Privacy Policy

ProfitPulse (the "Service") is operated by Rockwell Industries ("we," "us"). This Privacy Policy explains what information we collect, why we collect it, how we use it, and the choices you have. By using ProfitPulse you agree to the practices described here.

1. Information we collect

We collect three categories of information:

• Account information. Name, email address, password hash, and (for operators) business name, owner name, address, phone, and timezone — provided directly when you sign up or connect an OAuth provider.
• Service data. Catering inquiries, quotes, bookings, customer records, menu items, calendar events, and payment metadata you create or import while using ProfitPulse.
• Connected-provider data. When you connect Gmail, Google Calendar, Stripe, Clover, Square, or QuickBooks, we read the data needed for the feature you enabled and store encrypted refresh tokens so we can keep that integration working. See Section 4 for the specific scopes used per provider.

2. How we use your information

• To provide the catering pipeline, quoting, calendar, P&L, and analytics features that make up the Service.
• To send transactional email (welcome, quote-sent confirmations, follow-up reminders) via Resend.
• To run the AI-powered features you opt into (menu photo parsing, inquiry email extraction, ingredient impact alerts) using Anthropic Claude. Your data is sent only to fulfill the specific task and is not used to train models.
• To maintain security, prevent abuse, and meet legal obligations.

3. Legal basis

For users in jurisdictions that require it (EU/UK/California): we process personal data under the legal bases of contract (delivering the Service you signed up for), legitimate interest (security, anti-abuse, product improvement), and consent (for optional integrations and email).

4. Google API Services User Data Policy

ProfitPulse's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• Gmail (gmail.send, gmail.readonly). We read messages in your inbox only to detect catering-related inquiries and surface them in your ProfitPulse pipeline. We send messages from your account only when you explicitly send a quote or follow-up through the app. We do not transfer your Gmail data to any third party except as necessary to provide or improve the in-app feature you have enabled, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to you. We do not use Gmail data for advertising. We do not allow humans to read your data unless we have your explicit consent, it is needed for security purposes (e.g., investigating abuse), to comply with applicable law, or the data is aggregated and used for internal operations consistent with the policy. We do not use Gmail data to develop, improve, or train generalized AI/ML models.
• Google Calendar (calendar.events). We read events from your primary calendar only to populate your in-app calendar and surface upcoming venue locations on the public food-truck map (when you opt in). We write events only when you confirm a booking and choose to push it to your calendar. The same Limited Use guarantees as above apply.
• Profile/email scopes. We use your name, email, and profile photo solely to identify you within the Service.

5. How we share your information

We share data only as follows:

• Service providers. We use Vercel (hosting), Neon (Postgres database), Resend (transactional email), Anthropic (AI features you opt into), and the OAuth providers you choose to connect. Each is bound by its own data-protection terms.
• Customers and operators on your behalf. When you send a quote, the customer's email address receives that quote. When a customer submits an inquiry to your public form, you (the operator) see it.
• Legal compliance. Where required by valid legal process, with notice to you when permitted.

We do not sell personal information. We do not share your data for third-party advertising.

6. Data retention & deletion

We retain account and service data for as long as your account is active. You can request deletion of your account and associated data at any time by emailing admin@cheftool.org. Upon deletion we remove your data from production systems within 30 days; backups are purged within 90 days. Connected-provider tokens are also revoked at the provider when you disconnect.

7. Security

Data is encrypted in transit (HTTPS) and at rest. OAuth refresh tokens are AES-256-GCM encrypted with a server-only key before being written to the database. Access to production infrastructure is restricted and audited.

8. Your rights

You may request access to, correction of, or deletion of your personal data by emailing admin@cheftool.org. EU/UK/California residents have additional rights under GDPR and CCPA, including the right to portability, objection, and (for California) opt-out of any sale or sharing of personal information — which we do not do anyway.

9. Children

ProfitPulse is not directed to children under 13 and we do not knowingly collect data from them.

10. Changes

If we make material changes we will update this page and notify active accounts by email at least 14 days before the change takes effect.

11. Contact

Questions or requests: admin@cheftool.org.