Terms of Service

1. Introduction

Welcome to NextGenRestaurant.

NextGenRestaurant is a multi-tenant restaurant management and point-of-sale (POS) SaaS platform. The system includes account management, branch configuration, staff management, menu and table management, order and billing workflows, KDS/KOT and kitchen station workflows, inventory and purchasing, customer records, gift cards, credit accounts, promotions and coupons, reservations, QR ordering, subscriptions, in-app and push notifications, offline sync, receipt and printer management, and labor/time-clock features.

By creating an account, accessing, or using NextGenRestaurant (the"Service"), you agree to be bound by these Terms of Service ("Terms"). If you do not agree, do not use the Service.

2. Definitions

• "Service" — the NextGenRestaurant backend, web application, mobile application, and all related features and APIs.
• "Provider" — the operators of NextGenRestaurant, Prashant Shah and Rahul Pajiyar.
• "Restaurant" / "Customer" — the business account or tenant using the Service.
• "Admin" — a user who manages a Restaurant account using email and password credentials.
• "Staff User" — a restaurant employee or contractor who accesses the Service using a username/PIN or branch PIN assigned by an Admin.
• "Restaurant Data" — all data entered into or generated by the Service for restaurant operations, including menus, tables, orders, customers, staff records, inventory, reports, payment records, reservation data, and uploaded files.

3. Eligibility

The Service is intended for business use by restaurants and their authorized personnel. By using the Service, you confirm that you are of legal age and have authority to bind your organization to these Terms. We do not knowingly permit individuals under 18 years of age to create accounts or serve as Admins or Staff Users.

4. Account Registration & Access

Admins register and authenticate using email and password. Staff Users authenticate using a username and PIN, or a branch PIN, where enabled by an Admin. The Service issues JWT access tokens, refresh tokens, and session identifiers. Refresh tokens are rotated on each use, and replay detection revokes the entire token family on reuse. Individual session logout and logout-all session revocation are supported.

You are responsible for:

• Keeping your email, password, PIN, and session tokens confidential.
• Creating, updating, suspending, and removing Staff User access when employment or roles change.
• Ensuring the security of devices, POS terminals, printers, and local networks used with the Service.
• Promptly notifying us of any suspected unauthorized access at support@prashantshah.dev.

We may suspend access if we detect suspicious, fraudulent, or abusive activity.

5. Restaurant & Admin Responsibilities

Restaurants and Admins are solely responsible for:

• Maintaining accurate restaurant, branch, menu, pricing, table, tax, inventory, staff, customer, and order information.
• Ensuring that all staff and customer data is entered with the required consent or legal basis under applicable law.
• Obtaining any necessary consent from staff for time-clock photo capture, geolocation-based attendance tracking, wage and payroll recording, scheduling, and device tracking.
• Obtaining any necessary consent from customers for profile records, marketing communications, loyalty programs, gift cards, and QR ordering sessions.
• Assigning roles and permissions appropriately and revoking access promptly when no longer needed.
• Reviewing orders, bills, refunds, manual subscription payment proofs, and reports before business reliance.
• Managing devices, printers, offline sync devices, and local network or Bluetooth printer access.
• Complying with all labor, employment, data protection, and other laws applicable to their restaurant operations.

6. Staff User Responsibilities

Staff Users must use only their assigned credentials and follow their employer's policies for POS use, order entry, kitchen/KDS/KOT workflows, time-clock punches, tips, payroll and scheduling, and customer data handling.

The mobile application may request camera, photo library, location, Bluetooth, local network, and push notification permissions. Staff Users should grant these permissions only as required for their assigned duties.

7. Permitted Use of the Service

You may use the Service only for lawful restaurant management and business operations in accordance with your assigned permissions. Implemented modules include:

• Authentication, session management, and device management
• Company, branch, and staff management
• Menu, table, floor, and reservation management
• Order taking, billing, POS payment recording, KDS/KOT/kitchen workflows
• Inventory, purchasing, supplier, and stock management
• Customer records, gift cards, credit accounts, promotions, and coupons
• Reporting, audit logs, and analytics dashboards
• Subscriptions, plan management, and manual payment verification
• In-app, push, email, and realtime notifications
• QR ordering and online booking
• Offline sync and local print queue management
• Labor, time-clock, payroll, scheduling, and tip-pool management

8. Prohibited Use

You must not:

• Access another tenant's data or attempt to bypass multi-tenant isolation, authentication, or permission controls.
• Share credentials, staff PINs, branch PINs, or session tokens with unauthorized parties.
• Upload unlawful, malicious, infringing, or unauthorized content including images and documents.
• Use the Service to send unlawful marketing messages or engage in spam, phishing, or deception.
• Interfere with the backend, APIs, realtime WebSocket connections, offline sync, or printer workflows.
• Reverse engineer, decompile, overload, scrape, or attempt to attack the Service or its infrastructure.
• Use the Service for any fraudulent, illegal, or harmful purpose.
• Circumvent subscription limits, trial restrictions, or feature access guards.

9. Uploaded Files & Business Content

The Service supports direct upload of menu item images and staff time-clock attendance photos to Cloudinary where configured. Subscription payment proof document URLs may also be recorded. Restaurants must ensure they hold all necessary rights, licenses, and consents to upload any image, document, or media.

You are responsible for the accuracy, legality, and authorization of all Restaurant Data you enter, including customer information, staff information, attendance photos, geolocation-derived attendance records, and uploaded files.

10. Restaurant Data Ownership

As between the Provider and the Restaurant, Restaurant Data remains owned by the Restaurant. You grant the Provider a limited license to host, process, secure, back up, and operate the Service using that data. We do not sell your Restaurant Data or personal data.

