Privacy Policy

1. Who This Policy Covers

This Policy addresses two groups:

• Customers — the restaurants and business users who hold GrowDaddy accounts. For Customer personal information, GrowDaddy is the controller.
• Diners — the end consumers who visit a Customer's storefront and place orders. For most Diner information collected through a storefront (for ordering and fulfillment), GrowDaddy acts as a processor on behalf of the Customer. The exception is described in Section 5 (cross-restaurant marketing), where GrowDaddy acts as an independent controller for Diners who opt in.

2. Information We Collect

2.1 From Customers

• Account and profile: name, business name, email, phone, login credentials
• Billing: subscription plan and billing details. Card payments are processed by our third-party payment processor; GrowDaddy does not store full card numbers
• Usage and configuration: dashboard settings, menus, and how you use the Services

2.2 From Diners (via Customer storefronts)

• Order and contact information: name, email, phone number, order details and history, pickup preferences, and any notes
• Payment information: processed by our third-party payment processor; GrowDaddy does not store full card numbers
• Marketing preferences: whether a Diner has opted in to marketing communications

2.3 Collected Automatically

• Device and log data: IP address, browser type, pages viewed, and similar technical data
• Cookies and similar technologies: used to operate the Services, remember preferences, and measure performance

3. How We Use Information

• Provide, maintain, secure, and improve the Services and storefronts
• Process subscriptions, billing, and domain registration/renewal
• Facilitate Diner orders and send transactional communications (e.g., order confirmations) on the Customer's behalf
• Provide support and respond to inquiries
• Detect, prevent, and address fraud, abuse, and security issues
• Send marketing communications where permitted and consented to
• Comply with legal obligations and enforce our Terms
• Generate aggregated and de-identified data for analytics and product development

4. Transactional vs. Marketing Communications

• Transactional messages (e.g., order confirmations) are sent on the Customer's behalf, currently by email via messaging.growdaddy.app. These are necessary to deliver the Services.
• Marketing messages are sent only where the recipient has opted in. You can unsubscribe at any time using the link in the message or by contacting us.
• GrowDaddy may support SMS for transactional confirmations and/or marketing in the future, subject to applicable law and required consents.

5. Cross-Restaurant Marketing Network (Diner Opt-In)

Where a Diner affirmatively opts in to receive marketing communications from the restaurant and/or other restaurants on the GrowDaddy platform, GrowDaddy acts as an independent controller of that Diner's information for the purpose of operating cross-restaurant marketing.

• Consent is collected from the Diner — a restaurant cannot opt a Diner in on their behalf
• Every marketing message identifies the sender and includes an easy way to unsubscribe
• Diners may opt out at any time without affecting their ability to place orders

6. How We Share Information

We share personal information with:

• Service providers / subprocessors who help us operate the Services, including our payment processor, cloud-service provider, email and messaging providers, and analytics providers. A current list of subprocessor categories is available on request at hello@growdaddy.app.
• Customers — Diner order information is shared with the relevant restaurant to fulfill orders
• Legal and safety — where required by law or to protect rights, safety, and the integrity of the Services
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets

We do not sell Customer account information.

7. Cookies and Analytics

We use cookies and similar technologies to operate the Services, remember preferences, and measure usage and performance. You can control cookies through your browser settings; disabling some cookies may affect functionality.

8. Aggregated and De-Identified Data

We may create and use aggregated or de-identified information for any lawful purpose, including operating, improving, and developing the Services. We maintain such information in de-identified form and do not attempt to re-identify it.

9. Your Privacy Choices and Rights (U.S.)

Depending on your state of residence (e.g., under the California Consumer Privacy Act), you may have the right to:

• Know/access the personal information we hold about you
• Delete your personal information
• Correct inaccurate personal information
• Opt out of any "sale" or "sharing" of personal information for cross-context behavioral advertising
• Non-discrimination for exercising your rights

To exercise your rights, contact us at hello@growdaddy.app.

10. Data Retention and Security

We retain personal information for as long as needed to provide the Services and for legitimate business or legal purposes. Following termination of a Customer's account, there is a 30-day data export window, after which data may be deleted.

We use reasonable administrative, technical, and physical safeguards to protect personal information. However, no method of transmission or storage is completely secure.

11. Children

The Services are intended for businesses and adult Diners. The Services are not directed to children under 16, and we do not knowingly collect their personal information.

12. Geographic Scope

The Services are currently offered to users in the United States, and information is processed in the United States.

13. Changes to This Policy

We may update this Policy from time to time. We will post the updated version with a new "Last Updated" date and, for material changes, provide additional notice where appropriate.