We collect information you provide directly: account registration data (name, email, phone, restaurant name), employee data (names, contact information, PINs stored in hashed form, pay rates, scheduling records), restaurant operational data (menus, orders, reservations, guest profiles including dietary preferences and allergies, staff records, crew tab balances, loyalty program data), and payment information processed through Stripe. When you use the AI menu import feature, the text you submit is processed by a third-party AI service (see Section 7).
We use your information to operate the Service, process transactions, provide customer support, send service-related communications, and improve the Service. We do not sell your personal information to third parties.
Your data is stored on secured servers located in Canada. We use encryption in transit (TLS) and at rest. Access to production systems is restricted to authorized personnel. We perform regular backups.
Order data, guest information, reservation records, and staff scheduling data belong to you. We process this data solely to provide the Service. We do not analyze your operational data for advertising purposes.
Guest information (names, preferences, visit history) that you collect through the Service is your responsibility. You are the data controller for your guests' information. PlateFlow acts as a data processor on your behalf.
The marketing site uses minimal analytics to understand traffic patterns. The application itself uses session cookies required for authentication. We do not use third-party advertising trackers.
We use the following third-party services to operate PlateFlow: Stripe for payment processing (card data is handled directly by Stripe and never stored on our servers), Anthropic for AI-powered menu import (menu text you submit is sent to Anthropic's API for parsing — no customer or guest data is shared), and Cloudflare for content delivery and security. Each provider's own privacy policy governs their handling of data. We do not share your data with other third-party services except as required to operate the Service.
We retain your data for the duration of your account. Upon account deletion, we remove your data within 30 days. Backup copies may persist for up to 90 days. We retain anonymized aggregate data indefinitely.
You may request access to, correction of, or deletion of your personal data at any time. You may export your data through the Service. Contact [email protected] for data requests.
In the event of a data breach that affects your personal information, we will notify affected users and relevant authorities as required by applicable law, typically within 72 hours of becoming aware of the breach.
We will notify you of material changes via email or through the Service. Continued use of the Service after changes constitutes acceptance.
For privacy-related questions: [email protected].