Privacy Policy

OwnerClone, Inc. ("OwnerClone," "we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the OwnerClone platform, OwnerClone GO, IndyEater, myClone, and ownerclone.com, including when you connect third-party services such as Facebook, Instagram, banking institutions via Plaid, and payroll processors via Check. This policy applies to restaurant operators, their employees, and consumers who interact with our services. Your use of our services is also governed by the OwnerClone Restaurant Platform Agreement.

1. Information We Collect

1.1 Information You Provide

We collect information you voluntarily provide when you register, onboard, or use our services:

• Name, email address, phone number, and mailing address
• Restaurant business information (name, location, type of establishment, EIN)
• Account credentials (email and password — passwords are hashed, never stored in plain text)
• Payment information — processed securely through Stripe, Inc. We do not store raw card numbers
• Bank account information — verified through Plaid, Inc. solely for ACH billing authorization
• Employee information (name, contact, pay rate, schedule, direct deposit details) — used for payroll via Check, Inc.
• Menu items, ingredient costs, sales data, inventory, and other operational data you enter
• Communications you send us (support requests, feedback, emails)

1.2 Information Automatically Collected

• Log and usage data (IP address, browser type, pages visited, time spent, actions taken)
• Device information (device type, operating system, screen resolution)
• Cookies and similar tracking technologies (see Section 8)
• POS transaction data received from connected point-of-sale systems (covers, items, sales totals)

1.3 Information from Third-Party Services

With your explicit consent, we receive information from connected third-party services:

• Banking and financial data via Plaid (account balances, transaction history, account verification)
• Payroll data via Check, Inc. (employee pay, tax withholding, direct deposit routing)
• POS data via connected systems (Toast, Square, Restolabs, etc.)
• Facebook and Instagram data (see Section 4 for full details)
• Delivery network data via DoorDash Drive and Uber Direct (order status, delivery completion)

1.4 Consumer and Guest Data (IndyEater)

When consumers place orders through IndyEater or interact with restaurant guest management features, we collect: name, email address, phone number, delivery address, order history, and payment method (processed through Stripe). Restaurants using our Host module may also collect guest visit history and dining preferences. Restaurants are the data controllers for their guest data and are responsible for their own customer-facing privacy disclosures.

2. How We Use Your Information

• Provide, operate, and maintain the OwnerClone platform and all its modules
• Process ACH billing and payments through Plaid and Stripe
• Process payroll and employee payments through Check, Inc.
• Generate financial reports, P&L statements, prime cost calculations, and bookkeeping entries
• Power AI agent features (Cheffy, Francine, Tommy, Gabi, and others) with context about your operations
• Send invoices, billing confirmations, and account notifications via email
• Operate the IndyEater marketplace — matching orders to restaurants and coordinating delivery
• Detect and prevent fraud, including POS fraud detection via the Shield module
• Respond to support requests and improve our services
• Comply with legal and regulatory obligations
• Send marketing communications (only with your consent; opt-out available at any time)

3. AI Agents and Automated Processing

OwnerClone uses AI agents (including but not limited to Cheffy, Francine, Tommy, Claire, Gabi, Marcus, Tony, Ned, Sofi, Zoe, Emma, Jenna, and Marco) to analyze your operational data and provide recommendations. These agents have access to the data you have entered into the Platform relevant to their function.

• AI agent outputs are recommendations only and are not guaranteed to be accurate or complete
• We do not use your operational data to train general AI models for use by other customers
• Agent memory (conversation history and operational context) is stored in our database and associated with your account
• You may request deletion of agent memory as part of a full account data deletion request
• AI-generated content is reviewed and published only upon your explicit direction

4. Facebook and Instagram Data

What We Collect from Facebook/Instagram

• Facebook Page access token — used to post content, respond to reviews, and read engagement on your behalf
• Facebook Page name and ID — to identify which Page is connected to your restaurant account
• Instagram Business account ID and username — to publish content to your Instagram Business account
• Page engagement data — likes, comments, and reach on posts made through OwnerClone

How We Use Facebook/Instagram Data

• To post content to your Facebook Page and Instagram Business account as directed by you
• To display engagement metrics within your OwnerClone dashboard
• To respond to reviews and comments on your Facebook Page on your behalf

What We Do Not Do with Facebook/Instagram Data

• We do not sell your Facebook or Instagram data to third parties
• We do not use your data for advertising or marketing purposes outside of OwnerClone
• We do not share your Page access tokens with any third party
• We do not use your social data to train AI models for other customers

Revoking Facebook/Instagram Access

Disconnect in OwnerClone GO → Connections → Social → Disconnect. You can also revoke access directly at facebook.com/settings → Apps and Websites.

