automatically when you are using our platforms.


We process your personal data for the following purposes (“Purposes”):

I. Creating and operating your account; delivering or serving your orders

(a) Account Creation

When creating an account, you will be asked to enter your master data. Your email address or telephone number are particularly important, as we can use this information to identify you in our system the next time you want to log in again. 

Categories of personal data:

              • Profile data (master data)
              • Device information and access data.

Legal basis: 

Art. 6 (1) b), performance of contract. 


(b) Order Processing

Once you have successfully registered and decided to place your order, we will store this information in your profile and process it in further processes so that you can submit your order to us. When you submit your order, your personal data is transferred to our backend where it is transferred to other systems for further processing.

Categories of personal data:

              • Profile data (master data)
              • Order data
              • Delivery data
              • Location data (if applicable)
              • Device information and access data

Legal basis: 

Art 6 (1) b) GDPR, performance of contract


(c) Delivering or serving your order

Once you have successfully placed your order, a number of processes are running in the background to ensure that your order is delivered or served quickly. This includes sharing your order data with the restaurant preparing your meal and/or with the rider delivering your order.

Categories of personal data:

              • Delivery data

Legal basis: 

Art. 6 (1) b) GDPR, performance of contract. 


II.Fraud detection, prevention and security of our platform

In order to protect our customers and our platform from possible attacks, we continuously monitor the activities on our websites and mobile applications. To keep the platform secure and guarantee you a safe ordering experience, we use various technical measures to ensure that suspicious behavior patterns are detected at an early stage and prevented as early as possible. To achieve this goal, several software-based monitoring mechanisms run in parallel and prevent potential attackers from damaging our platform.


The decision-making process is automated and could potentially have an impact on the use of your registered account on our platform. If any such decision leads to a negative result for you and you do not agree with the outcome, you can contact us at .


In this case, we will individually assess the circumstances of your case. All of our fraud detection and prevention algorithms are always open to human review. If you think that a mistake has been made we are happy to look into it and make corrections, if necessary.


Categories of personal data:

          • Profile data (master data)
          • Device information and access data
          • Order data

Legal basis: 

Art. 6 (1) f) GDPR, legitimate interests 


III. Direct Marketing

a.Newsletters and user surveys by email and/or text message

If you have consented to receiving marketing materials from us when signing up for our platform, we may occasionally send you by email, SMS or other text message regular offers of goods or services similar to those offered on our platform. We are constantly striving to improve our Services. Your constructive feedback is very important to us. Therefore, our direct marketing newsletters might also include surveys where we ask for your honest feedback. So we will occasionally also send you customer surveys and ask you to give us your opinion.


If you did not consent to receiving marketing materials from us when registering your account, you will not receive any direct marketing emails.


You are of course always free to opt out of such emails. In this case, we will store your contact details in a list of customers who have objected to receiving direct marketing, to make sure we can continuously comply with your objection.


You may withdraw your consent for us to send you all marketing materials by submitting your request via email to at any time, and we will endeavour to effect your request within 10 business days. Your withdrawal of consent for marketing purposes will not affect your ability to use our Services provided on our website and App.


You may also unsubscribe to our marketing newsletter sent via emails by clicking on the “unsubscribe” button at the end of our emails.


Not only do the contents of our newsletters and surveys vary, but so do the technologies and criteria we use to design our newsletters and segment customer groups. For example, a group of customers may receive a special newsletter promoting special deals from restaurants where customers have ordered. Other newsletters may refer to specific products that relate to a particular flavour, such as sushi, Indian cuisine or pizza. We use different information from your order history and delivery addresses to create these tailor-made offerings for you. Please be also aware that we are recording, in a pseudonymous manner, key performance indicators to assess the effectiveness of our direct marketing campaigns. This includes aggregated information about the opening and click-through rate for our direct marketing messages.


This is a profiling process in which we automatically process your data. The specific customer segmentation will not have a legal effect on you, nor will it similarly significantly affect you. The only effect you will notice are interesting offers on our platforms, bespoke to your interests and meal preferences.


Nonetheless, if this automated decision-making leads to a negative result for you and you do not agree with this, you can contact us at In this case, we will opt you out of customized newsletter communications and you will no longer receive any such messages going forward.


Categories of personal data:

        • Profile data (master data)
        • Location data
        • Order data
        • Device information and access data

ATTENTION: As already mentioned, you are entitled to object to the use of your email address for the aforementioned advertising purposes at any time, and free of charge, with effect for the future by changing your message preferences, using the “unsubscribe” button at the end of a newsletter, or by contacting us at


IV. Mergers & acquisitions, change of ownership

In the event of a merger with or acquisition by another company, we will disclose certain limited information to that company. Prior to disclosure, we will ensure that the recipient company undertakes to protect your personal data to a comparable standard to that under the Singapore Personal Data Protection Act 2012 (“PDPA”) and this privacy policy, and also that the company complies with applicable data protection laws and regulations. We will endeavour to keep the extent of the data shared with the other company to the absolute minimum required in order to conclude the transaction.

