Privacy Policy

Information We Collect

Information You Provide Directly

When you create an account, subscribe to our Services, or contact us, we may collect:

• Account Information: Name, email address, phone number, restaurant name, business address, and role/title
• Billing Information: Payment card information is collected and processed by our third-party payment processors. O'Riio does not store or process full payment card numbers on its own systems. We receive limited payment-related information, such as payment status, billing details, and partial card information (such as the last four digits), as needed for transaction confirmation, recordkeeping, and customer support.
• Restaurant Operations Data: Tip out records, inventory counts, recipe ingredients and costs, vendor invoices, employee performance data, waste logs, and other operational information you enter into the platform
• Communications: Messages you send to us via email, support requests, or through the platform
• Lead Information: Name, email, phone number, restaurant name, and message content when you submit a demo request or inquiry form

Information Collected Automatically

When you use our Services, we automatically collect:

• Usage Data: Pages visited, features used, actions taken, time spent, and interaction patterns within the platform
• Device Information: Browser type, operating system, device type, screen resolution, and language settings
• Log Data: IP address, access times, referring URLs, and error logs
• Cookies and Similar Technologies: See our Cookie Policy for details

Information from Third Parties

We may receive information from:

• Point-of-Sale and Other Business Systems: We may receive sales data, transaction records, employee shift information, and other operational data from third-party systems you choose to connect to the Services.
• Payment Processors: Subscription status, payment confirmation, and billing-related identifiers
• Authentication Services: Login events and session data

How We Use Your Information

We use your information to:

• Provide and Maintain the Services: Process your restaurant operations data, calculate food costs, manage tip distributions, track inventory, and deliver the features you've subscribed to
• Process Payments: Manage your subscription, process billing through third-party providers, and send invoices
• Communicate with You: Send service-related notifications, respond to support requests, and provide onboarding assistance
• Improve Our Services: Analyze usage patterns to enhance features, fix bugs, and improve performance
• AI-Powered Features: We may use third-party service providers, including AI-enabled providers, to process documents, voice input, and other user-submitted content in order to provide certain platform features.
• Security and Fraud Prevention: Monitor for suspicious activity, prevent unauthorized access, and protect the integrity of our Services
• Legal Compliance: Comply with applicable laws, regulations, and legal processes

How We Share Your Information

We do not sell your personal information. We share your information only in the following circumstances:

• Service Providers: We use trusted third-party service providers to help operate, host, secure, maintain, and improve the Services, and to support functions such as infrastructure hosting, authentication, payment processing, communications, analytics, error monitoring, and certain AI-enabled features.
• Within Your Organization: Other authorized users within your restaurant organization can access shared operational data according to their assigned role permissions
• Legal Requirements: We may disclose information if required by law, subpoena, court order, or government request
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction
• With Your Consent: We may share information for other purposes with your explicit consent

Data Ownership and Portability

You own your data. All restaurant operations data you enter into O'Riio—including tip records, inventory counts, recipes, vendor information, and performance data—belongs to you. We are a custodian of your data, not an owner.

Upon request, we will provide an export of all your data in standard formats (CSV, JSON) within 30 days. Upon account cancellation, your data is retained for 90 days to allow for retrieval, after which it is permanently deleted.

Data Security

We implement industry-standard security measures to protect your information:

• All data is encrypted in transit
• Data at rest is encrypted in our database
• Row-Level Security (RLS) policies ensure complete data isolation between organizations—no client can access another client's data
• Administrative access requires @theoriio.com email authentication
• Service role keys are restricted to server-side operations only
• We conduct regular security audits of our codebase and infrastructure

Data Retention

• Active Accounts: We retain your data for as long as your account is active
• Canceled Accounts: Data is retained for 90 days after cancellation, then permanently deleted
• Archived Accounts: Data may be exported upon request before deletion
• Lead Information: Demo request and inquiry data is retained for 24 months
• Log Data: Server logs are retained for 90 days

Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete data
• Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Portability: Request your data in a portable, machine-readable format
• Opt-Out: Opt out of non-essential communications at any time
• Do Not Sell: We do not sell personal information. If you are a California resident, you have the right to know that no sale of personal information occurs.

To exercise any of these rights, contact us at support@theoriio.com.

California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

• Right to know what personal information is collected and how it is used
• Right to delete personal information
• Right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
• Right to non-discrimination for exercising your privacy rights

Florida Digital Bill of Rights

If you are a Florida resident, you have rights under the Florida Digital Bill of Rights (effective July 1, 2024), including:

• Right to confirm whether we process your personal data
• Right to access and obtain a copy of your personal data
• Right to delete your personal data
• Right to opt out of targeted advertising and the sale of personal data (we do not sell personal data)

We do not process sensitive personal data without your consent.

Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will take steps to delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our platform. The “Last Updated” date at the top indicates when the most recent changes were made.

Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights:

Execution Edge Group LLC (d/b/a O'Riio)
State of Incorporation: Florida
Email: support@theoriio.com
Website: theoriio.com