Jon Alexis went back and forth before deciding to put self-service kiosks in his Malibu Poke restaurants. That’s because they weren’t the standard ordering kiosks; these machines included facial-recognition technology that could remember customer faces, instantly populating their favorite orders.

While he thought deeply about whether the technology went too far, Alexis says Apple’s 2017 release of the iPhone X, which included facial recognition capabilities, affirmed his plans of moving forward. “When Apple does something, that kind of tells you the public is ready,” he says. “That was huge for us.”

Kiosks at Malibu Poke’s three Texas stores can remember customers by face, credit card, or phone number. But they won’t track anything until diners opt in. Even then, the company cannot access the facial scans or order histories from its kiosk vendor.

“You can walk into our business and order three times a week and have no idea we do this. It’s a 100 percent guest decision,” he says.

The Malibu Poke concept was built around technology. Kitchen crews utilize digital recipe books, and managers communicate over cloud-based service Slack. But when it comes to consumer-facing technology, Alexis has a sort of litmus test: It must add to the customer’s dining experience, not detract from it.

“I think where brands fail is they think of their front-facing technology as serving the restaurant in lieu of hospitality; they think of it as a concession. And we’re the opposite,” he says. “If it does not improve the guest experience in every aspect, including hospitality, then we’re not interested in it. Your front-facing technology needs to offer guests the same improved experience that you would train your staff from a hospitality standpoint to offer.”

While consumers have grown increasingly skeptical of invasive technology, Alexis says they’re still willing to adopt new tech, so long as there’s a clear personal benefit. In Malibu Poke’s case, the kiosks allow diners to grab their favorite poke bowl with less error and time than ordering at a traditional register.

“It’s not for us; it’s for them. And I think that’s where technology can go horribly wrong. It’s all about intent,” he says. “Millions of people use social media and share their most intimate private details every single day. They love the benefits of these improving technologies. They want it to serve them, not the corporate overlords. If we’re using this information to sell them ads, that’s creepy.”

Indeed, big tech giants like Facebook and Google have come under fire for seemingly going too far. At the same time, public policy has failed to keep up with the rapidly changing landscape, says Elizabeth DeConti, an attorney on the alcohol beverage and food team at the GrayRobinson law firm.

“Frankly, a lot of retailers don’t know what to do with it because it’s a little bit of a Wild West from a legal perspective right now, though I expect that will change,” she says. “I think there are going to be a lot of developments in privacy law.”

DeConti says legal volumes are already filled with regulations about how businesses should handle personally identifiable information like credit card numbers, addresses, and the like. Her best advice for restaurateurs is to collect as little personally identifiable information as possible and possess it for the shortest period possible.

But restaurants should be prepared for future changes in the legal landscape. Even if no specific laws exist today, states may pass legislation in the coming years as technology like biometrics (measuring health and fitness) becomes more pervasive in the consumer market and brands continue to leverage their customer loyalty data with more sophisticated marketing efforts.

“There’s a learning curve for everyone in this area. On the one hand, businesses feel like to keep up with the competition, they have to engage in these types of programs,” DeConti says. “But it is a cautionary tale about being prepared to do this before you leap into the pool.”

Ensuring data security and customer privacy was a key motivation behind Jersey Mike’s efforts to build its POS system, data center, and loyalty platforms entirely in-house. It has also invested heavily in a multilayered approach to securing credit-card and customer data that involves internal and third-party monitoring. So far that effort has paid off with no data breaches, which in recent years have rocked companies like Target and Marriott.

“We spent a lot of money on security, but it’s worth it,” says Scott Scherer, CIO of the sub chain. “The return on investment is our reputation, our brand, everything else. We have a big focus here on personal data security.”

Scherer says the brand continues to develop its Shore Points Rewards program with more precise offerings. It currently pitches general offers; customers who frequently order cold sandwiches, for instance, might receive special offers on hot subs. Those sorts of offers don’t offend consumers the way highly targeted online and social media ads can, Scherer says.

He doesn’t envision Jersey Mike’s adopting self-service kiosks anytime soon—especially if those machines are enabled with biometric tracking technology.

“Personally, I think it’s a little scary,” he says. “The way our stores are and our culture is, kiosks are probably not in our future. If they were, I don’t think we would go to biometrics, because consumers are still scared about that and wondering where their fingerprint is going or where their face is being stored.”

Story, Technology, Jersey Mike's, Malibu Poke