← Back to OrderFlow AIPrivacy Policy

Legal

Privacy Policy

Effective: May 7, 2026

1. Who We Are

OrderFlow AI (“OrderFlow,” “we,” “our”) is an AI-powered phone answering service for restaurants. We process phone orders, capture customer intent, and route structured tickets to restaurant teams.

Questions about this policy: privacy@orderflow-ai.com

2. Information We Collect

From restaurant operators (you)

  • Name, email address, phone number, and restaurant name — collected via our lead capture form and onboarding flow.
  • Restaurant details: menu items, hours, modifier options, and POS system information provided during setup.
  • Billing information processed by our payment provider (we do not store card numbers).

From your customers (end callers)

  • Voice audio of phone calls — processed in real time to capture order intent. Recordings may be retained for quality assurance.
  • Order details: items, modifiers, pickup times, and payment method type.
  • Caller phone number (from Twilio PSTN data).

Automatically

  • Page interaction data via PostHog analytics (anonymous by default — no PII attached without consent).
  • Server logs: IP address, browser type, pages visited, timestamps.

3. How We Use Your Information

  • Service delivery — answering calls, capturing orders, routing tickets to your POS or kitchen display.
  • Account management — onboarding, billing, support.
  • Product improvement — aggregated, de-identified call data may be used to improve AI accuracy.
  • Communications — transactional emails about your account. We do not send unsolicited marketing without opt-in.
  • Legal compliance — we may retain records as required by applicable law.

4. Data Sharing

We do not sell your data. We share information only with:

  • Twilio — telephony and voice processing (subject to Twilio’s Privacy Policy).
  • Google (Gemini) — AI inference for speech-to-intent processing.
  • Neon — managed PostgreSQL database hosting.
  • Vercel — hosting and edge delivery.
  • PostHog — product analytics (anonymous visitor data).
  • Payment processors — Square or Stripe, as configured for your account.

All sub-processors are under data processing agreements obligating them to protect your data.

5. Data Retention

  • Call recordings: retained for 90 days, then automatically deleted unless you request longer retention for dispute resolution.
  • Order data: retained for 2 years to support analytics and re-ordering features.
  • Account data: retained for the duration of your subscription plus 90 days after cancellation.
  • Analytics data: aggregated page events retained for 2 years; raw events for 12 months.

6. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate information.
  • Delete your account and associated data.
  • Export your data in a portable format.
  • Opt out of analytics tracking (contact us or use a browser opt-out).

To exercise any of these rights, email privacy@orderflow-ai.com. We will respond within 30 days.

7. Security

We use TLS encryption in transit and AES-256 encryption at rest for sensitive data. Access to production systems is restricted to authorized personnel. We conduct periodic security reviews.

No system is 100% secure. If you believe your data has been compromised, notify us immediately at privacy@orderflow-ai.com.

8. Children

OrderFlow AI is a business-to-business service. We do not knowingly collect data from anyone under 18. If you believe a minor has submitted data, contact us and we will delete it promptly.

9. Changes to This Policy

We may update this policy as our services evolve. We will notify active subscribers by email at least 14 days before material changes take effect. Continued use after that date constitutes acceptance.

10. Contact

OrderFlow AI
Atlanta, GA
privacy@orderflow-ai.com
(770) 525-5393

Terms of Service →Back to Home