5. Financial Data — Plaid and Stripe

When you connect a bank account for billing or bookkeeping purposes, your account is verified through Plaid, Inc. Plaid accesses your bank account data solely to verify account ownership and provide OwnerClone with a secure payment token. Stripe, Inc. uses that token to execute ACH debit transactions for Platform Fees.

• OwnerClone does not store your bank login credentials or full account numbers
• Bank account data accessed through Plaid is subject to Plaid's End User Privacy Policy at plaid.com/legal
• ACH debit authorizations are described in full in Section 2.2 of the Restaurant Platform Agreement
• Transaction history synced via Plaid for bookkeeping is stored in your account and not shared with other restaurants
• You may disconnect your bank account at any time in Settings → Billing → Manage Payment Method

6. Payroll and Employee Data — Check, Inc.

If you use OwnerClone's payroll features, employee payroll data — including names, Social Security numbers, pay rates, tax withholding elections, and bank account information for direct deposit — is transmitted to and processed by Check, Inc. under Check's terms of service and privacy policy. OwnerClone does not independently store employee SSNs or full bank account numbers for direct deposit.

Restaurant is the employer of record and is responsible for the accuracy of all employee data submitted for payroll processing. Employees with questions about their payroll data should contact their employer (the Restaurant) directly.

7. How We Share Your Information

Service Providers

We share data with third-party providers who perform services on our behalf: Stripe (payment processing), Plaid (bank verification), Check (payroll), Resend (email delivery), DoorDash Drive/Uber Direct (delivery), Anthropic (AI processing), and Vercel/Supabase (infrastructure). These providers are authorized to use your information only as necessary to provide services to us.

Business Transfers

If OwnerClone is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you of any change in ownership.

Legal Requirements

We may disclose information if required by law or to protect the rights, property, or safety of OwnerClone, our users, or others.

With Your Consent

We may share information with third parties when you have given explicit consent to do so.

We Never Sell Your Data

OwnerClone does not sell your personal information or Restaurant Data to third parties for their own marketing or commercial purposes.

8. Cookies and Tracking

We use cookies and similar technologies to maintain sessions, remember preferences, and analyze usage. You can instruct your browser to refuse all cookies, though this may affect some platform functionality. We do not use third-party advertising cookies.

9. Data Security

• Encryption of data in transit (TLS) and at rest
• Row-level security on our database
• Hashed passwords — we never store plaintext credentials
• Secure storage of all third-party access tokens
• Access controls limiting employee access to customer data

Despite these measures, no system is perfectly secure. In the event of a security breach, we will notify you as required by applicable law.

10. Your Data Rights

• Access: Request copies of your personal information
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your personal information (see Section 11)
• Restriction: Request restriction of processing
• Objection: Object to our processing of your data
• Data Portability: Request transfer of your data to another service
• Opt-Out of Marketing: Unsubscribe from marketing emails at any time via the link in any email

To exercise any of these rights, contact us at info@ownerclone.com. We will respond within 30 days.

11. Data Deletion

How to Request

• Email: Send a deletion request to info@ownerclone.com with subject line "Data Deletion Request" and your account email
• In-app: OwnerClone GO → Settings → Account → Delete Account
• Contact form: ownerclone.com/contact

What Gets Deleted

• Your user account and profile information
• Restaurant operational data (menu, recipes, sales history, employee records)
• All stored access tokens for connected platforms (Facebook, Instagram, banking, POS)
• AI agent memory and conversation history associated with your account
• Signed legal agreements stored in your vault (OwnerClone retains a copy for legal purposes)
• Billing and payment history — subject to legal retention requirements (typically 7 years for financial records)

Facebook and Instagram Data Deletion

• Disconnect in OwnerClone GO → Connections → Social → Disconnect
• Revoke access at facebook.com/settings → Apps and Websites
• Email us at info@ownerclone.com to confirm all stored tokens have been purged

We will process deletion requests within 30 days and send a confirmation email when complete.

12. California Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA). In addition to the rights listed in Section 10, California residents may:

• Know what personal information is collected, used, disclosed, or sold
• Opt out of the sale of personal information (OwnerClone does not sell personal information)
• Non-discrimination for exercising CCPA rights
• Request disclosure of data collected in the prior 12 months

To submit a CCPA request, contact us at info@ownerclone.com. We will respond within 45 days.

13. Data Retention

We retain personal information only as long as necessary to fulfill the purposes in this policy or as required by law. Financial records are typically retained for 7 years for tax and legal compliance. When data is no longer needed, we securely delete or anonymize it.

14. Children's Privacy

Our services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, contact us and we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-Platform notification at least 30 days before they take effect. Continued use of the Platform after the effective date constitutes acceptance of the updated policy.

16. Contact Us

• Email: info@ownerclone.com
• Website: ownerclone.com/contact
• Mailing Address: OwnerClone, Inc., Senoia, Georgia 30276