Privacy Policy
Last Updated: March 29, 2026
Swift Serve LLC ("SwiftServe," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our restaurant technology platform, websites, and related services (collectively, the "Services").
This Privacy Policy applies to:
- Restaurant Clients: Business owners and employees who subscribe to our platform
- End Customers: Individuals who place orders through restaurant websites powered by SwiftServe
- Website Visitors: Visitors to swiftserve.io and restaurant websites hosted on our platform
1. Information We Collect
1.1 Restaurant Account Information
When you sign up for a SwiftServe account, we collect:
- Business name, address, and contact information
- Owner and manager names, email addresses, and phone numbers
- Login credentials managed through our identity provider (Auth0)
- Tax identification number (EIN) and legal entity name (stored encrypted)
- Payment method details for subscription billing (processed and tokenized by Stripe; we store only the last four digits, card brand, and expiration date, all encrypted)
1.2 Staff and Portal Users
For users who access the SwiftServe Client Portal, we collect:
- Full name and email address
- Authentication identity via Auth0 (unique user identifier)
- Assigned roles and permissions within your organization
- Activity and audit logs (actions performed, timestamps)
1.3 End Customer Order Information
When an end customer places an order through a SwiftServe-powered restaurant website, we collect:
- Customer name, email address, phone number, and delivery address
- Order details including items ordered, special instructions, and order totals
- Payment information (processed securely through Stripe; we do not store full credit card numbers)
- IP address and device information
All personally identifiable customer information (name, email, phone, address) is encrypted at rest. Email addresses and phone numbers are also stored as cryptographic hashes for secure lookup purposes.
1.4 Marketing Contacts
If you subscribe to marketing communications from a restaurant, we collect:
- Full name, email address, and phone number (stored encrypted)
- Opt-in preferences and unsubscribe status
- Source of subscription (e.g., website signup, checkout)
1.5 Job Applicants
If you apply for a position through a restaurant careers page, we collect:
- Name, email, phone number, and address (stored encrypted)
- Date of birth (where provided)
- Application materials and uploaded documents (stored in Google Cloud Storage)
- Approximate geographic location
1.6 Analytics and Usage Data
We automatically collect certain information when you interact with our Services:
- A pseudonymous identifier assigned via a first-party cookie, valid for approximately two years
- Session identifiers and page view data
- Browser type, operating system, and device information
- IP address and referring URLs
- Interaction data (clicks, views, feature usage)
1.7 AI Usage Data
When AI-powered features are used (such as SEO generation, analytics predictions, or chat assistance), we log:
- The AI model used and feature category
- Token counts (input and output) for metering and cost tracking
- Associated website and location identifiers
- Processing duration
AI usage logs do not contain end-customer personally identifiable information.
1.8 Form Submissions
When visitors submit forms on restaurant websites (contact forms, reservation requests, etc.), we collect:
- The form data submitted (which varies by form configuration)
- IP address and submission timestamp
2. How We Use Your Information
2.1 Service Delivery
- Create and manage restaurant accounts and user access
- Host restaurant websites and enable digital menu displays
- Process online orders (pickup, delivery, dine-in, catering)
- Manage reservations, events, careers postings, and blog content
- Provide AI-powered features including SEO content generation, analytics insights, and trend predictions
- When you enable them, synchronize your business listings (BizSync, including Google Business Profile and other supported profiles) and connect point-of-sale systems (such as Clover or Toast) for menu or order-related sync
2.2 Payment Processing and Billing
- Process subscription fees and add-on charges for restaurant accounts
- Process end-customer order payments through Stripe
- Calculate and apply delivery fees, service fees, and taxes
- Generate invoices and handle refunds
2.3 Communications
- Send order confirmations, status updates, and receipts to end customers via email (SendGrid) and SMS (Twilio)
- Send one-time passcodes (OTP) for identity verification
- Deliver billing notifications, payment receipts, and account alerts to restaurant clients
- Send marketing communications to opted-in contacts
2.4 Analytics and Improvement
- Analyze website traffic patterns and user behavior using pseudonymous analytics
- Generate aggregated performance metrics for restaurant dashboards
- Improve platform features, security, and reliability
- Detect and prevent fraud, abuse, and security threats
3. How We Share Your Information
We do not sell your personal information to third parties. We may share your information in the following circumstances:
3.1 Service Providers (Subprocessors)
We use the following third-party service providers to deliver our Services:
| Provider | Purpose |
|---|---|
| Stripe | Payment processing for subscriptions and online orders |
| Auth0 | Identity management and authentication for portal users |
| SendGrid | Transactional and marketing email delivery |
| Twilio | SMS notifications and OTP verification |
| Google Cloud Platform | Cloud hosting, storage, logging, encryption key management, and error reporting |
| Google Vertex AI / Anthropic | AI-powered features (SEO generation, trend predictions, analytics) |
| DoorDash | Third-party delivery fulfillment (when enabled by restaurant) |
| Uber Direct | Third-party delivery fulfillment (when enabled by restaurant) |
3.2 Restaurant Owners
End customer order information (names, contact details, delivery addresses, and order contents) is shared with the restaurant to fulfill orders. Restaurant owners can access customer data and order history through the Client Portal.
