Privacy Policy

1. Introduction

EatsForAI, operated by EATS GROUP ("we," "our," "us," or the "Company"), provides a platform that helps restaurants and food trucks become discoverable by AI systems and manage online ordering. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, including our website, dashboard, and any related services (collectively, the "Services").

By using our Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our policies and practices, please do not use our Services.

2. Information We Collect

We collect information that you provide directly to us, information we collect automatically, and information from third-party sources.

2.1 Information You Provide

Account Information

• Email address and password
• Name and contact information
• Business name and business contact information
• Billing and payment information

Business Information

• Restaurant or food truck details (name, type, location, hours of operation)
• Menu items, descriptions, pricing, and modifiers
• Business logos and images
• Cuisine type and service offerings

POS Integration Data

• POS catalog data (menu items, pricing, modifiers, locations) when you authorize integration
• Order data and transaction records processed through integrated systems

Customer Data (Collected on Your Behalf)

When customers order from your restaurant through our platform, we collect on your behalf:

• Customer name and contact information for order fulfillment
• Delivery addresses
• Order history and preferences
• Phone numbers for loyalty program enrollment and OTP verification
• Loyalty points balance and redemption history

2.2 Information Collected Automatically

• Device information (browser type, operating system)
• Log data (pages visited, time spent, referring URLs)
• Approximate geographic location (city/region level, derived from IP address)
• Platform usage patterns and feature interactions

Note: We use privacy-focused analytics that do not use cookies, do not collect personal data, and do not track users across websites. No personally identifiable information is collected through our analytics.

2.3 Information from Third Parties

• Data from POS systems when you authorize integration
• Payment verification data from payment processors
• Delivery status updates from delivery partners (when applicable)

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

• Create and manage your account
• Generate and host your restaurant website
• Process and fulfill online orders
• Sync data with your connected POS systems
• Generate AI-powered content (descriptions, images) for your menu
• Operate loyalty and rewards programs
• Process payments and manage subscriptions

3.2 Communications

• Send order notifications to you and your customers
• Provide customer support
• Send service-related announcements
• Send loyalty program notifications

3.3 Platform Improvement

• Analyze usage patterns to improve our Services
• Develop new features and functionality
• Monitor and enhance security
• Debug and fix technical issues

3.4 Legal and Compliance

• Comply with legal obligations
• Enforce our terms of service
• Protect against fraud and abuse
• Respond to legal requests and prevent harm

4. We Do Not Sell Your Personal Information

EatsForAI does not sell your personal information. We do not exchange your personal information for monetary or other valuable consideration.

EatsForAI does not share your personal information for cross-context behavioral advertising. We do not provide your data to third parties for the purpose of targeting you with advertisements across different websites or services.

We do not participate in data broker networks, marketing cooperatives, or any arrangements where customer data is exchanged with unrelated businesses for their marketing purposes.

For purposes of the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), we confirm that we have not sold or shared (as those terms are defined under CCPA/CPRA) personal information in the preceding 12 months.

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 Service Providers

We engage trusted third-party companies to perform services on our behalf. These service providers are contractually obligated to use your information only for the purposes of providing services to us and are prohibited from using it for their own purposes.

• Database and hosting providers: Secure data storage and website hosting
• Payment processors: Stripe, Square, and Clover for payment processing
• SMS/communication providers: Delivery of OTP codes and notifications
• Email delivery providers: Order confirmations and receipts
• AI service providers: Content and image generation (no personal data shared)
• Analytics providers: Privacy-focused website analytics (no personal data collected)
• Delivery partners: Order fulfillment for delivery orders

5.2 Customer Data Isolation

Customer data collected through your restaurant is strictly isolated:

• Each restaurant has its own customer database
• Customer data is not shared between restaurants on our platform
• We do not aggregate or analyze customer data across restaurants
• You are the data controller for your customer data; we are the processor

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court or government agency), or when we believe in good faith that disclosure is necessary to:

• Comply with a legal obligation
• Protect and defend our rights or property
• Prevent or investigate possible wrongdoing
• Protect the personal safety of users or the public

5.4 Business Transfers

If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership or uses of your personal information.

