
Materialized RFM scores, lifetime stats, normalized tags, append-only notes, allergen + dietary preferences, GDPR consent audit, double opt-in, and global delete with grace period — all built into your ordering platform. No external CDP, no extra subscription.
Every completed order updates a per-venue stats row for the customer — total orders, total spent, average order value, recency, frequency, and a composite RFM segment label (CHAMPION / LOYAL / POTENTIAL / NEW / AT_RISK / LOST / INACTIVE). The list page shows the segment as a colored badge so the manager can spot the regulars at a glance and the lost ones who need a winback.
Tags are global per customer (one VIP tag follows them across every venue you operate). Notes are venue-scoped and append-only — the history is preserved. Consent changes are recorded in an audit log with IP, user agent, and actor — GDPR Article 7 evidence on tap.
Recency, frequency, monetary scoring with percentile bucketing for venues with 30+ customers and stable thresholds for smaller cohorts. No external tool to configure.
Build customer groups via a JSON criteria DSL — high-value champions, dormant customers, VIP-tagged opt-ins. Memberships are materialized nightly; marketing campaigns and promo codes target them instantly.
Normalized tags (global per customer), append-only venue notes (with author + timestamp), and structured allergen / dietary preferences. Favorites and dislikes are auto-derived nightly from order history. Staff handovers stop losing context.
Append-only consent log (Article 7 evidence) with IP / user agent / actor on every flip. Optional double opt-in per venue for EU compliance. Customer-initiated global delete with a 7-day grace period; force-execute path for DPA orders.
An inline writer recomputes the customer's per-venue stats: total orders, total spent, AOV, recency, frequency, monetary scores. Cheap (one aggregate + one upsert).
Once a day at 03:30 UTC the entire venue cohort is re-percentile-bucketed so segment labels stay accurate as the customer base evolves.
Saved segments materialize membership into a join table. Marketing campaign recipients and promo-code targeting get instant lookups instead of full-table scans.
Checkout opt-in, admin toggle, unsubscribe-link click, double opt-in confirmation — each writes a structured row to CustomerConsentLog. When a customer requests global deletion the consent log is preserved and a final REVOKED entry is appended; the personal record itself is anonymised in place after the grace period so Order/Bill financial integrity stays intact.
Per-(customer, venue) row with totalOrders, totalSpent, AOV, firstOrderAt, lastOrderAt, daysSinceLastOrder, RFM scores 1-5, and composite segment label.
JSON-driven criteria DSL — combine field/op/value predicates with all/any/not groups. Compile to Prisma where-fragment, materialize membership.
Tags are global per customer; notes are venue-scoped and append-only with author + timestamp. Allergen / dietary / favorite / disliked product preferences live in a structured table — explicit entries from the dossier, plus auto-derived favorites and dislikes from order history with a confidence score.
Append-only CustomerConsentLog (channel, action, source, IP, user agent, actor) is your Article 7 evidence. Per-venue Venue.requireDoubleOptIn turns on EU-style double opt-in for marketing — a confirmation token email is sent and the consent flag stays false until the customer clicks. CustomerDeleteRequest schedules global anonymisation with a 7-day grace period; the nightly cron executes; ROLE_ADMIN can force-execute for DPA orders.
AT_RISK badge appears 30 days after a regular's last visit. Filter the list, send a winback campaign, or have the manager call them — before the LOST badge turns up at 90 days.
Customer.dateOfBirth + birthday cron already shipped. Pair with a saved segment for VIP customers and the email goes only to the right people.
Tags are global; stats are per-venue. The dossier's Lifetime Stats card shows cross-venue totals + per-venue breakdown. The chain operator sees everything; each venue manager sees only their venue's notes.
Existing marketing/recipients flow now reads from CustomerSegmentMembership. Recipient counts return in milliseconds even on venues with 100K+ customers.
Customer asks 'when did I opt in?' — pull the CustomerConsentLog. Customer asks for deletion — schedule a global CustomerDeleteRequest with a 7-day grace period and the nightly cron anonymises everywhere; for DPA orders the platform owner force-executes immediately. EU venues can require double opt-in for marketing — the consent flag stays false until the customer clicks the email link.
The /admin/ask assistant calls customer-stats tools that read directly from CustomerVenueStats. Answers like 'who are my top 5 customers?' or 'who hasn't visited in 60 days?' return numerically-correct data, not LLM hallucinations.
Most restaurant SaaS pushes you toward an external customer data platform — Segment, RudderStack, Klaviyo. For most independent restaurants and small chains those tools are overkill, expensive, and add operational complexity (a customer that exists in two places will diverge). A CRM built into the ordering platform reads from the authoritative bills + rounds data and gives you the 80% that matters: segments, tags, notes, consent.
Computing RFM on every list-page load is slow once the customer base passes 5,000. Materializing the score on order completion (single aggregate + single upsert) keeps reads cheap forever and lets us add admin filters that were impossible before — sort by LTV, filter by segment, paginate without timeouts.
VIP follows the customer. If they're a VIP at your London venue and they walk into your Sofia venue, they're still a VIP. Per-venue tag scoping creates inconsistencies that operators have to remember to fix manually. Notes are venue-scoped because notes are about a specific interaction or service issue at a specific venue.
GDPR Article 7 requires you to demonstrate that consent was given. The previous 'last-write-wins' approach (a single timestamp on the Customer row) loses every prior consent change. The append-only CustomerConsentLog captures every flip with attribution — when the data protection authority asks, you have receipts.
Always-on for every venue. No setup. No external CDP. RFM segments populated tonight by the cron sweep.
Other tools restaurants use alongside this one.
Turn one-time diners into regulars with points, tiers, vouchers, and loyalty cards — all built into your ordering flow.
Learn moreCustomers earn a percentage of every order back as real money in their wallet, ready to spend on the next visit. Set it up in 60 seconds, switch it off any time.
Learn moreAutomatically prompt customers for a Google review the moment their order is completed. Boost your online reputation and rank higher in local search — on autopilot.
Learn moreStop hoping customers will remember to leave a review. Every completed order triggers a one-tap rating prompt by email or SMS — happy customers go straight to Google, unhappy ones go privately to your inbox.
Learn more