Categories of personal data:

        • Contact information
        • Delivery data
        • Location data
        • Profile data (master data)
        • Device information and access data
        • Order data
        • Customer care data
        • Marketing contact and communications data
        • Voucher information


6. Who we share your personal data with

We never give your data to unauthorized third parties. However, in order to run our business efficiently, we obtain the services of selected service providers and give them limited and strictly monitored access to some of our data, in order to fulfil the Purposes. Before we forward personal data to these partner companies for processing on our behalf, each individual company undergoes an audit. All data recipients must meet the legal data protection requirements and undertake to protect your personal data to a comparable standard as required under the PDPA and other relevant data protection laws.

a. Tabsquare’s affiliates 

We are part of an international group of companies with legal entities in many parts of the world. We may share your personal data with Tabsquare’s affiliates as required to fulfil the Purposes outlined above, including for an efficient use of resources, ensuring that our business processes are functioning properly, to assist with customer support requests, conduct legal assessments or implement IT and platform security measures.

All Tabsquare’s affiliates are bound by strict intra-group data transfer agreements which comply with applicable data processing laws and principles and which apply whenever personal data is shared with affiliated companies.


b. Service Providers and data processors

We use different service providers and data processors for our daily processing activities. These service providers and data processors process your personal data in accordance with the applicable local data protection laws and requirements and are permitted to process personal data only according to our instructions. Our services providers and data processors have no claims whatsoever to process your personal data for their own, independent purposes. We also monitor our processors and include only those who meet our data protection standards.

You have already learned about some of the parties we use as service providers above. Our user platforms and databases run on cloud resources provided by the EU subsidiaries of Google and Amazon Web Services (AWS). Because we use different data processors and change them from time to time, it is not possible for us to identify all individual recipients of personal data in this Privacy Policy. However, if you are interested, we will be happy to disclose the name of the processor(s) in use at that time upon request.


c. Third parties

In addition to data processors, we also work with third parties, to whom we also transmit your personal data, but who are not bound by our instructions. These are, for example, our consultants, lawyers or tax consultants who receive your data from us on the basis of a contract and process your personal data for legal reasons or to protect our own interests. We do not sell or rent your personal data to third parties under any circumstances. This will never take place without your explicit, informed consent.


d. Prosecuting authorities, courts and other public bodies

Unfortunately, it can happen that a few of our customers and service providers do not behave fairly and want to harm us. In these cases, we are not only obliged to hand over personal data to public authorities due to legal obligations, it is also in our interest to prevent damage and to enforce our claims and to reject unjustified claims.

We may also share your personal data with law enforcement agencies, government and regulatory bodies to meet applicable legal or regulatory obligations.


7. How long we store your data

We generally delete your data after the Purposes have been fulfilled. The exact deletion rules are defined in our global policies and supporting local retention schedules. Different deletion rules apply depending on the purpose of the processing. Within our deletion concepts we have defined various data classes and assigned regular maximum retention and deletion periods to them. When the retention period has expired, the stored data will be deleted accordingly. If you have not used your user account on our platform for a period of more than three years, we will delete your account to make sure to comply with the principle of storage limitation. Before this happens, you will receive a separate notification from us to the email address registered for your user account.


In addition to the deletion rules we have defined ourselves, there are other legal retention periods which we must also observe. For various legal documents, such as invoices or business letters, applicable laws define minimum retention periods. For example, tax data must be kept for a period of between six and ten years or even longer in some cases. These special retention periods vary according to local legal requirements.


Furthermore, we will continue to store your data if we have a right to do so in accordance with applicable local laws. This applies in particular if we need your personal data for the establishment, exercise or defence of legal claims.


8. International data transfers 

We process your data mainly within Singapore and it is outside of the European Union (EU) and the European Economic Area (EEA). Some of our service providers or affiliated companies mentioned above are based outside the EEA in so-called “third countries”. The GDPR has high requirements for the transfer of personal data to such third countries. We and the data recipients have to measure up to these requirements. 


Before we transfer your data to a third country, we will ensure that your personal data transferred outside the EEA is adequately protected with appropriate safeguards. The service providers located in a third country will only be chosen if they can demonstrate an adequate level of data protection even outside the territory of the EEA. According to Art. 44 ff. GDPR personal data may be transferred to service providers meeting at least one of the following requirements:

    • The European Commission has decided that the third country ensures an adequate level of protection (e.g. Israel and Canada).
    • Standard contractual clauses (also called “standard data protection clauses”) have been incorporated into our contract with the data recipient (including any supplementary measures, if required).
    • Further appropriate safeguards in accordance with Art. 46 GDPR have been provided such as Binding Corporate Rules or collecting explicit consent to the proposed transfer. 


9. Personal data of other individuals

If you provide us with personal data of other individuals through your use of our platform (e.g. providing us with your friend’s name, contact details and residential address when placing a food delivery order for your friend), you hereby undertake that you are authorised by these individuals to disclose their personal data to us and that these individuals have consented for their personal data to be collected, used and disclosed by us for such Purposes.


10. Right of modification

We reserve the right to change this privacy notice to ensure compliance with relevant legal and statutory provisions, including the PDPA. We will inform you of any significant changes, such as changes of purpose or new purposes of processing.

Our Client

Open chat
Got any questions? I'm happy to help :)