Privacy Policy

LeanTable ("we," "us," or "our") operates the LeanTable mobile application and web platform (collectively, the "Service"). This Privacy Policy describes how we collect, use, store, and share information when you use our Service. By accessing or using LeanTable, you agree to the practices described in this policy.

1. Information We Collect

1.1 Account Information

When you create a LeanTable account, we collect:

• Email address (required) — used for authentication, account recovery, and service communications
• Full name (required) — used for account identification and display within your organization
• Phone number (optional) — used for account recovery and optional notifications

1.2 Employee and Staff Data

If you use LeanTable's workforce management features, the following data may be collected about employees within your organization:

• Employee names and contact information — as entered by account administrators
• Work data — hours worked, hourly rates, shift schedules, clock-in and clock-out timestamps
• Time clock photos (optional) — if your organization enables photo verification for clock-in events
• PIN codes — used for employee authentication in kiosk mode (stored securely, never in plain text)

1.3 Device and Kiosk Information

When using the kiosk time clock feature, we collect:

• Device identifier — a unique ID for the device registered as a kiosk
• GPS location — collected only at the moment of clock-in to verify the employee is at the designated work location; we do not track location continuously

1.4 Operational Data

Through normal use of the Service, we collect data about your restaurant operations, including:

• Inventory records and counts
• Waste logs and disposal records
• Purchase orders and receiving logs
• Menu items, recipes, and food cost calculations
• Sales transaction data (imported via POS integrations or manual entry)
• Temperature logs and safety compliance records
• Ancillary revenue records (e.g., catering, merchandise)
• Forecast and demand planning data

1.5 Camera and Barcode Data

LeanTable requests camera access solely for:

• Barcode scanning — to scan product barcodes for inventory management
• Photo capture (optional) — for clock-in verification or incident documentation

We do not access your camera in the background or record video. Camera access is used only when you actively initiate a scan or photo capture within the app.

1.6 Security Event Data

To protect your account and detect unauthorized access, we log:

• IP addresses associated with login events
• User agent strings (browser/device information)
• Timestamps of authentication events
• Failed login attempts

1.7 POS Integration Data

If you connect a point-of-sale system (Toast, Square, or CSV upload), we receive and process sales transaction data from that system to provide analytics, inventory deduction, and forecasting features.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Authenticate your identity and manage your account
• Generate operational analytics, health scores, and reports
• Power AI-driven insights and recommendations (see Section 3)
• Process POS transaction data for inventory and cost tracking
• Generate demand forecasts and staffing recommendations
• Send service-related notifications (e.g., low-stock alerts, schedule reminders)
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Improve and develop new features for the Service
• Respond to your support requests and communications

3. AI Assistant and Data Processing

LeanTable includes an AI assistant powered by Amazon Bedrock (using Anthropic's Claude model). When you interact with the AI assistant:

• Your store's operational data (inventory levels, sales figures, cost metrics, waste data, and scheduling information) may be sent to the AI model to generate contextual responses and recommendations.
• No personal employee data (names, contact information, or personally identifiable information) is sent to the AI model.
• AI conversations are processed in real time and are not used to train AI models.
• All AI processing occurs within Amazon Web Services infrastructure.

4. How We Store and Protect Your Data

All data is stored in Amazon Web Services (AWS) infrastructure located in the United States (us-east-1 region). We implement the following security measures:

• Authentication — Managed by Amazon Cognito with industry-standard JWT token-based authentication
• Encryption in transit — All data transmitted between your device and our servers is encrypted using TLS/HTTPS
• Encryption at rest — Data stored in our databases is encrypted using AWS-managed encryption keys
• Access controls — Role-based access ensures users can only access data for stores they are authorized to view
• Point-in-time recovery — Critical data tables (transactions, inventory, staff, and time clock records) have point-in-time recovery enabled

5. Third-Party Services

LeanTable integrates with or relies on the following third-party services:

• Amazon Web Services (AWS) — Cloud infrastructure, database hosting, authentication (Cognito), AI processing (Bedrock), and file storage (S3)
• Toast POS — If you connect Toast, we receive webhook data containing sales transactions from your Toast account
• Square POS — If you connect Square, we use OAuth to access your sales transaction data via Square's API
• Expo / React Native — Mobile app framework for push notification delivery

We do not use any third-party analytics services, advertising networks, or tracking pixels. We do not embed any third-party tracking SDKs in our mobile application.

6. Cookies and Tracking

LeanTable is primarily a mobile application and does not use cookies. We do not use web cookies, tracking pixels, or similar browser-based tracking technologies. Device identifiers are collected only in kiosk mode for device registration purposes.

7. Push Notifications

LeanTable may send push notifications for operational alerts such as low-stock warnings, schedule changes, and task reminders. Push notifications are optional and fully configurable. You can enable or disable them at any time through your device settings or within the LeanTable app.

8. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information or operational data to third parties.

We may share information only in the following limited circumstances:

• With your consent — When you explicitly authorize a data sharing action (e.g., connecting a POS integration)
• Service providers — With AWS as our infrastructure provider, solely to operate the Service; AWS processes data on our behalf under strict contractual obligations
• Legal compliance — When required by law, subpoena, court order, or government request
• Safety and fraud prevention — To protect the rights, property, or safety of LeanTable, our users, or the public
• Business transfers — In connection with a merger, acquisition, or sale of assets, in which case your data would remain subject to this Privacy Policy

9. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data — Retained until you request account deletion
• Operational data (inventory, waste, transactions, etc.) — Retained for the duration of your account to support historical analytics and reporting
• Security event logs — Retained for up to 12 months for security monitoring purposes
• Deleted account data — Following an account deletion request, we will delete or anonymize your data within 30 days, except where retention is required by law

10. Your Rights and Choices

10.1 All Users

Regardless of your location, you have the right to:

• Access — Request a copy of the personal data we hold about you
• Correction — Request correction of inaccurate personal data
• Deletion — Request deletion of your account and associated data
• Data portability — Request an export of your data in a machine-readable format
• Opt out of notifications — Disable push notifications at any time

10.2 California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information we collect, use, and disclose
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information — we do not sell personal information
• The right to non-discrimination for exercising your CCPA rights

To exercise any of these rights, contact us at support@leantable.app. We will respond to verifiable requests within 45 days.

10.3 European Economic Area Residents (GDPR)

If you are located in the European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• The right to access, rectify, or erase your personal data
• The right to restrict or object to processing
• The right to data portability
• The right to withdraw consent at any time
• The right to lodge a complaint with a supervisory authority

Our legal basis for processing your data is the performance of our contract with you (providing the Service) and our legitimate interest in operating and improving the Service. Where we rely on consent, you may withdraw it at any time by contacting support@leantable.app.

11. Account Deletion

You may request deletion of your account and all associated data at any time by contacting us at support@leantable.app. Upon receiving a verified deletion request:

• We will delete your account and personal data within 30 days
• Operational data associated with your stores will be permanently removed
• Data that has been anonymized or aggregated may be retained for analytical purposes
• Certain data may be retained as required by applicable law or for legitimate business purposes (e.g., fraud prevention)

12. Children's Privacy

LeanTable is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected personal information from a child under 13, we will take steps to delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@leantable.app.

13. International Data Transfers

All data is processed and stored in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via in-app notification or email for significant changes
• Provide at least 30 days' notice before material changes take effect

Your continued use of the Service after changes become effective constitutes your acceptance of the revised policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us:

LeanTable
Email: support@leantable.app
Website: leantable.app

We will respond to all privacy-related inquiries within 30 days.