The principle: least privilege

Every person on staff should be able to do exactly the parts of their job — and nothing more. Not because you don't trust them, but because:

The four roles every restaurant needs

Owner — you. Full access to everything. Don't share this account.

Branch Manager — runs one location. Sees orders, menu, customers, riders, analytics for THEIR branch only. Cannot see other branches, cannot create new branches, cannot change payment methods or owner settings.

Cashier — handles incoming orders + printing. Sees orders, customer list, basic rider info. Cannot edit menu prices, cannot see revenue totals, cannot suspend the restaurant.

Rider — separate PWA app. Sees only assigned deliveries + their earnings. No access to other riders' data, no access to menu or financials.

Why the main branch ALSO needs a manager

If you're the owner and you also run the main branch personally, you might skip creating a "Main Branch Manager" account and just use your owner login at the counter. Don't.

Here's why: anyone borrowing your tablet during a busy lunch (a friend, a delivery person, your kid) has full owner access. They can see total revenue, customer phone numbers, and accidentally delete a menu category.

Create a Main Branch Manager account. Use it for daily work. Keep the owner login for monthly reports and admin tasks. This single habit prevents 95% of internal leaks.

Rotating staff: the offboarding checklist

Cashier quits or you let someone go. Same day:

The audit log habit

Once a week, check your order timeline. Watch for patterns: who refunds the most? Who marks the most orders as "free / staff meal"? Is there a cashier whose shift always has Rs. 200–500 less revenue than the morning shift? That's where to look first if numbers don't add up.

Most theft isn't dramatic — it's small, recurring, and obvious in retrospect.

Role-based access is built in

4 staff types, 9 permission toggles per user, branch isolation enforced server-side.

Start your trial →