Privacy Policy
Effective Date: April 17, 2026 · Last Updated: July 10, 2026
1. Introduction
Resvenu LLC ("Resvenu," "we," "our," or "us") provides an AI-powered restaurant bookkeeping platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our web application at resvenu.com (the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.
2. Information We Collect
2.1 Account Information
- Email address (via Google OAuth sign-in)
- Name (as provided by Google)
- Restaurant name and basic business details you provide
2.2 Business Data You Upload
- Invoice images and PDF documents
- Inventory records and vendor information
- Bank transaction descriptions (for bookkeeping categorization)
- Sales and revenue data (via POS integrations or manual entry)
2.3 Automatically Collected Data
- Browser type, device information, and IP address
- Usage patterns within the application (pages visited, features used)
- Error logs for debugging and service improvement
2.4 Gmail & Google Drive Data
If you connect Gmail or Google Drive, we access only invoice-related emails and files you authorize. We do not read personal emails or access files outside the scope you grant. You can disconnect at any time from Settings.
2.5 Financial Data Collection via Plaid
We use Plaid Inc. ("Plaid") to connect your bank account and retrieve transaction data. When you connect your bank account through Plaid, you acknowledge and agree that your information will be treated in accordance with Plaid's privacy policy.
We access your bank transaction data solely for the purpose of:
- Automatically categorizing business expenses (rent, utilities, payroll, food costs, etc.)
- Reconciling bank transactions against scanned invoices
- Generating accurate profit and loss reports
We do notsell, rent, or share your financial data with third parties. Your bank credentials are never stored on our servers — Plaid handles all authentication directly. Plaid access tokens are stored server-side and are never exposed to client-side code. Data at rest is encrypted at the infrastructure level. You may disconnect your bank account at any time from Integrations → Banking, which immediately stops future transaction syncs. Upon account deletion, all Plaid-derived data and access tokens are purged within 30 days.
2.6 Accounting Software Integration
We integrate with QuickBooks Online (Intuit) and Xero to synchronize your invoice and expense data with your accounting software. When you connect your QuickBooks or Xero account, we:
- Send invoice data (vendor, line items, amounts) to create Bills in your accounting system
- Send categorized expense data for financial reporting
- Retrieve your Chart of Accounts for category mapping
OAuth 2.0 tokens are stored securely and used only to maintain the connection. You can disconnect at any time from Settings, which immediately stops data synchronization.
3. How We Use Your Information
- Provide, operate, and maintain the Service
- Extract data from invoices using AI (OCR and structured extraction)
- Categorize transactions and generate financial reports
- Track inventory and price changes across vendors
- Improve AI accuracy based on your corrections (per-restaurant only)
- Send transactional notifications (e.g., SMS shopping lists via Twilio, if enabled)
- Diagnose technical issues and improve the Service
We do not use your data for advertising, sell your data to third parties, or share your data with other restaurants.
4. Third-Party Services
We use the following third-party services to operate the platform. Each processes only the minimum data required:
| Service | Purpose | Data Shared |
|---|---|---|
| Supabase | Database, authentication, file storage | All service data (encrypted at rest) |
| Google Gemini API | AI data extraction from invoices | Invoice text/images for processing |
| Google Vision API | OCR (optical character recognition) | Invoice images for text extraction |
| Google OAuth | User authentication | Email address, name |
| Stripe | Subscription billing & payment processing | Name, email, payment card details (handled directly by Stripe) |
| Resend | Transactional email (vendor orders, trial reminders, reports) | Recipient email address, message content |
| Cloudflare Turnstile | Bot & abuse protection on authentication forms | IP address, browser challenge token |
| Vercel | Application hosting | Web traffic, server logs |
| Vercel Analytics & Speed Insights | Anonymous usage & performance telemetry | Anonymized page views, performance metrics (no personal identifiers) |
| Cloudflare | DNS, domain registrar, email routing | DNS queries; email forwarding for support@resvenu.com |
| Upstash Redis | Rate limiting | Anonymous request counters |
| Twilio (optional) | SMS notifications | Phone number, message content |
| Plaid | Bank account connection & transaction retrieval | Bank transactions (via Plaid — credentials never stored) |
| QuickBooks Online (Intuit) | Accounting software sync | Invoice data, expense categories, Chart of Accounts |
| Xero | Accounting software sync | Invoice data, expense categories, Chart of Accounts |
Google Gemini API processes invoice data solely for extraction purposes and does not use your data to train its models, in accordance with Google's API data usage policies.
5. Data Security
We implement industry-standard security measures including:
- Encryption in transit (TLS/HTTPS) and at rest (AES-256)
- Row-Level Security (RLS) ensuring each restaurant can only access its own data
- Signed URLs for file access (no publicly accessible storage)
- Rate limiting to prevent abuse
- Input validation on all API endpoints
- OAuth 2.0 with CSRF protection for third-party connections
While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.
6. Data Retention & Deletion
We retain your data for as long as your account is active. If you delete your account, we will delete all associated data (including invoices, inventory records, and business data) within 30 days, except where retention is required by law.
Uploaded documents (invoices, PDFs, images) that fail to process are retained for up to 90 days from the upload date, after which they are purged from storage. Successfully processed documents are retained for the life of your account and deleted upon account deletion.
You may request deletion of specific data (e.g., individual invoices or vendor records) at any time through the application interface.
6a. Internal Access to Account Data
Authorized Resvenu staff and operational systems may access your account data — including uploaded documents, invoice records, and business information — for the following limited purposes:
- Customer support and troubleshooting at your request
- Diagnosing technical issues, data processing errors, or service interruptions
- Ensuring platform security and preventing fraud or abuse
- Complying with applicable legal obligations
Internal access is logged and limited to the minimum necessary to resolve the issue. Staff are bound by confidentiality obligations and do not access account data for any purpose other than those listed above.
6b. Data Retention After Account Deletion
When you delete your account, we remove your business data within 30 days as described above. A limited set of records is retained after deletion because we are legally or contractually required to keep them. These records are kept only for the purposes and periods listed below, are minimized to what is necessary, and are never used to market to you or shared with other restaurants.
| Record | Why We Retain It | Retention Period |
|---|---|---|
| Billing & tax records | Legal obligation — tax and financial-record requirements | 7 years |
| Consent & Terms acceptance | Proof that you agreed to our Terms and Privacy Policy; defense of disputes | 5 years |
| Administrative audit logs | Security, fraud prevention, and audit integrity | 2 years |
| Account deletion records | Proof that your deletion request was honored (includes the email address associated with the deleted account); defense of disputes | 3 years |
The periods above are the maximum time we expect to retain each record, and we review retained records against them. If you have questions about these retained records, contact us at support@resvenu.com.
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Correct inaccurate data
- Request deletion of your data
- Export your data in a portable format
- Opt out of non-essential data processing
To exercise these rights, contact us at support@resvenu.com.
8. Cookies & Tracking
We use essential cookies for authentication and session management. We do not use third-party advertising cookies or tracking pixels. We do not respond to Do Not Track (DNT) browser signals, as we do not engage in cross-site tracking.
9. Children's Privacy
The Service is designed for business use and is not intended for individuals under the age of 13. We do not knowingly collect personal information from children under 13.
10. International Users
The Service is primarily intended for restaurants operating in the United States. If you access the Service from outside the US, you consent to the transfer of your data to the United States. If you are located in the European Economic Area (EEA), you may contact us to exercise your rights under applicable data protection laws.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance.
12. Contact Us
If you have questions or concerns about this Privacy Policy, contact us at:
Email: support@resvenu.com