Privacy Policy
Last updated: April 21, 2026
This Privacy Policy describes how Aryan Dawoodi, a sole proprietor doing business as Tableloop (“Tableloop,” “we,” “our,” or “us”), collects, uses, and protects personal information in connection with the Tableloop service available at tableloop.io (the “Service”).
Tableloop is a business-to-business software product used by restaurants and hospitality operators (our “Customers”) to manage guest email lists, send marketing campaigns, and run automated communications. This policy covers both the information we collect directly from our Customers and the information our Customers upload or collect about their own guests (“End Users”) using the Service.
1. Information We Collect
From Customers
When a restaurant signs up for Tableloop, we collect:
- Account information: name, email address, password (stored as a secure hash), and restaurant name.
- Billing information: payment details processed by our payment provider. We do not store full credit card numbers on our servers.
- Usage data: how you interact with the Service, including pages viewed, features used, and timestamps.
From End Users (Restaurant Guests)
On behalf of our Customers, Tableloop processes information collected from restaurant guests through signup forms, WiFi captive portals, QR codes, and imported contact lists. This typically includes:
- Email address
- Name (when provided)
- Opt-in status and source of collection (e.g., website form, WiFi portal)
- Email engagement data (opens, clicks, bounces)
- Optional fields such as birthday, tags, or visit history, if the Customer chooses to record them
The restaurant — not Tableloop — is the primary controller of this End User data. Tableloop acts as a service provider and processes it only on the restaurant’s instructions.
2. How We Use Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Send marketing emails on behalf of our Customers to their opted-in guests
- Sync opted-in email audiences to advertising platforms (Meta Ads, Google Ads) when the Customer enables those integrations
- Process payments and manage subscriptions
- Respond to support requests and communicate service-related notices
- Detect and prevent fraud, abuse, and security incidents
- Comply with legal obligations
We do not sell personal information. We do not use End User data to train machine learning models. We do not use End User data for any purpose outside delivering the Service to the Customer who collected it.
3. Subprocessors
Tableloop uses the following third-party services to operate. Each has its own privacy practices that apply to data we share with them:
- Supabase — database and authentication hosting
- Vercel — application hosting and deployment
- Resend — transactional and marketing email delivery
- Meta Platforms — when a Customer enables Meta Custom Audiences sync, hashed email addresses are sent to Meta for advertising targeting
- Google — when a Customer enables Google Ads Customer Match sync, hashed email addresses are sent to Google for advertising targeting
4. Data Retention
We retain Customer account information for as long as the Customer’s account is active. When a Customer cancels their subscription or closes their account, we retain their data — including End User contact lists — for 90 days to allow for reactivation, after which it is permanently deleted from our production systems. Backup archives are purged on a rolling 180-day cycle.
End Users may request deletion of their personal information at any time by contacting the restaurant that collected it, or by emailing us directly at hello@tableloop.io. Unsubscribe links in every marketing email immediately remove the End User from future sends.
5. Security
We use industry-standard technical and organizational measures to protect personal information, including encryption in transit (TLS), encryption at rest, hashed passwords, scoped database access controls, and row-level security policies that isolate each Customer’s data. No system is perfectly secure, and we cannot guarantee absolute security.
6. California Residents
If you are a California resident, the California Consumer Privacy Act (CCPA) gives you certain rights regarding your personal information, including the right to know what we collect, the right to request deletion, and the right to opt out of sale. Tableloop does not sell personal information. To exercise your rights, email us at hello@tableloop.io and we will respond within 45 days. We will not discriminate against you for exercising these rights.
7. Children
Tableloop is not directed to children under 13. We do not knowingly collect personal information from anyone under 13. If you believe a child has submitted personal information to us, contact hello@tableloop.io and we will delete it.
8. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date at the top of this page and, where appropriate, notify Customers by email. Continued use of the Service after changes means you accept the updated policy.
9. Contact
Questions, concerns, or requests related to this Privacy Policy can be sent to:
Aryan Dawoodi, d/b/a Tableloop
1111 Church Street #1806
Nashville, TN 37203
hello@tableloop.io
This Privacy Policy is governed by the laws of the State of Tennessee, without regard to its conflict of law principles.