1. Introduction
Bistro Steward ("we," "us," "our") respects your privacy. This Privacy Policy explains what personal information we collect, how we use it, who we share it with, and the rights you have. It applies to our website, signup flow, and the Bistro Steward web app.
2. Information We Collect
2.1 Information you provide
- Account info: your email, password (hashed), restaurant name, and selected plan.
- Team members: names and email addresses you add for employee/manager accounts.
- Customer Data: recipes, menus, ingredients, inventory, prep sheets, shopping lists, vendor contacts, and other operational data you enter into the Service.
- Support correspondence: messages and attachments you send to us.
2.2 Payment information
Card details are collected and stored by Square, Inc., our payment processor. We receive a tokenized identifier and limited metadata (card brand, last four digits, billing status). We do not see or store your full card number or CVV.
2.3 Information we collect automatically
- Usage data: pages visited, features used, timestamps, and basic interaction metrics.
- Device data: IP address, browser type, operating system, and device identifiers.
- Cookies and local storage: we use cookies and browser local storage to keep you signed in, cache app data for offline use, and remember preferences.
- Audit logs: write operations are logged with user ID, timestamp, and operation type for security and debugging.
- Product analytics: we use PostHog to collect aggregated, pseudonymous usage events (such as pages viewed and features used) to understand how the Service is used and to improve it. We configure PostHog to drop IP addresses, honor "Do Not Track," and skip capture for any visitor who has not signed in. We never send personal fields like passwords, card details, or free-text content to PostHog.
2.4 Information from third parties
If you sign in using Google Sign-In, Google shares your name, email, and profile photo with us. Payment status updates come from Square webhooks.
3. How We Use Your Information
- Provide, maintain, and improve the Service.
- Process signups, subscriptions, and payments.
- Send transactional emails (receipts, security notices, trial reminders, service updates).
- Respond to support requests.
- Detect, prevent, and investigate fraud, abuse, and security incidents.
- Comply with legal obligations.
We do not sell your personal information. We do not use your Customer Data to train public AI models.
4. AI Processing
Certain features — including receipt scanning, recipe extraction, and the "Oracle" assistant — send your inputs to Google Gemini for processing. Google processes these requests under its enterprise terms and does not use them to train general-purpose AI models. The AI provider returns a response; we do not share your credentials or cross-tenant data with AI providers.
5. Who We Share Information With
| Recipient | Purpose |
|---|---|
| Google Cloud / Firebase | Hosting, authentication, database, serverless functions. |
| Google Gemini | AI features (scan, recipe extraction, assistant). |
| Square, Inc. | Payment processing and subscription billing. |
| PostHog, Inc. | Product analytics — aggregated, pseudonymous usage events to understand and improve the Service. IP addresses are dropped at ingestion; no Customer Data, passwords, or payment details are sent. |
| Resend (Resend, Inc.) | Outbound transactional email delivery (receipts, security notices, trial reminders, service updates). |
| Twilio SendGrid | Inbound email parsing — when you forward an invoice or receipt to your scanning address, SendGrid receives that message and relays it to us for processing. |
| Sentry (Functional Software, Inc.) | Error and performance monitoring. Diagnostic event data is sent with sensitive fields (passwords, tokens, card data, request/response bodies) scrubbed before transmission. |
| Professional advisors | Legal, accounting, and compliance counsel as needed. |
| Acquirers | In connection with a merger, acquisition, or asset sale, with appropriate notice. |
| Law enforcement | When required by valid legal process, after we verify the request. |
We require each service provider to protect your information consistent with this Privacy Policy.
6. Multi-Tenant Data Isolation
Your Customer Data is stored in a tenant-scoped partition identified by your unique tenant ID. Our database security rules enforce that only users who belong to your tenant and have been approved by your owner account can read your data. Server-side functions validate this on every write.
7. Data Retention
- Active account: retained as long as your account is active.
- Cancelled account: retained for 30 days to allow reactivation, then deleted within a further 60 days.
- Audit logs and billing records: retained up to 7 years for accounting, tax, and fraud-prevention purposes.
- Backups: may persist for up to 90 days before they expire.
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Request deletion of your personal information, subject to legal retention obligations.
- Export your data in a portable format.
- Object to or restrict certain processing.
- Withdraw consent where we rely on consent.
- Lodge a complaint with your local data protection authority.
To exercise any right, email privacy@bistrosteward.com. We will respond within 30 days.
8.1 California residents (CCPA/CPRA)
California residents have the right to know what personal information we collect, the right to delete, the right to correct, the right to opt out of "sale" or "sharing" (we do not sell or share personal information for cross-context behavioral advertising), and the right not to be discriminated against for exercising these rights.
8.2 EEA/UK residents (GDPR)
Our legal bases for processing are: (a) performance of a contract with you; (b) our legitimate interests in operating and securing the Service; (c) your consent where applicable; and (d) compliance with legal obligations. Data transfers outside the EEA/UK rely on Standard Contractual Clauses.
9. Security
We implement reasonable administrative, technical, and physical safeguards including encryption in transit (TLS), encryption at rest, access controls, audit logging, least-privilege role-based permissions, and security rules that enforce per-tenant isolation. No system is perfectly secure. If we become aware of a breach affecting your personal information, we will notify you in accordance with applicable law.
10. Children's Privacy
The Service is intended for restaurants and business users and is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, contact us and we will delete it.
11. International Transfers
We are based in the United States, and our service providers (including Google Cloud and Square) operate globally. Your information may be transferred to and processed in countries other than your own.
12. Cookies
We use strictly-necessary cookies and browser storage to keep you signed in and to provide the Service. We do not use advertising cookies or third-party tracking cookies. You can disable cookies in your browser, but the Service may not function correctly.
12a. Product Analytics Opt-Out
We honor the browser "Do Not Track" signal — if DNT is enabled, we do not send any events to PostHog. You can also opt out explicitly at any time:
- Browser-level: enable "Do Not Track" in your browser settings (Settings → Privacy). We will stop capturing events on your next page load.
- Per-device: open the browser developer console on any Bistro Steward page and run
posthog.opt_out_capturing(). To re-enable, runposthog.opt_in_capturing(). - Request erasure: email privacy@bistrosteward.com and we will delete any events PostHog has associated with your account.
Opting out does not affect your ability to use the Service.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be communicated by email or in-app notice at least 14 days before taking effect. The "Last updated" date at the top reflects the current version.
14. Contact Us
For any privacy question or request:
- Email: privacy@bistrosteward.com
- Support: support@bistrosteward.com