Privacy Policy

We collect the following categories of information:

• Account & contact information. Name, business name, email address, phone number, and details you give us about your restaurant (cuisine, seats, average check, signature dishes, brand voice, colors, logo, and photos).
• POS & revenue data. Sales, transactions, covers, and related point-of-sale data we ingest from your connected POS systems (for example Square) to set baselines, measure results, and report.
• Advertising & marketing metrics. Performance data from ad and content platforms (for example Meta and Google) such as reach, clicks, spend, and conversions.
• Connected-account access (OAuth tokens). When you connect platforms such as Instagram, Facebook, Google, or Square, we receive access tokens that let us read metrics and publish the content you approve. These tokens are stored encrypted.
• Content & assets. The brand assets, photos, menus, and drafts created and exchanged as part of the Service, plus your approval decisions.
• Payment information. Billing is processed by Stripe. We receive limited billing details (such as a token, the last four digits, card brand, and status). We never receive or store your full card number.
• Usage & device data. Standard log and analytics data (IP address, browser, pages viewed, timestamps) and security signals, including those from our anti-abuse and content-delivery provider.

We use information to:

• Provide, operate, and improve the Service.
• Draft content, run approved campaigns, and publish items you approve to your connected accounts.
• Establish baselines, measure incremental revenue, and produce your reporting.
• Process payments and manage your subscription or engagement.
• Communicate with you about your account, drafts awaiting approval, results, and service updates.
• Secure the Service, prevent abuse, and comply with law.

We use trusted service providers (“processors”) to run the Service. They process data on our behalf, under contract, only as needed:

• Stripe — payment processing and billing.
• Supabase — application database, authentication, and storage (including encrypted tokens).
• Resend — transactional and account email delivery.
• Cloudflare — content delivery, security, and bot/abuse protection.
• Meta (Instagram, Facebook) and Google — publishing approved content, running campaigns, and retrieving metrics through their APIs.
• Square — POS and revenue data ingestion.

Each processor handles data under its own privacy terms. We share only what is necessary for them to perform their function.

We disclose information only: to the processors above; with your direction (for example, to publish to your connected accounts); to professional advisors under confidentiality; in connection with a merger, acquisition, or sale of assets (with continued protection); or when required by law or to protect rights, safety, and the integrity of the Service.

We keep information for as long as your account is active and as needed to provide the Service, then for a reasonable period afterward to meet legal, tax, accounting, and dispute-resolution needs. We delete or de-identify data when it is no longer needed for these purposes. You can revoke connected-account access at any time, which stops further token use; we delete or invalidate stored tokens when access is revoked or your engagement ends. We may retain aggregated or de-identified data that does not identify you.

We use reasonable administrative, technical, and physical safeguards to protect your information, including encryption of stored OAuth tokens, access controls, and reliance on reputable infrastructure providers. No method of transmission or storage is perfectly secure, so we cannot guarantee absolute security; you connect accounts and provide data at your own risk, and you should keep your own credentials safe.

If you are a California resident, the California Consumer Privacy Act, as amended by the CPRA, gives you rights regarding your personal information. Subject to legal limits, you may:

• Know / access the categories and specific pieces of personal information we have collected about you, and how we use and disclose it.
• Delete personal information we hold about you.
• Correct inaccurate personal information.
• Opt out of any sale or sharing of personal information — note that we do not sell or share it.
• Limit use of sensitive personal information to what is necessary to provide the Service.
• Non-discrimination — we will not treat you differently for exercising your rights.

To exercise these rights, contact us at privacy@fulltableco.com. We will verify your request and respond within the timeframes required by law. You may use an authorized agent where permitted.

Where data-protection laws such as the GDPR or UK GDPR apply, we process personal data on these legal bases: performance of a contract (to provide the Service you signed up for), legitimate interests (to secure and improve the Service), consent (for example, when you connect an account or opt into communications), and legal obligation. Subject to those laws, you have the right to access, rectify, erase, restrict, or object to processing, to data portability, and to withdraw consent at any time. You also have the right to lodge a complaint with your local supervisory authority. Where we transfer data internationally, we rely on appropriate safeguards. For these requests, contact privacy@fulltableco.com.

Our website uses a small number of cookies and similar technologies that are necessary for it to function (for example, to keep you signed in and to protect against abuse via our security provider) and, where applicable, to understand basic, aggregated usage. We do not use cookies to sell your data or to power cross-site advertising. You can control cookies through your browser settings; disabling necessary cookies may affect how the site works.

The Service is for businesses and is not directed to children. We do not knowingly collect personal information from anyone under 16. If you believe a child has provided us information, contact us and we will delete it.

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you. Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

For privacy questions or to exercise your rights, contact us at privacy@fulltableco.com or call (530) 523-0211. Full Table Co., Sacramento, California.