Privacy Policy

1. Introduction

Resvenu ("we," "our," or "us") provides an AI-powered restaurant management platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our web application at profitmaster.app (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

• Email address (via Google OAuth sign-in)
• Name (as provided by Google)
• Restaurant name and basic business details you provide

2.2 Business Data You Upload

• Invoice images and PDF documents
• Inventory records and vendor information
• Bank transaction descriptions (for bookkeeping categorization)
• Sales and revenue data (via POS integrations or manual entry)

2.3 Automatically Collected Data

• Browser type, device information, and IP address
• Usage patterns within the application (pages visited, features used)
• Error logs for debugging and service improvement

2.4 Gmail & Google Drive Data

If you connect Gmail or Google Drive, we access only invoice-related emails and files you authorize. We do not read personal emails or access files outside the scope you grant. You can disconnect at any time from Settings.

2.5 Financial Data Collection via Plaid

We use Plaid Inc. ("Plaid") to connect your bank account and retrieve transaction data. When you connect your bank account through Plaid, you acknowledge and agree that your information will be treated in accordance with Plaid's privacy policy.

We access your bank transaction data solely for the purpose of:

• Automatically categorizing business expenses (rent, utilities, payroll, food costs, etc.)
• Reconciling bank transactions against scanned invoices
• Generating accurate profit and loss reports

We do not sell, rent, or share your financial data with third parties. Your bank credentials are never stored on our servers — Plaid handles all authentication directly.

2.6 Accounting Software Integration

We integrate with QuickBooks Online (Intuit) and Xero to synchronize your invoice and expense data with your accounting software. When you connect your QuickBooks or Xero account, we:

• Send invoice data (vendor, line items, amounts) to create Bills in your accounting system
• Send categorized expense data for financial reporting
• Retrieve your Chart of Accounts for category mapping

OAuth 2.0 tokens are stored securely and used only to maintain the connection. You can disconnect at any time from Settings, which immediately stops data synchronization.

3. How We Use Your Information

• Provide, operate, and maintain the Service
• Extract data from invoices using AI (OCR and structured extraction)
• Categorize transactions and generate financial reports
• Track inventory and price changes across vendors
• Improve AI accuracy based on your corrections (per-restaurant only)
• Send transactional notifications (e.g., SMS shopping lists via Twilio, if enabled)
• Diagnose technical issues and improve the Service

We do not use your data for advertising, sell your data to third parties, or share your data with other restaurants.

4. Third-Party Services

We use the following third-party services to operate the platform. Each processes only the minimum data required:

Google Gemini API processes invoice data solely for extraction purposes and does not use your data to train its models, in accordance with Google's API data usage policies.

5. Data Security

We implement industry-standard security measures including:

• Encryption in transit (TLS/HTTPS) and at rest (AES-256)
• Row-Level Security (RLS) ensuring each restaurant can only access its own data
• Signed URLs for file access (no publicly accessible storage)
• Rate limiting to prevent abuse
• Input validation on all API endpoints
• OAuth 2.0 with CSRF protection for third-party connections

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention & Deletion

We retain your data for as long as your account is active. If you delete your account, we will delete all associated data (including invoices, inventory records, and business data) within 30 days, except where retention is required by law.

You may request deletion of specific data (e.g., individual invoices or vendor records) at any time through the application interface.

7. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Opt out of non-essential data processing

To exercise these rights, contact us at support@profitmaster.app.

8. Cookies & Tracking

We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. We do not respond to Do Not Track (DNT) browser signals, as we do not engage in cross-site tracking.

9. Children's Privacy

The Service is designed for business use and is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13.

10. International Users

The Service is primarily intended for restaurants operating in the United States. If you access the Service from outside the US, you consent to the transfer of your data to the United States. If you are located in the European Economic Area (EEA), you may contact us to exercise your rights under applicable data protection laws.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance.

12. Contact Us

If you have questions or concerns about this Privacy Policy, contact us at:

Email: support@profitmaster.app