Privacy Policy

This Privacy Policy applies to the BarBud website (https://barbud.app) and the BarBud SaaS application (collectively, the "Service").

We are committed to protecting your personal information and your right to privacy. If you have any questions or concerns about this privacy notice, or our practices with regards to your personal information, please contact us at privacy@barbud.app.

Personal Information You Disclose to Us

We collect personal information that you voluntarily provide to us when you register on the Service, express an interest in obtaining information about us or our products and services, when you participate in activities on the Service or otherwise when you contact us.

• Identity Data: Name, username, or similar identifier.
• Contact Data: Billing address, delivery address, email address, and telephone numbers.
• Financial Data: Bank account and payment card details (processed securely by our payment providers; we do not store full card numbers).
• Business Data: Information about your bar, inventory, staff, and sales that you input into the system.

Information Automatically Collected

We automatically collect certain information when you visit, use or navigate the Service. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Service and other technical information.

We use personal information collected via our Service for a variety of business purposes described below:

• To provide and manage your Account: To create and manage your account and allow you to log in.
• To facilitate account creation and logon process: If you choose to link your account with us to a third-party account (such as your Google or Facebook account), we use the information you allowed us to collect from those third parties to facilitate account creation and logon process for the performance of the contract.
• To send administrative information to you: We may use your personal information to send you product, service and new feature information and/or information about changes to our terms, conditions, and policies.
• To fulfill and manage your orders: We may use your information to fulfill and manage your orders, payments, returns, and exchanges made through the Service.
• To protect our Services: We may use your information as part of our efforts to keep our Service safe and secure (for example, for fraud monitoring and prevention).
• To improve our AI Models: We may use aggregated, anonymized data (not your specific personal or business secrets) to train and improve our machine learning models, such as sales forecasting algorithms.

We may process or share your data that we hold based on the following legal basis:

• Service Providers: We may share your data with third-party vendors, service providers, contractors or agents who perform services for us or on our behalf and require access to such information to do that work. Examples include: payment processing (Stripe), data analysis, email delivery, hosting services (Google Cloud/Firebase), customer service and marketing efforts.
• Business Transfers: We may share or transfer your information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company.
• Legal Obligations: We may disclose your information where we are legally required to do so in order to comply with applicable law, governmental requests, a judicial proceeding, court order, or legal process.

We use cookies and similar tracking technologies (like web beacons and pixels) to access or store information. Specific information about how we use such technologies and how you can refuse certain cookies is set out in our Cookie Notice.

Most Web browsers are set to accept cookies by default. If you prefer, you can usually choose to set your browser to remove cookies and to reject cookies. If you choose to remove cookies or reject cookies, this could affect certain features or services of our Service.

We have implemented appropriate technical and organizational security measures designed to protect the security of any personal information we process.

• Encryption: Data is encrypted in transit (SSL/TLS) and at rest.
• Access Controls: Access to personal data is restricted to authorized personnel only.
• Vendor Vetting: We only use trusted cloud providers (e.g., Google Cloud Platform) with robust security certifications (SOC 2, ISO 27001).

However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security, and improperly collect, access, steal, or modify your information.

We will only keep your personal information for as long as it is necessary for the purposes set out in this privacy notice, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Our servers are located in the United States. If you are accessing our Service from outside, please be aware that your information may be transferred to, stored, and processed by us in our facilities and by those third parties with whom we may share your personal information.

If you are a resident in the European Economic Area (EEA) or United Kingdom (UK), then these countries may not necessarily have data protection laws or other similar laws as comprehensive as those in your country. We will however take all necessary measures to protect your personal information in accordance with this privacy notice and applicable law.

Depending on your location, you may have the following rights regarding your personal data:

• Right to Access: You have the right to request copies of your personal data.
• Right to Rectification: You have the right to request that we correct any information you believe is inaccurate.
• Right to Erasure: You have the right to request that we erase your personal data, under certain conditions.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data.
• Right to Object to Processing: You have the right to object to our processing of your personal data.
• Right to Data Portability: You have the right to request that we transfer the data that we have collected to another organization, or directly to you.

If you are a resident of the EEA or UK, you have the right to complain to a Data Protection Authority about our collection and use of your Personal Information. For more information, please contact your local data protection authority in the EEA or UK.

Legal Basis for Processing: We process your personal data under the following legal bases:

• Contract: Processing is necessary for the performance of a contract with you (e.g., providing the Service).
• Consent: You have given us permission to do so (e.g., for newsletters).
• Legitimate Interests: Processing is necessary for our legitimate interests (e.g., improving the Service, fraud prevention).

If you are a resident of California, you are granted specific rights regarding access to your personal information.

California Civil Code Section 1798.83, also known as the "Shine The Light" law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

Do Not Sell My Personal Information: We do not sell personal information.

Our Service is not directed to children under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from Children. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

We may update this privacy notice from time to time. The updated version will be indicated by an updated "Revised" date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.

If you have questions or comments about this policy, you may email us at privacy@barbud.app or by post to: