Customer Privacy Policy

1. Introduction

This Customer Privacy Policy explains how your personal information is collected, used, and protected when you place an order through a restaurant website powered by EatsForAI.

EatsForAI, operated by EATS GROUP ("we," "our," or "us"), provides technology that helps restaurants offer online ordering. When you order food from a restaurant using our platform, both the restaurant and EatsForAI may process your information as described in this policy.

The restaurant you order from is the primary controller of your data. We process your data on their behalf to facilitate your order.

2. Information We Collect

2.1 Information You Provide

Order Information

When you place an order, we collect:

• Your name
• Email address
• Phone number
• Items you ordered and any special instructions

Delivery Information (if applicable)

For delivery orders, we also collect:

• Street address
• City, state, and ZIP code
• Delivery instructions

Payment Information

Your payment card information is collected and processed directly by our payment processors (Stripe, Square, or Clover). We do not store your full credit card number. We only receive confirmation that your payment was successful.

Loyalty Program (Optional)

If you choose to join a restaurant's loyalty program, we collect:

• Phone number (used to identify your account)
• Points balance and earning history
• Rewards redeemed

Loyalty membership is always optional. You can order as a guest without joining.

2.2 Information Collected Automatically

We collect minimal technical information to operate the ordering system:

• Device type and browser (to display the menu correctly)
• Approximate location (city/region level, from IP address)
• Pages visited on the ordering site

We use privacy-focused analytics that do not use cookies or collect personal data. We cannot identify you individually through our analytics.

3. How We Use Your Information

We use your information to:

• Process your order: Send your order to the restaurant, calculate totals, and apply any discounts
• Communicate with you: Send order confirmations, status updates, and receipts
• Facilitate delivery: Share your address with the restaurant or delivery service
• Operate loyalty programs: Track points, calculate rewards, and apply discounts
• Provide customer support: Help resolve issues with your order
• Improve our service: Fix bugs and enhance the ordering experience
• Comply with legal obligations: Maintain records as required by law

4. We Do Not Sell Your Personal Information

EatsForAI does not sell your personal information. Period.

We do not:

• Sell your data to data brokers or third parties
• Share your information for targeted advertising
• Participate in marketing cooperatives or data exchanges
• Allow advertisers to access your order history
• Trade your data for any form of compensation

For purposes of the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA): We have not sold or shared personal information (as those terms are defined under California law) in the preceding 12 months, and we do not intend to do so.

5. Who Receives Your Information

5.1 The Restaurant

The restaurant you order from receives your order information, contact details, and (if applicable) delivery address. The restaurant is an independent business and the primary controller of your data for order fulfillment purposes.

5.2 Service Providers

We use trusted service providers to operate the ordering platform. These providers only access your data as needed to perform their services:

• Payment processors (Stripe, Square, Clover): Process your card payment securely
• SMS/communication providers: Send order confirmations and OTP codes
• Delivery partners: Fulfill delivery orders (when you choose delivery)
• Cloud hosting providers: Securely store and process order data
• Email delivery providers: Send order receipts and confirmations

5.3 Who Does NOT Receive Your Information

• Other restaurants: Your data from one restaurant is never shared with other restaurants
• Advertisers: We do not share data with advertising networks
• Data brokers: We do not sell data to any third parties
• Social media platforms: We do not share your order data with social networks

5.4 Legal Requirements

We may disclose your information if required by law, court order, or to protect the safety of our users or the public.

7. Cookies and Tracking

We take a privacy-first approach. Unlike most websites:

• We do not use advertising or tracking cookies
• We do not track you across websites
• We do not use third-party tracking pixels (Facebook, Google, etc.)
• We do not use browser fingerprinting
• Our analytics do not collect personal data

We honor Global Privacy Control (GPC) signals sent by your browser. Because we don't sell or share your data for advertising, your privacy preferences are already aligned with our practices.

8. Your Privacy Rights

8.1 All Customers

You have the right to:

• Access: Request a copy of the data we have about you
• Correct: Fix any inaccurate information
• Delete: Request deletion of your data
• Portability: Receive your data in a portable format

8.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

• Right to Know: Learn what personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Correct: Correct inaccurate personal information
• Right to Opt-Out of Sale/Sharing: We don't sell or share your data, so this right is already satisfied
• Right to Non-Discrimination: We won't treat you differently for exercising your rights

Categories of information we collect: Identifiers (name, email, phone), commercial information (order history), internet activity (pages visited), and geolocation (approximate location).

We will respond to verified requests within 45 days (or up to 90 days if we need more time and notify you).

8.3 How to Exercise Your Rights

To exercise your privacy rights, please contact us through our Contact page:

You may also contact the restaurant directly, as they are the primary controller of your order data.

9. Data Retention

We retain your information as follows:

• Order data: 7 years (required for tax and legal compliance)
• Loyalty program data: While your membership is active; deleted upon request or inactivity
• Payment records: As required by payment processors and financial regulations

To request deletion of your data, please contact us or the restaurant directly.

10. Data Security

We implement industry-standard security measures to protect your information:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of data at rest
• Secure payment processing through PCI-compliant providers
• Access controls limiting who can view your data
• Regular security monitoring

While we strive to protect your information, no system is 100% secure. We will notify you if a data breach affects your information.

11. Children's Privacy

Our ordering service is not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

12. Changes to This Policy

We may update this policy from time to time. When we make changes, we will update the "Last Updated" date at the top of this page. For significant changes, we may provide additional notice.

Your continued use of the ordering service after changes take effect constitutes acceptance of the updated policy.

13. Contact Us

If you have questions about this policy or want to exercise your privacy rights:

We aim to respond to privacy inquiries within 10 business days.