3.3 Legal Compliance
We may disclose your information when required to:
- Comply with applicable laws, regulations, subpoenas, or court orders
- Respond to lawful requests from government or regulatory authorities
- Protect our rights, property, or safety, or those of our users
- Prevent fraud, security threats, or illegal activities
3.4 Business Transfers
In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
4. Cookies and Tracking Technologies
4.1 First-Party Cookies
We use a first-party analytics cookie to assign a pseudonymous identifier for analytics purposes. This cookie is HttpOnly and has a maximum lifespan of approximately two years. It does not contain personally identifiable information.
4.2 Restaurant-Configured Third-Party Tracking
Individual restaurants may configure additional tracking through:
- Google Analytics / Google Tag Manager: For website traffic analysis
- Meta (Facebook) Pixel: For advertising and conversion tracking
These third-party tracking tools are enabled at the discretion of each restaurant and are governed by the respective privacy policies of Google and Meta. SwiftServe does not control how these third parties use the data they collect.
4.3 Essential Cookies
We use essential cookies for:
- Maintaining authenticated sessions
- Remembering user preferences
- Protecting against cross-site request forgery
5. Data Security
We implement industry-standard security measures to protect your information:
- Encryption at rest: Sensitive personal data (names, emails, phones, addresses, tax IDs) is encrypted using Google Cloud Key Management Service (KMS)
- Encryption in transit: All data transmitted between your browser and our servers is protected by HTTPS/TLS
- Payment security: Credit card processing is handled entirely by Stripe, which is PCI-DSS Level 1 certified. We never receive or store full card numbers
- Identity management: Portal authentication is managed through Auth0 with industry-standard protocols
- Hashed lookups: Email addresses and phone numbers are stored with cryptographic hashes for secure search without exposing plaintext values
- Access controls: Role-based access controls limit data access to authorized personnel
No method of transmission or storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Data Retention
- Restaurant account data: Retained while your subscription is active and for 30 days after cancellation
- End customer order data: Retained in accordance with the restaurant subscription period and applicable tax and regulatory requirements
- Analytics data: Retained in aggregated or pseudonymous form for platform improvement
- Marketing contacts: Retained until unsubscribed or upon request for deletion
- Data export: You may export your data using available tools or by contacting support within 90 days of account termination
7. Your Privacy Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate or incomplete information
- Deletion: Request deletion of your personal information, subject to legal retention requirements
- Data portability: Request your data in a structured, machine-readable format
- Opt-out of marketing: Unsubscribe from marketing communications at any time using the link in any marketing email or by contacting us
7.1 California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information.
7.2 European Privacy Rights (GDPR)
If you are located in the European Economic Area or the United Kingdom, you have rights under the General Data Protection Regulation including the right to access, rectification, erasure, restriction of processing, data portability, and the right to object. Our lawful bases for processing include contract performance, legitimate interests, and consent where applicable.
To exercise any of these rights, please contact us at privacy@swiftserve.io.
8. Children''s Privacy
Our Services are not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at privacy@swiftserve.io, and we will promptly delete it.
9. International Data Transfers
Our Services are hosted in the United States. If you access our Services from outside the United States, your information may be transferred to and processed in the United States. We rely on appropriate transfer mechanisms, including standard contractual clauses where required, to ensure adequate protection of your data.
10. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. If we make material changes that affect your rights, we will provide at least 30 days notice via email or through the Services before the changes take effect. Your continued use of the Services after the effective date constitutes acceptance of the updated policy.
11. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Swift Serve LLC Texas, United States
- Privacy inquiries: privacy@swiftserve.io
- General support: support@swiftserve.io
- General contact: contact@swiftserve.io