Privacy Policy

Last updated: April 21, 2026

This Privacy Policy explains how Stationly ("Stationly," "we," "our," or "us") collects, uses, and shares information when you use our web application and related services (the "Service"). By using the Service, you agree to the practices described below.

1. Information we collect

• Account information. Name, email, password (hashed), and the tenant (restaurant) you belong to.
• Restaurant operational data. Menus, recipes, inventory, sales imports, staff records, inspection logs, licenses, customer/CRM records, and similar content you upload or enter.
• Usage data. Pages visited, features used, timestamps, device type, browser, and IP address.
• Payment data. Billing is handled by Stripe. We receive subscription status and the last four digits of your card; we do not store full card numbers.
• Support communications. Messages you send us and our responses.

2. How we use information

• To provide, maintain, and improve the Service.
• To authenticate you and enforce tenant-level access controls.
• To process payments and manage subscriptions.
• To send transactional emails (account confirmations, invites, billing receipts, security notices).
• To analyze aggregated usage trends so we can improve features (analytics never include personally identifying content of your customers or staff).
• To respond to legal requests and protect the rights, safety, and property of Stationly, our customers, and the public.

3. How we share information

• Within your tenant. Data you enter is visible to other members of the same tenant according to their role (owner, manager, staff).
• Sub-processors. We use trusted third parties to operate the Service: Supabase (authentication, database, hosting), Stripe (payments), and email delivery providers. Each processes data only under our instructions and their own privacy terms.
• Legal. We may disclose information if required by law, subpoena, or to protect rights and safety.
• Business transfers. If Stationly is acquired or merges with another company, information may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.
• We do not sell personal information.

4. Data security

We use industry-standard safeguards including TLS in transit, encrypted storage at rest, role-based access, and row-level security to isolate each tenant's data. No system is perfectly secure, and we cannot guarantee absolute security. Report suspected issues to security@restopsai.com.

5. Data retention

We retain your data while your account is active and for up to 30 days after cancellation, during which you may export it. After that, we delete or anonymize Customer Data within 90 days, except where retention is required by law (e.g., billing records).

6. Your choices

• Access and export. You can export your tenant's data from the Service at any time while your subscription is active.
• Correction and deletion. You can edit or delete records inside the Service. To request deletion of your entire account, email privacy@restopsai.com.
• Marketing emails. We send minimal marketing email. You can unsubscribe from the footer of any marketing message; transactional emails related to your account will continue.

7. Regional rights (GDPR / CCPA)

If you reside in the European Economic Area, the United Kingdom, or California, you may have additional rights including access, correction, deletion, portability, and the right to object to or restrict processing. To exercise any of these rights, email privacy@restopsai.com. You also have the right to lodge a complaint with your local supervisory authority.

8. Cookies & tracking

We use strictly necessary cookies to keep you signed in and to remember your preferences. We may also use privacy-respecting analytics (no cross-site tracking). We do not use third-party advertising cookies.

9. Children

Stationly is not directed to children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us personal information, contact us and we will delete it.

10. International transfers

Data may be processed in countries other than where you reside, including the United States. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and, for material changes, notify you by email or in-app notice at least 14 days before the changes take effect.

12. Contact

Questions, requests, or complaints? Email privacy@restopsai.com.

This Privacy Policy is provided for the Stationly MVP and should be reviewed by legal counsel before production use.