How we handle your data

Last updated: May 18, 2026

PlatOS is built for restaurant operators who need a simple way to track food cost. We treat your data the same way we'd want ours treated: kept private, used only for the purpose you signed up for, never sold, and protected with industry-standard encryption.

What we collect

To run your account we store:

Account information — your first name, last name, business name, and email address.
Authentication data — a hashed (one-way encrypted) version of your password. We can never see your actual password.
Business data you enter — inventory items, invoice scans, sales figures, count snapshots. This is your operational data.
Session metadata — when you signed in, from what device, and your IP address. Used to show you your active sessions and detect suspicious access.

What we don't collect

No advertising trackers, third-party analytics, or cookies for marketing.
No social-media pixels (Meta, TikTok, Google Ads — none).
No payment information is stored on our servers (when payments launch they'll be handled by a PCI-compliant processor like Stripe).

How your data is stored

All data is stored in Cloudflare's encrypted Workers KV, hosted in Cloudflare's global edge network. Traffic to and from your device is encrypted in transit (HTTPS / TLS 1.3). Passwords are hashed with PBKDF2 (100,000 iterations + random salt) — even our team cannot read them.

Who can see your data

Only you and the PlatOS founder can access your account data, and only the founder can access it through Cloudflare's admin dashboard for technical-support purposes — for example, if you report a bug and we need to inspect what your account looks like to fix it.

We will never: sell your data, share your sales or cost figures with any third party, look at your account out of curiosity, or use your data to train AI models.

Invoice scanning & AI

When you scan an invoice, the image is sent to Anthropic's Claude API for parsing. Anthropic does not retain the image or use it for training — see their privacy policy for details. The parsed text returns to your device and is stored in your account; the image itself is not stored on our servers.

Email communications

We use Resend to send transactional emails (verification codes, password resets, and the inventory-count reports you request). We never send marketing emails. You can opt out of report emails by simply not requesting them — there's no marketing list to leave.

Your rights

You can at any time:

View your active sessions and revoke any that aren't yours (Settings → Security).
View your account activity log (Settings → Security).
Export your data — every report screen offers a CSV export.
Delete your account and all associated data by emailing [email protected] from your registered email address. Deletion is permanent and completes within 7 business days.

Data retention

Your account data stays in our system as long as your account is active. Inactive accounts (no sign-in for 18 months) may be reviewed for deletion after a courtesy email notice. Deleted accounts are removed permanently — we do not keep backups beyond 30 days.

Security incidents

If we ever detect unauthorized access to your account or our systems, we'll notify affected users by email within 72 hours of discovery and outline what happened, what we know, and what you should do.

Changes to this policy

If we make material changes to how we handle data, we'll email registered users at least 14 days before changes take effect.

Contact

Questions? Concerns? Reach the founder directly: [email protected].