1. Introduction
OrderEchoAI ("we," "our," or "us") is committed to protecting your privacy and the privacy of your restaurant's customers. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our website, platform, and AI voice ordering services (collectively, the "Services").
2. Information We Collect
Restaurant Account Information
When you create an account, we collect your name, email address, restaurant name, location address, phone number, and billing information.
Order Data
When customers place orders through our AI voice agents, we process call audio, order details (items, modifiers, special instructions), customer phone numbers, delivery addresses, and transaction metadata (timestamps, order totals). Call recordings and order transcriptions are stored in encrypted form.
Menu and POS Data
We access your menu information, pricing, inventory status, and order history through your connected POS system (Toast, Square, Clover) to power the AI ordering experience.
Usage Data
We automatically collect information about how you interact with our Services, including IP address, browser type, pages visited, features used, and session duration.
3. How We Use Your Information
We use the information we collect to:
- Provide, maintain, and improve our AI voice ordering Services
- Process orders through our AI voice agents and deliver them to your POS
- Sync menu data and inventory between your POS and our AI agents
- Generate order analytics, reports, and business insights
- Process payments and manage your account
- Send service-related communications
- Improve our AI models for order accuracy and voice recognition
- Detect and prevent fraud or abuse
- Comply with legal obligations
4. Customer Caller Data
When your restaurant's customers call and interact with our AI voice agent, we process their voice audio and phone number to facilitate the order. We do not use customer caller data for marketing purposes. Customer phone numbers are used solely for order confirmation and delivery coordination as directed by your restaurant.
5. Data Retention
We retain your restaurant account information for as long as your account is active. Order records and call transcriptions are retained according to your plan settings, with a default retention period of 90 days. Call audio recordings are retained for 30 days by default. You may adjust retention periods or delete data at any time from the dashboard.
6. Data Security
We implement industry-standard security measures, including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- SOC 2 Type II compliance
- PCI DSS compliance for payment-related data
- Regular penetration testing and security audits
- Role-based access controls
- Isolated tenant data architecture
7. Third-Party Sharing
We do not sell personal information. We may share data with:
- Your connected POS system (Toast, Square, Clover) to process orders
- Delivery platforms (DoorDash, UberEats, Grubhub) when you use delivery dispatch
- Service providers who assist in operating our platform (hosting, payment processing, SMS delivery)
- Law enforcement when required by law
8. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data
- Object to or restrict certain processing activities
- Export your data in a portable format
9. Cookies
We use essential cookies for site functionality and optional analytics cookies to improve our Services. You can manage cookie preferences through your browser settings.
10. Children's Privacy
Our Services are not directed to individuals under 18. We do not knowingly collect personal information from children.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date.
12. Contact Us
If you have questions about this Privacy Policy, please contact us at privacy@orderechoai.com.