Privacy Policy

1. Introduction

RestaurantSaaS, Inc. ("RestaurantSaaS," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform and related services (the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information You Provide

We collect information you voluntarily provide, including:

• Account Information: Name, email address, phone number, company name, job title
• Billing Information: Payment card details (processed by Stripe), billing address
• Restaurant Data: Location details, menu items, inventory, vendor information
• Employee Data: Employee names, contact information, schedules, wage rates
• Sales Data: Transaction records, revenue figures, customer counts
• Communications: Support requests, feedback, survey responses

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

• Device Information: Device type, operating system, browser type, unique device identifiers
• Usage Data: Features used, pages visited, actions taken, timestamps
• Log Data: IP address, access times, error logs
• Location Data: General geographic location based on IP address

2.3 Information from Third Parties

We may receive information from:

• POS Integrations: Sales data, transaction history, menu data from connected point-of-sale systems
• Authentication Providers: Account information from Google or other OAuth providers if you choose to sign in with them
• Referral Partners: Name and email if you were referred by another user

3. How We Use Your Information

We use collected information to:

3.1 Provide and Improve the Service

• Create and manage your account
• Process transactions and billing
• Deliver core features (scheduling, inventory, reporting)
• Generate AI-powered forecasts and recommendations
• Provide customer support
• Analyze usage to improve the Service

3.2 Communications

• Send transactional emails (account confirmations, receipts)
• Deliver product updates and announcements
• Send marketing communications (with your consent)
• Respond to your inquiries and support requests

3.3 Safety and Compliance

• Detect and prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Protect the rights and safety of users

3.4 AI and Machine Learning

We use aggregated and anonymized data to train and improve our AI models. Your individual data is used to generate personalized forecasts and recommendations for your restaurant only. We do not use your data to train models that benefit other customers without anonymization.

4. How We Share Your Information

We do not sell your personal information. We may share information with:

4.1 Service Providers

Third-party vendors who help us operate the Service:

• Stripe: Payment processing
• Clerk: Authentication services
• AWS/Railway: Cloud hosting and infrastructure
• SendGrid/Resend: Email delivery
• Sentry: Error monitoring
• Analytics providers: Usage analytics

4.2 Business Transfers

If RestaurantSaaS is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

4.3 Legal Requirements

We may disclose information if required by law, subpoena, or other legal process, or if we believe disclosure is necessary to:

• Comply with applicable law
• Respond to legal requests
• Protect our rights, privacy, safety, or property
• Enforce our Terms of Service

4.4 With Your Consent

We may share information with third parties when you explicitly consent, such as when you authorize a third-party integration.

5. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

After you cancel your account, we retain your data for 30 days to allow for export. After that, we delete or anonymize your data, except where required by law to retain it longer (e.g., financial records for tax purposes).

6. Data Security

We implement industry-standard security measures, including:

• Encryption in transit (TLS/SSL) and at rest (AES-256)
• Regular security assessments and penetration testing
• Access controls and authentication requirements
• Employee security training
• Incident response procedures

While we strive to protect your information, no method of transmission over the Internet is 100% secure. We cannot guarantee absolute security.

7. Your Rights and Choices

7.1 Access and Portability

You can access and export your data at any time through your account settings. We provide data in common formats (CSV, JSON).

7.2 Correction

You can update your account information through the Service. For corrections to other data, contact support@restaurantsaas.com.

7.3 Deletion

You can request deletion of your account and associated data by contacting us. Some information may be retained as required by law.

7.4 Marketing Opt-Out

You can opt out of marketing emails by clicking "unsubscribe" in any marketing email or updating your preferences in account settings. You will still receive transactional emails.

7.5 Cookies

You can control cookies through your browser settings. Disabling cookies may affect Service functionality.

8. Cookie Policy

We use cookies and similar technologies for:

8.1 Essential Cookies

Required for the Service to function (authentication, security, preferences).

8.2 Analytics Cookies

Help us understand how users interact with the Service to improve it.

8.3 Marketing Cookies

Used to deliver relevant advertisements and track campaign effectiveness (only with consent).

You can manage cookie preferences through our cookie banner or your browser settings.

9. International Data Transfers

We are based in the United States. If you access the Service from outside the US, your information may be transferred to and processed in the US, where data protection laws may differ from your jurisdiction.

For EU/EEA users, we rely on Standard Contractual Clauses and other lawful transfer mechanisms to ensure adequate protection of your data.

10. GDPR Rights (European Users)

If you are in the European Economic Area (EEA), you have additional rights:

• Right to Access: Obtain a copy of your personal data
• Right to Rectification: Correct inaccurate data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Portability: Receive your data in a machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact privacy@restaurantsaas.com. We will respond within 30 days.

Legal Basis for Processing: We process your data based on:

• Contract performance (providing the Service)
• Legitimate interests (improving the Service, security)
• Legal obligations (compliance requirements)
• Consent (marketing communications)

11. CCPA Rights (California Users)

If you are a California resident, you have rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect, use, and disclose
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt out of the "sale" of personal information (we do not sell personal information)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact privacy@restaurantsaas.com or call [Phone Number]. We will verify your identity before processing requests.

Categories of Information Collected: Identifiers, commercial information, internet activity, professional information, and inferences drawn from the above.

12. Children's Privacy

The Service is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

13. Third-Party Links

The Service may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to review their privacy policies.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

15. Contact Us

For privacy-related questions or to exercise your rights, contact us:

For EU users, you may also lodge a complaint with your local supervisory authority.

16. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer at dpo@restaurantsaas.com.