5.5 Public Information

Information you choose to make public through your generated restaurant website (business name, menu, hours, location, contact information) will be publicly accessible and indexed by search engines and AI systems.

6. Cookies and Tracking Technologies

We take a privacy-first approach to tracking:

• We do not use advertising or tracking cookies
• We do not track users across websites
• We do not use browser fingerprinting
• Our analytics do not collect personal data
• We use only essential cookies required for authentication and security

We honor Global Privacy Control (GPC) and Do Not Track (DNT) signals. Because we do not sell or share personal information for advertising, your privacy preferences are already aligned with our practices.

7. Your Privacy Rights

7.1 Rights for All Users

Regardless of your location, you have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information
• Portability: Request your data in a portable, machine-readable format
• Withdraw Consent: Withdraw consent where processing is based on consent

7.2 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the purposes, and the categories of third parties with whom we share it
• Right to Delete: Request deletion of your personal information, subject to certain exceptions
• Right to Correct: Request correction of inaccurate personal information
• Right to Opt-Out of Sale/Sharing: Opt-out of the sale or sharing of your personal information. Note: We do not sell or share personal information, so this right is already satisfied.
• Right to Limit Use of Sensitive Personal Information: Limit the use and disclosure of sensitive personal information
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights

Categories of Personal Information Collected: In the preceding 12 months, we have collected the following categories of personal information: Identifiers (name, email, phone number), Commercial information (order history, subscription details), Internet activity (pages visited, interactions with our Services), Geolocation data (approximate location), and Professional information (business details).

Response Timing: We will respond to verifiable requests within 45 days. If we need additional time, we will inform you of the reason and extension period (up to 90 days total).

7.3 European Residents (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR):

• Right of Access: Confirm whether we process your data and obtain a copy
• Right to Rectification: Correct inaccurate or incomplete personal data
• Right to Erasure: Request deletion under certain circumstances
• Right to Restrict Processing: Limit how we use your data in certain situations
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing
• Right to Lodge a Complaint: Lodge a complaint with a supervisory authority

Legal Basis for Processing: We process your personal data based on: (a) your consent, (b) performance of a contract, (c) compliance with legal obligations, or (d) our legitimate interests, provided these interests do not override your rights.

7.4 How to Exercise Your Rights

To exercise any of your privacy rights, please visit our Contact page:

Please include sufficient information to verify your identity and specify which rights you wish to exercise.

8. Data Security

We implement appropriate technical and organizational security measures designed to protect your personal information:

• Encryption of data in transit using TLS/SSL
• Encryption of data at rest
• Regular security assessments
• Access controls and authentication measures
• Employee training on data protection
• Incident response procedures
• Regular backups with secure storage

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

• Account Data: Retained while your account is active and for up to 30 days after deletion request
• Order Data: Retained for 7 years for tax and legal compliance
• Payment Records: Retained for 7 years as required by financial regulations
• Analytics Data: Aggregated and anonymized; retained indefinitely
• Support Communications: Retained for 3 years after resolution
• Customer/Loyalty Data: Retained while program is active; deleted upon restaurant account closure

10. International Data Transfers

Your information may be transferred to, and processed in, countries other than the country in which you reside. Our servers and service providers are primarily located in the United States.

For transfers from the EEA, UK, or Switzerland, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission.

11. Children's Privacy

Our Services are intended for business users and are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18.

If we learn that we have collected personal information from a child under 18, we will take steps to delete that information. Please contact us via our Contact page if you believe we have collected information from a child.

12. Data Breach Notification

In the event of a data breach that may compromise your personal information, we will:

• Notify affected users via email within 72 hours of becoming aware of the breach
• Notify relevant supervisory authorities as required by applicable law
• Provide information about the nature of the breach and steps taken to address it
• Offer guidance on steps you can take to protect yourself

13. Third-Party Links

Our Services may contain links to third-party websites or services. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party sites or services.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify you via email at least 30 days before changes take effect
• Post a prominent notice on our website

15. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

We aim to respond to all privacy-related inquiries within 10 business days.