System Architecture
DineChat is a cloud-native, multi-tenant SaaS platform. Each restaurant operates in complete isolation with its own WhatsApp Business Account, reservation provider connection, and encrypted data store.
Infrastructure
| Component | Provider | Purpose |
|---|---|---|
| Application | Vercel (EU region) | Serverless compute, global CDN, cron scheduling |
| Database | Supabase (PostgreSQL, EU region) | Persistent storage with row-level security |
| Messaging | Meta WhatsApp Cloud API | Message delivery and receipt |
| AI Processing | Anthropic Claude (via OpenRouter) | Conversation understanding and response generation |
| Voice Transcription | Groq (Whisper) | Audio message speech-to-text |
| Payments | Stripe | Subscription billing (PCI-DSS Level 1) |
End-to-End Data Flow
From guest message to confirmed reservation โ every step is logged, validated, and reversible.
How a reservation happens
1. Guest sends a WhatsApp message to the restaurant's number.
2. Meta delivers the message via webhook. DineChat verifies the cryptographic signature (HMAC-SHA256).
3. The AI extracts intent and structured data (date, time, party size, name) into a validated schema.
4. DineChat checks real-time availability via the restaurant's reservation system API.
5. The guest confirms. DineChat creates the reservation and sends a confirmation with booking reference.
Full round-trip: typically under 8 seconds.
Reliability & Performance
โก Circuit Breaker
External API failures are contained. After consecutive failures, the circuit opens โ preventing cascade failures and automatically recovering.
๐ Per-Conversation Lock
Atomic database locks ensure only one message is processed at a time per conversation, preventing race conditions and duplicate bookings.
๐ Graceful Degradation
If any external service is unavailable, the AI informs the guest and escalates to a human staff member โ never silently failing.
โฑ๏ธ Rate Limiting
Inbound message rate limiting prevents abuse. API calls to reservation providers are naturally throttled by conversational flow.
Security Model
Security is built into every layer โ from webhook verification to database queries to credential storage.
๐ Webhook Verification
All inbound webhooks are verified using HMAC-SHA256 with timing-safe comparison. Unsigned or invalid payloads are rejected.
๐๏ธ Encrypted Storage
AES-256 encryption at rest for all data. TLS 1.2+ encryption in transit for all API communications.
๐ก๏ธ Credential Protection
API credentials are stored encrypted, never logged, never exposed to frontend code, and only accessed server-side at the moment of use.
๐ค Authentication
Industry-standard authentication via Clerk with multi-factor support and session management. Each restaurant owner accesses only their own data.
Multi-Tenant Data Isolation
Every restaurant's data is completely isolated through PostgreSQL Row-Level Security (RLS). This is enforced at the database engine level โ not the application layer.
What this means in practice
Restaurant A cannot see, query, or access Restaurant B's conversations, reservations, knowledge base, or credentials โ even in the event of an application-layer vulnerability. RLS policies are evaluated by the database engine itself before any data is returned.
AI Processing & Privacy
DineChat uses Anthropic's Claude โ selected for its industry-leading safety and the strongest data privacy commitments among major AI providers.
What data reaches the AI?
Conversation messages (text only), the restaurant's knowledge base content, and conversation history within the active session. The AI provider does not retain data between API calls โ context is constructed per-request by DineChat.
- No model training. API data is never used to train or fine-tune AI models. This is guaranteed by provider API terms and our account-level configuration.
- No persistent storage. AI providers may retain request logs for up to 30 days solely for abuse monitoring, after which they are deleted.
- Audio processing. Voice messages are transcribed to text using Groq's Whisper model. Audio is processed transiently and not retained after transcription.
- Structured extraction. The AI extracts reservation details into a validated JSON schema. All fields are verified before any reservation system API call is made โ preventing hallucinated or incorrect booking data.
Reservation System Integration
DineChat connects to your existing reservation platform through an adapter pattern โ a standardised interface that makes adding new providers straightforward without affecting the core system.
| Capability | Description |
|---|---|
| Availability Check | Real-time query for open slots by date, time, and party size |
| Reservation Creation | Create confirmed bookings with guest details and special requests |
| Reservation Modification | Modify existing bookings with phone-number ownership verification |
| Reservation Cancellation | Cancel bookings with phone-number ownership verification |
Credential isolation
Each restaurant stores its own reservation provider credentials. Credentials are encrypted at rest, never shared between venues, and only accessed at the moment of the API call.
WhatsApp Business Platform
DineChat operates on Meta's official WhatsApp Cloud API. Each restaurant connects their own WhatsApp Business Account through Meta's Embedded Signup flow during onboarding.
- Each restaurant owns and controls their WhatsApp Business number
- Messages are delivered and received through Meta's official API โ no unofficial or grey-route messaging
- Template messages used for out-of-session notifications (booking reminders, owner alerts) โ approved by Meta
- Webhook payloads are cryptographically verified before processing
Coexistence โ AI + Human
DineChat supports Meta's Coexistence mode: the same WhatsApp number works simultaneously on the Cloud API (AI) and the WhatsApp Business App (human staff).
๐ค AI Handles Routine
Reservations, menu questions, hours, policies โ the AI responds instantly, 24/7, in any language.
๐ Escalation Alerts
When a guest requests a human or the AI cannot resolve a query, the owner receives an instant WhatsApp alert on their personal number.
๐จโ๐ผ Human Takes Over
When the owner replies from the WhatsApp Business App, the AI detects it and goes silent โ for at least 1 hour, to avoid interrupting the human conversation.
โฐ Automatic Resume
If the owner doesn't respond within 30 minutes of an escalation, the AI re-engages the guest proactively โ no one is left waiting.
Data Protection & Compliance
DineChat is designed for compliance with GDPR (EU), UAE PDPL (Federal Decree-Law No. 45 of 2021), and equivalent international data protection frameworks.
| Measure | Detail |
|---|---|
| Data Controller | The restaurant (your client) is the data controller for guest data |
| Data Processor | DineChat acts as data processor on behalf of the restaurant |
| DPA | Data Processing Agreement available and accepted during onboarding |
| Subprocessors | Full disclosure published and maintained at /subprocessors |
| Breach Notification | 72-hour maximum notification window per GDPR requirements |
| Data Deletion | Automated deletion after retention period; manual deletion available on request |
Data Retention
Conversation data and reservation records are retained for a limited period based on the restaurant's subscription tier, after which they are automatically deleted.
| Data Category | Retention Period |
|---|---|
| Conversation messages | 2 months |
| Reservation records | 24 months |
| Analytics (aggregated) | 12 months (de-identified) |
| Billing records | 6 years (legal requirement) |
| AI provider logs | Up to 30 days (provider-managed, abuse monitoring only) |
Post-termination
When a restaurant terminates their account, they have 30 days to export their data. After the export window, all data is permanently deleted, including conversation history, reservation records, knowledge base, and stored credentials.
Legal Framework
Restaurants agree to the following documents during onboarding โ each is publicly accessible for review:
- Terms & Conditions โ service agreement, liability, and acceptable use
- Privacy Policy โ data collection, processing, and rights
- Data Processing Agreement โ GDPR Article 28 compliant processor terms
- Subprocessor Disclosure โ all third-party providers with data access
Questions?
For technical inquiries, integration questions, or compliance reviews, contact us at contact@dinechat.io.