1. Introduction
PlateOS Inc. ("PlateOS", "we", "us", or "our") operates the PlateOS subscription management platform, available as a Shopify application and at plateos.io. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.
2. Information We Collect
2.1 Information from Shopify
When you install PlateOS on your Shopify store, we access the following data through the Shopify API with your explicit permission:
- Store information: Store name, domain, owner contact details
- Product data: Product listings, variants, and pricing
- Order data: Order details, customer information associated with orders, fulfillment status
- Customer data: Names, email addresses, phone numbers, and shipping addresses for customers who place orders
- Subscription contract data: Subscription billing contracts and payment method references
2.2 Information You Provide
- Account registration details (name, email, password)
- Business configuration (delivery schedules, meal plans, pricing)
- Staff information (names, contact details for driver/staff management)
- Support communications
2.3 Automatically Collected Information
- Log data (IP addresses, browser type, access times)
- Device information for the Driver Portal (GPS location during delivery, with permission)
3. How We Use Your Information
We use the collected information to:
- Provide, operate, and maintain the PlateOS platform
- Manage subscription billing and delivery scheduling
- Process and fulfill orders from your Shopify store
- Send transactional communications (order confirmations, delivery notifications)
- Provide customer support
- Improve and develop new features
- Comply with legal obligations
4. Data Sharing and Disclosure
We do not sell your personal data. We may share information with:
- Service providers: Cloud hosting (MongoDB Atlas), email delivery (Resend), SMS (Twilio), mapping (Google Maps) — only as needed to operate the platform
- Shopify: Data synced back to Shopify as part of normal app operation (order fulfillment, contract management)
- Legal requirements: When required by law, regulation, or legal process
5. Data Retention
We retain your data for as long as your account is active or as needed to provide services. When you uninstall PlateOS:
- Store connection data is removed within 48 hours
- Customer PII is anonymized upon GDPR/redaction request
- Aggregated analytics data may be retained in anonymized form
6. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS/SSL) and at rest
- Secure authentication with hashed passwords (bcrypt)
- Role-based access control with tenant isolation
- Regular security reviews and monitoring
7. Your Rights (GDPR/CCPA)
You have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data
- Portability: Receive your data in a structured format
- Objection: Object to certain processing activities
To exercise these rights, contact privacy@plateos.io.
8. Cookies
We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies.
9. Children's Privacy
PlateOS is a B2B service not intended for use by individuals under 16. We do not knowingly collect data from children.
10. Changes to This Policy
We may update this policy from time to time. We will notify you of significant changes via email or through the platform.
11. Contact Us
For privacy-related inquiries: