Bytes Logo
Back to Home

Privacy Policy

Effective Date: October 1, 2025

Bytes AI ("Company," "we," "our," or "us") values your privacy and is committed to protecting the personal information of our restaurant partners ("Clients") and their customers ("End Users").

This Privacy Policy explains how we collect, use, share, and safeguard information when you use our products, software, websites, and integrations (collectively, the "Services").

1. Information We Collect

1.1 Customer (End User) Information

  • Personal Details: Name, phone number, email address, communication preferences, and delivery address (if applicable).
  • Transaction Details: Order history, reservations, catering requests, items purchased, pricing, discounts, tips, payment status (no raw card numbers), and related activity.
  • Communications: Recordings, transcriptions, or content of calls, texts, chats, or other interactions handled through the Services.

1.2 Client (Restaurant) Information

  • Business Details: Restaurant name, contact information, menus, pricing, operating hours, and integration settings.
  • Integration Data: Menu, order, and transaction data synchronized from the restaurant's POS or third-party systems (e.g., Stream Orders, Toast, Square).

1.3 Technical Information

Device identifiers, browser type, operating system, IP address, mobile IDs, location (if enabled), and usage logs or telemetry associated with the Services.

2. How We Use Information

  • Deliver Services -- enable ordering, reservations, catering, and other features.
  • Provide Client Access -- give restaurants licensed access to customer profiles and order data to fulfill transactions.
  • Customer Relationship Management -- maintain relationships on behalf of both Bytes AI and Clients.
  • Marketplace Development -- operate the Bytes AI marketplace, loyalty programs, cross-promotions, analytics, and integrations.
  • Product Improvement -- analyze usage patterns, enhance AI models, and develop new features.
  • Security & Compliance -- comply with law, prevent fraud, and enforce our Terms of Service.

3. Sharing of Information

3.1 With Restaurants (Clients)

Customer data necessary to fulfill orders, reservations, or requests is shared with the restaurant involved.

3.2 With Service Providers and Integration Partners

We use trusted vendors for hosting, analytics, payments, communications, and POS integrations (e.g., Stream Orders). These providers access only the data needed to perform their functions under confidentiality and security obligations.

3.3 Within Bytes AI Marketplace

Aggregated customer data may be used for cross-restaurant loyalty programs, multi-location offers, and marketplace features.

3.4 For Legal or Business Purposes

We may disclose information when required by law or legal process, to protect our rights or the rights of others, or as part of a merger, acquisition, or sale of assets.

4. Data Ownership and Rights

  • Bytes AI Ownership: All customer and transaction data collected through the Services is owned by Bytes AI.
  • Client License: Restaurants receive a limited, revocable license to access and use such data only for legitimate business purposes directly connected to order fulfillment and customer engagement.
  • Customer Rights: End Users may request access, correction, or deletion of their personal information under applicable laws (e.g., GDPR, CCPA, New York SHIELD Act). Requests can be submitted to [email protected].

5. Data Retention

We retain data only as long as needed to:

  • Operate and improve the Services,
  • Fulfill legal or regulatory requirements, and
  • Resolve disputes or enforce agreements.

Marketing and communication data is kept for no longer than 24 months unless law requires longer retention. Aggregated or anonymized data may be retained indefinitely.

6. Security

We maintain reasonable administrative, technical, and physical safeguards to protect data in accordance with the New York SHIELD Act, including:

  • Encryption in transit and at rest,
  • Role-based access controls and MFA,
  • Audit logging and intrusion detection, and
  • Secure subprocessor management.

Clients are responsible for protecting their own systems and credentials used to access Bytes AI.

7. International Data Transfers

Data may be processed in the United States or other jurisdictions where Bytes AI or its subprocessors operate. We implement appropriate safeguards for cross-border transfers as required by law.

8. Children's Privacy

Our Services are not intended for children under 13 (or the minimum age in your jurisdiction). We do not knowingly collect data from children without verifiable parental consent.

9. Data Breach Notification

If Bytes AI becomes aware of unauthorized access to personal information, we will notify affected individuals and regulators in the most expedient time possible and without unreasonable delay, consistent with the New York SHIELD Act and other applicable laws.

10. Changes to This Policy

We may update this Privacy Policy periodically. Material changes will be communicated via email or through the Services. Continued use of the Services after updates take effect constitutes acceptance of the revised Policy.

11. Contact Us

For questions or privacy requests, contact us at [email protected].