privacy policy.

1. what data we collect

olldae collects the following categories of data when you use the service:

account data

• name
• email address
• venue name
• location
• role

operational data

• inventory items and stock levels
• recipes and ingredient costs
• menu pricing
• allergen records
• catering jobs

pos data

• if connected in the future, transaction data from point-of-sale systems

invoice data

• supplier invoices uploaded for parsing

usage data

• pages visited
• features used
• time spent
• browser type
• device type
• ip address

2. how we use your data

we use your data to provide the service and keep your account running. we use it to send operational alerts such as par level warnings and price change notifications. we use it to send service emails including billing confirmations and product updates. we use aggregate usage patterns to improve the product — not individual operator data.

we never use your data to build competing products or sell to third parties.

3. data storage

data is stored on supabase (hosted on aws).

• primary region: us-east-1 (virginia)
• all data is encrypted at rest using aes-256 encryption
• all data in transit is encrypted via tls 1.2+
• database backups are taken daily and retained for 30 days
• access to production data is restricted to authorised olldae team members only

4. data retention

• active accounts: all data retained for the lifetime of the account.
• cancelled accounts: data retained for 30 days after cancellation, then permanently deleted.
• trial accounts that do not convert: data retained for 30 days after trial ends, then permanently deleted.

operators can request immediate deletion at any time by emailing privacy@olldae.com.

5. data sharing

olldae does not sell your data. olldae does not share your data with third parties for marketing. we share data only with service providers necessary to run the product:

• supabase — database hosting and authentication
• resend — transactional emails (billing, alerts, password resets)
• stripe — payment processing (olldae does not store credit card numbers)
• vercel — website and application hosting

each provider is bound by their own privacy policies and data processing agreements.

6. staff data

when operators invite staff to their account, we collect the staff member's name and email address.

operators are responsible for informing their staff that their usage of olldae is tracked (features used, login times, actions taken).

olldae does not independently contact staff members for marketing purposes.

7. cookies

olldae uses cookies for the following purposes:

• authentication: keeping you signed in across sessions (necessary, always active)
• consent preferences: remembering your cookie choices (necessary, always active)
• analytics: understanding how the product is used (requires consent)
• marketing: none at launch, toggle available for future use (requires consent)

you can manage your cookie preferences at any time using the cookie settings link in the footer. disabling necessary cookies may prevent you from using the service.

8. gdpr rights (eu operators)

if you are based in the european union, you have the right to:

• access: request a copy of all data we hold about you
• rectification: request correction of inaccurate data
• erasure: request deletion of your data ("right to be forgotten")
• portability: receive your data in a structured, machine-readable format
• objection: object to processing of your data for specific purposes
• restriction: request that we limit how we process your data

to exercise any of these rights, email privacy@olldae.com. we will respond within 30 days.

for eu operators, we offer a data processing agreement (dpa) at olldae.com/legal/dpa.

9. ccpa rights (california operators)

if you are a california resident, you have the right to:

• know what personal information we collect and how it is used
• delete your personal information
• opt out of the sale of personal information

note: olldae does not sell personal information. we do not share personal information for cross-context behavioural advertising.

to exercise your rights, email privacy@olldae.com.

10. data requests

to make any data-related request (access, correction, deletion, export), email privacy@olldae.com.

• include your account email and the nature of your request
• we will verify your identity before processing
• response window: 30 days from receipt of request

11. children

olldae is a business tool designed for food and beverage operators. the service is not directed at anyone under the age of 18. we do not knowingly collect personal information from anyone under 18. if we become aware that we have collected data from someone under 18, we will delete it immediately.

12. changes to this policy

we may update this privacy policy from time to time. material changes will be communicated at least 30 days before they take effect, by email or in-app notification. continued use after changes take effect constitutes acceptance. the "last updated" date at the top of this page will always reflect the most recent revision.

13. contact

for privacy-related questions or data requests: privacy@olldae.com

for general support: hello@olldae.com

olldae, inc. — wilmington, delaware.