We use Restaurant Data only to provide, maintain, secure, and improve the Service as described in our Privacy Policy, which forms part of these Terms.

Restaurant Data covered by this ownership includes:

• Orders, invoices, and transaction records
• Menu items, categories, modifiers, and pricing
• Inventory records, purchase orders, and supplier data
• Staff profiles, schedules, wage records, and time-clock entries
• Customer profiles, loyalty records, and marketing consent flags
• Reports, audit logs, and business analytics
• Reservation and QR ordering session data

11. Subscription & Payments

The Service supports subscription packages, tenant subscription assignments, trial periods, renewals, plan limits, add-ons, and manual subscription payment verification. Tenant Admins may submit offline payment information and an optional proof document URL for platform review.

If you subscribe to a paid plan:

• Fees and plan details will be presented to you before purchase.
• Subscription charges must be paid on time as agreed.
• Failure to pay may result in suspension or downgrade of your subscription.

Unless required by applicable law, fees already paid are non-refundable.

Any applicable taxes, government fees, or processing charges are the responsibility of the Customer unless otherwise stated in a written agreement.

You may cancel your subscription at any time. Cancellation prevents future billing but does not automatically delete your account or Restaurant Data.

12. Data Deletion

You may request permanent deletion of your company account and associated data at any time.

In-app deletion is available to Admins via:

• Settings › Account Security › Permanently Delete Company
• Completing email verification and the one-time challenge code confirmation

Alternatively, contact us atsupport@prashantshah.dev. Email deletion requests are processed within 30 days.

Once permanently deleted, data may not be recoverable. See our Privacy Policy for full retention details.

13. Security Responsibilities

The Service implements the following security controls:

• Argon2id hashing for Admin passwords and Staff PINs
• Opaque refresh tokens stored as HMAC hashes with rotation and replay-detection revocation
• JWT access token sessions with global and per-route authorization enforcement
• Logout and logout-all session revocation
• Rate limiting on authentication and API endpoints
• Request validation with whitelist enforcement and unknown-field rejection
• CORS allowlist and security headers (Helmet, HSTS)
• Encrypted secure storage for authentication credentials on the mobile app
• HttpOnly, SameSite-strict refresh token cookies with CSRF double-submit protection for web sessions

Restaurants remain responsible for the security of their endpoint devices, physical POS terminals, printers, staff training, and local network environments. We are not liable for losses caused by compromised user credentials or insecure customer-side environments.

14. Service Availability

We strive to provide a reliable Service but cannot guarantee uninterrupted or error-free operation. No uptime SLA applies unless a separate written agreement expressly states otherwise.

Service interruptions may occur due to:

• Scheduled or emergency maintenance
• Software updates and deployments
• Internet connectivity or network issues
• Third-party provider outages (hosting, Cloudinary, Firebase, SMTP)
• Customer device or local network problems
• Events beyond our reasonable control

We are not responsible for losses caused by temporary service interruptions.

15. Service Updates & Changes

We may update, modify, or remove features of the Service at any time. Restaurants are responsible for reviewing updated settings, permissions, and workflows after material changes. We will endeavor to provide reasonable notice of significant changes within the application.

16. Suspension & Termination

We may suspend or terminate access to the Service for non-payment, security risk, unlawful use, abuse, or material breach of these Terms. The Service supports company suspension, activation, deactivation, and per-user/staff status controls.

Upon termination, access to the Service is revoked. Restaurant Data may be retained for a limited period as described in ourPrivacy Policy before permanent deletion.

17. Data Backup & Loss Disclaimer

We implement operational backup procedures. However, production backup retention periods and restore commitments are not guaranteed unless expressly stated in a written agreement. Restaurants should maintain their own copies of legally required business records.

We are not responsible for data loss caused by user error, device failure, or events outside our reasonable control.

18. Intellectual Property

NextGenRestaurant, including its software, design, branding, features, and content, is owned by the Provider and is protected by applicable intellectual property laws.

You are granted a limited, non-exclusive, non-transferable, revocable license to use the Service for its intended business purposes only. No ownership rights are transferred to you.

19. Disclaimer of Warranties

The Service is provided on an "as is" and"as available" basis, without warranties of any kind, express or implied, to the maximum extent permitted by applicable law.

We do not warrant that:

• The Service will be uninterrupted, timely, or error-free
• The Service will meet every specific business requirement
• Any errors or defects will be corrected within a specific timeframe

You use the Service at your own risk.

20. Limitation of Liability

To the maximum extent permitted by applicable law, the Provider shall not be liable for:

• Indirect, incidental, special, or consequential damages
• Loss of profits, revenue, or business opportunities
• Loss or corruption of Restaurant Data
• Service interruptions or downtime
• Unauthorized access resulting from compromised user credentials or insecure customer-side environments
• Claims arising from Restaurant Data, staff or customer consent failures, or misuse of the Service by the Restaurant or its users

Our total aggregate liability shall not exceed the amount paid by you for the Service during the twelve (12) months immediately preceding the event giving rise to the claim.

21. Indemnification

You agree to indemnify and hold harmless the Provider from any claims, liabilities, damages, and costs (including legal fees) arising from your Restaurant Data, your failure to obtain required consents for staff or customer data, your violation of these Terms, or your violation of applicable law.

22. Changes to These Terms

We may update these Terms from time to time. When significant changes are made, we will update the "Last Updated" date above and may provide notice within the application. Continued use of the Service after the effective date of any revision constitutes acceptance of the updated Terms.

23. Governing Law

These Terms are governed by and interpreted in accordance with the laws ofNepal. Any disputes arising from these Terms or the use of the Service shall be subject to the exclusive jurisdiction of the courts of Nepal.

24. Contact Us

For questions about these Terms, support requests, or legal notices: