Privacy Policy

This Privacy Policy describes how OrderSmart ("we", "us", or "our") collects, uses, and shares information about you when you use our Service. By using OrderSmart, you agree to the collection and use of information as described in this policy.

1. Information We Collect

We collect the following types of information:

• Account information: Your name, email address, and password (stored as a secure hash)
• Restaurant data: Restaurant name, cuisine type, location, daily customer counts, menu items, inventory items, supplier names, and pricing
• Usage data: Inventory usage history, forecast data, and ordering records you provide
• Square POS data: If you connect Square, we import your menu items and up to 90 days of sales history from your selected location
• Payment information: We use Stripe to process payments. We never store your full credit card number — only a Stripe customer ID
• Chat messages: Conversations with our AI forecaster to build and refine your inventory model
• Technical data: IP address, browser type, and usage logs for security and debugging

2. How We Use Your Information

We use your information to:

• Generate AI-powered inventory forecasts and ordering schedules
• Provide and improve the Service
• Send transactional emails (verification, password reset, billing)
• Send weekly forecast report emails (you can opt out from your account settings)
• Process payments and manage your subscription
• Respond to support requests
• Detect and prevent fraud and abuse

3. Third-Party Services

We share data with the following third parties to operate the Service:

• Anthropic: Your restaurant data and chat messages are sent to Anthropic's Claude API to generate forecasts. Anthropic's privacy policy applies to this data. We do not permit Anthropic to train models on your data.
• Square: If you connect Square, we access your POS data via Square's API. Square's privacy policy governs data on their platform.
• Stripe: Payment processing. Stripe's privacy policy governs your payment data.
• Resend: Transactional email delivery. Email content is processed by Resend to deliver to your inbox.

We do not sell your personal information to any third parties for advertising or marketing purposes.

4. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription or delete your account, we retain your data for 90 days before permanent deletion. You may request immediate deletion by contacting us at ordersmartai@gmail.com.

5. Data Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, and access controls. However, no system is completely secure and we cannot guarantee absolute security.

6. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update inaccurate information through your account settings
• Deletion: Request deletion of your account and associated data
• Portability: Export your restaurant and forecast data in CSV format
• Opt-out: Unsubscribe from marketing emails at any time

To exercise these rights, contact us at ordersmartai@gmail.com.

7. Cookies

We use localStorage (browser storage) to maintain your login session. We do not use tracking cookies or third-party analytics cookies.

8. Children's Privacy

OrderSmart is not intended for users under 18 years of age. We do not knowingly collect information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email. Continued use of the Service constitutes acceptance of the updated policy.

10. Contact

For privacy inquiries, contact us at ordersmartai@gmail.com.