Platform Privacy Policy

Effective Date: January 7, 2025

Last Updated: January 7, 2025

1. Introduction

System Path ("we," "our," or "us") is committed to protecting the privacy and security of your information. This Platform Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the System Path platform and services ("Platform" or "Services").

This policy applies to all users of our Platform, including restaurant owners, managers, staff, and their customers who interact with services powered by System Path.

2. Information We Collect

2.1 Account Information

• Business name, type, and tax identification numbers
• Owner and staff names, email addresses, and phone numbers
• Business addresses and location information
• Banking and payment information for transactions
• Username, password, and account preferences

2.2 Business Operations Data

• Menu items, descriptions, pricing, and images
• Order history and transaction records
• Customer information (names, emails, phone numbers, delivery addresses)
• Inventory and supplier information
• Employee schedules and payroll data (if using HR features)
• Marketing campaigns and customer communications

2.3 Customer Data (End Users)

When customers interact with your restaurant through our Platform:

• Contact information for orders and reservations
• Order preferences and history
• Payment information (securely processed through PCI-compliant providers)
• Loyalty program participation and rewards
• Feedback and reviews

2.4 Technical Information

• IP addresses and device information
• Browser type and operating system
• Login times and Platform usage patterns
• Feature usage and performance metrics
• Error logs and debugging information

3. How We Use Information

3.1 To Provide Services

• Process orders and payments
• Manage restaurant operations and staff
• Create and host restaurant websites
• Send order confirmations and updates to customers
• Provide customer support
• Generate analytics and business insights

3.2 To Improve Our Platform

• Analyze usage patterns to enhance features
• Develop new services and functionality
• Conduct research and analysis
• Test and optimize Platform performance

3.3 For Communication

• Send service updates and announcements
• Provide technical support and respond to inquiries
• Send billing and account notifications
• Share product updates and new features (with consent)

3.4 For Security and Compliance

• Detect and prevent fraud or abuse
• Monitor for security threats
• Comply with legal obligations
• Enforce our Terms of Service

4. Information Sharing and Disclosure

4.1 Within Your Organization

Information is shared among authorized users within your restaurant organization based on their role and permissions (Owner, Manager, Staff).

4.2 Service Providers

We share information with trusted third-party service providers:

• Payment processors (Stripe) for transaction processing
• Cloud hosting providers (AWS) for data storage
• Email service providers for communications
• Analytics providers for usage insights
• Customer support tools

4.3 Business Partners

With your consent, we may share information with integrated third-party services you choose to connect (delivery platforms, accounting software, marketing tools).

4.4 Legal Requirements

We may disclose information when required to:

• Comply with laws, regulations, or legal processes
• Respond to government requests or court orders
• Protect our rights, property, or safety
• Prevent fraud or security threats

4.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, information may be transferred to the successor entity.

5. Data Security

We implement comprehensive security measures including:

• Encryption of data in transit and at rest
• SSL/TLS certificates for all data transmission
• Regular security audits and vulnerability assessments
• Access controls and authentication mechanisms
• PCI DSS compliance for payment processing
• Regular backups and disaster recovery procedures
• Employee training on data security practices

6. Data Retention

We retain information for as long as necessary to provide Services and comply with legal obligations:

• Active account data: Retained while account is active
• Transaction records: 7 years for tax and accounting purposes
• Closed accounts: Data deleted after 90 days (except as legally required)
• Backup data: Retained for 30 days after deletion from primary systems

7. Your Rights and Choices

7.1 Access and Correction

You can access and update your information through the Platform settings or by contacting support.

7.2 Data Portability

You can export your data in common formats (CSV, JSON) through the Platform or by request.

7.3 Deletion

You can request deletion of your account and associated data, subject to legal retention requirements.

7.4 Communication Preferences

You can manage email preferences and opt-out of marketing communications through account settings.

7.5 Customer Data Rights

End customers can request access, correction, or deletion of their data by contacting the restaurant directly or emailing privacy@systempath.com.

8. Data Processing and Storage

8.1 Data Location

Data is primarily stored in secure data centers in the United States. By using our Services, you consent to the transfer and processing of data in the United States.

8.2 International Transfers

If we transfer data internationally, we ensure appropriate safeguards are in place, including standard contractual clauses and adequate security measures.

9. Payment Processing

Payment information is processed by PCI-compliant third-party payment processors (Stripe). We do not store complete credit card numbers on our servers. Payment processors' privacy policies apply to payment information they collect.

10. Children's Privacy

The Platform is not intended for children under 13. We do not knowingly collect information from children under 13. If we become aware of such collection, we will delete the information immediately.

11. California Privacy Rights (CCPA)

California residents have additional rights:

• Right to know what personal information we collect and how it's used
• Right to delete personal information (subject to exceptions)
• Right to opt-out of the sale of personal information (we do not sell personal information)
• Right to non-discrimination for exercising privacy rights

To exercise these rights, contact us at privacy@systempath.com or 1-800-SYSTEMPATH.

12. GDPR Compliance (European Users)

For users in the European Economic Area:

• Legal Basis: We process data based on contract performance, legitimate interests, legal obligations, or consent
• Data Controller: The restaurant is the data controller for customer data; we are the processor
• Rights: Access, rectification, erasure, restriction, portability, and objection
• Complaints: You may lodge complaints with your local supervisory authority

13. Your Responsibilities as a Data Controller

If you collect customer data through our Platform, you are responsible for:

• Obtaining necessary consents from customers
• Providing privacy notices to customers
• Responding to customer data requests
• Ensuring compliance with applicable privacy laws
• Notifying us of any data breaches immediately

14. Data Breach Notification

In the event of a data breach affecting your information, we will notify you within 72 hours of discovery and provide information about the incident, affected data, and remediation steps.

15. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or Platform notification at least 30 days before taking effect. Continued use after changes constitutes acceptance.

16. Contact Information

For privacy-related questions or to exercise your rights, contact us at: