Legal

Privacy Policy

Cavnar AI LLC Effective: May 14, 2026 Last updated: May 14, 2026
01 — Overview

Our commitment to your privacy

Cavnar AI LLC ("Cavnar AI", "we", "us", or "our") operates an AI-powered restaurant intelligence platform accessible at dashboard.cavnar.ai and through our services at cavnar.ai. This Privacy Policy describes how we collect, use, store, and protect information when you use our services.

We provide AI-powered tools to independent restaurant operators, including review response drafting, labor cost optimization, inventory analysis, and marketing content generation. In providing these services, we access certain data about your restaurant and its operations on your behalf.

Plain English summary: We collect the information you give us to run your dashboard. We use it only to provide your service. We don't sell your data, and we never will.

By using Cavnar AI services, you agree to the collection and use of information as described in this policy. If you do not agree, please discontinue use of our services.

02 — Information We Collect

What information we collect

We collect information in three ways: information you provide directly, information collected automatically through your use of the service, and information obtained from third-party platforms you connect to our service.

Information you provide directly

  • Restaurant name, address, and contact information
  • Owner and GM name, email address, and phone number
  • Dashboard login credentials (username and password — passwords are stored hashed and never readable)
  • Restaurant profile information: neighborhood, vibe, brand voice notes, menu highlights
  • Labor data: shift records, employee hours, sales figures uploaded by you or your operator
  • Inventory data: item names, quantities, unit costs, par levels, and waste records uploaded by you or your operator
  • Payment information: processed through Stripe — we do not store credit card numbers or financial account details

Information collected automatically

  • Dashboard activity logs: which tabs you visit, when you last logged in, feature usage patterns
  • System information: IP address, browser type, operating system (used for security and troubleshooting only)
  • AI interaction logs: content generation requests and outputs (used to improve service quality)

Information from third-party platforms

When you connect third-party accounts to Cavnar AI — including Google Business Profile, Yelp, Instagram, or Facebook — we collect:

  • Business profile information (name, address, category, hours)
  • Review content: text, ratings, dates, and reviewer display names from Google and Yelp
  • Social media content: posts, captions, and engagement metrics from connected Instagram and Facebook Business accounts
  • OAuth access tokens required to retrieve and publish data on your behalf — stored encrypted
Data TypeSourcePurpose
Restaurant reviewsGoogle, YelpAI review response drafting
Labor/sales recordsYou (CSV upload)Labor cost analysis and scheduling
Inventory recordsYou (CSV upload)Food cost and waste analysis
Social media contentInstagram, FacebookMarketing content generation and posting
Payment dataStripeSubscription billing
Login credentialsYouDashboard authentication
03 — How We Use Information

How we use your information

We use the information we collect exclusively to provide, maintain, and improve your Cavnar AI service. Specifically:

Service delivery

  • Generating AI-drafted responses to your Google and Yelp reviews
  • Analyzing your labor data to identify cost-saving opportunities and generate optimized schedules
  • Analyzing your inventory data to identify waste, overstock, and ordering recommendations
  • Generating marketing content — social media posts, emails, and promotional copy — in your restaurant's voice
  • Publishing approved content to your connected Instagram and Facebook Business accounts
  • Sending you weekly digest emails and urgent alert notifications

Service operations

  • Processing payments through Stripe
  • Sending transactional emails (welcome, payment confirmation, contract)
  • Authenticating your account and maintaining security
  • Troubleshooting technical issues

What we never do with your data

  • Sell, rent, or trade your information to any third party
  • Use your restaurant data to train AI models for other customers
  • Use your information for advertising purposes
  • Share your data with marketing companies or data brokers
  • Aggregate your data into industry reports without explicit written consent
04 — Third-Party Sharing

Third parties we work with

We share your data with a limited number of service providers strictly for the purpose of operating Cavnar AI. These providers are contractually prohibited from using your data for any other purpose.

ProviderPurposeData Shared
Anthropic AI model API (Claude) — powers review responses, labor analysis, and marketing content generation Review text, restaurant profile, operational data included in AI prompts. Anthropic's privacy policy applies.
Stripe Payment processing and subscription management Email address, billing information. Stripe's privacy policy applies.
Resend Transactional email delivery Email address, email content. Resend's privacy policy applies.
Railway Application hosting and infrastructure All application data stored on Railway servers in the United States.
Meta (Facebook/Instagram) Content publishing via Instagram Graph API and Facebook Pages API OAuth tokens and post content shared with Meta only at the time of publishing actions you initiate. Meta's privacy policy applies.
Google Review data retrieval via Google Places API Google Place ID used to retrieve public review data. Google's privacy policy applies.
DocuSign Electronic service agreement signing Name, email address, and contract content. DocuSign's privacy policy applies.

We do not share your information with any other third parties except as required by law, to protect our rights, or in connection with a merger or acquisition (in which case you will be notified in advance).

05 — Meta & Instagram Data

How we handle Meta and Instagram data

This section applies specifically to users who connect their Instagram Business or Creator accounts and Facebook Business Pages to Cavnar AI for the Marketing Autopilot module.

Important: Cavnar AI only requests access to Instagram and Facebook accounts that you explicitly connect and authorize. We never access personal (non-business) Instagram accounts. Only Business and Creator accounts connected to a Facebook Page can be integrated.

What Meta data we access

  • Basic business profile information (name, about, category)
  • Your published posts and their performance metrics (likes, comments, reach) — used only to inform content recommendations
  • The ability to publish new posts to your Instagram Business account and Facebook Page on your behalf, only when you explicitly initiate a post from your Cavnar AI dashboard

What Meta permissions we request

  • instagram_basic — Read basic profile information
  • instagram_content_publish — Publish media to your Instagram Business account
  • pages_manage_posts — Publish and manage posts on your connected Facebook Page
  • pages_read_engagement — Read engagement metrics on your Page posts

How we store Meta credentials

  • OAuth access tokens are stored encrypted in our database
  • Tokens are never logged or transmitted to any third party except Meta's servers during API calls
  • Long-lived tokens are refreshed automatically and securely
  • We do not store your Facebook or Instagram password at any point

How to revoke Meta access

You can revoke Cavnar AI's access to your Instagram and Facebook accounts at any time by:

  • Going to your Facebook Settings → Security and Login → Apps and Websites → removing Cavnar AI
  • Contacting us at [email protected] and requesting disconnection

Revoking access will immediately disable the Marketing Autopilot module's ability to post to your accounts. Previously published content will not be affected.

Meta data use limitations

We strictly comply with Meta's Platform Terms and Developer Policies. Specifically:

  • We do not use Meta data to build audience profiles or targeting data
  • We do not share Meta data with advertisers or data brokers
  • We do not use Meta data for any purpose other than operating your Cavnar AI marketing features
  • We do not transfer Meta data to any third-party analytics platform
  • We retain Meta-sourced data only as long as your account is active (see Data Retention section)
06 — Data Retention

How long we keep your data

We retain your data for as long as your Cavnar AI account is active or as needed to provide services. Specifically:

Data TypeRetention Period
Account and profile informationDuration of active account + 30 days after cancellation
Restaurant operational data (labor, inventory)Duration of active account + 30 days after cancellation
Review data and AI-drafted responsesDuration of active account + 30 days after cancellation
Meta OAuth tokensUntil revoked by you or account cancellation
Marketing content generatedDuration of active account + 30 days after cancellation
Payment records7 years (required for tax and legal compliance)
Service agreements / contracts7 years (required for legal compliance)
System logs90 days

Upon account cancellation, we will delete your operational data within 30 days, unless retention is required by law. Payment records and executed contracts are retained for 7 years as required by applicable law.

07 — Data Security

How we protect your data

We implement industry-standard security measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

  • All data is transmitted over HTTPS with TLS encryption
  • Passwords are hashed using bcrypt — we cannot retrieve your plain-text password
  • OAuth tokens and API keys are stored encrypted at rest
  • Our application infrastructure is hosted on Railway, which provides enterprise-grade security and SOC 2 compliance
  • Database access is restricted to application-level credentials with principle of least privilege
  • We conduct regular reviews of access controls and security practices

While we take significant steps to protect your data, no method of internet transmission or electronic storage is 100% secure. If you believe your account security has been compromised, contact us immediately at [email protected].

In the event of a data breach that affects your personal information, we will notify you within 72 hours of becoming aware of the breach, in accordance with applicable law.

08 — Your Rights

Your rights and choices

You have the following rights with respect to your personal information:

Access and portability

You may request a copy of all personal data we hold about you and your restaurant. We will provide this in a machine-readable format within 30 days of your request.

Correction

You may update or correct your account information at any time through your dashboard settings, or by contacting us at [email protected].

Deletion

You may request deletion of your personal data. See the Data Deletion section below for full instructions.

Restriction and objection

You may object to or request restriction of certain processing activities. We will honor these requests where technically feasible and not prohibited by law.

Withdraw consent

Where processing is based on consent (such as connecting Instagram), you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected] with the subject line "Privacy Request." We will respond within 30 days.

09 — Data Deletion

How to delete your data

You can request deletion of your Cavnar AI account and associated data at any time using any of the following methods:

Quickest method: Email [email protected] with subject line "Delete my account and data." Include your restaurant name and the email address on your account. We will confirm deletion within 5 business days.

Upon receiving a verified deletion request, we will:

  1. Delete your dashboard account and login credentials
  2. Delete all restaurant operational data (labor, inventory, reviews)
  3. Delete all AI-generated content associated with your account
  4. Revoke and delete all stored OAuth tokens for connected platforms
  5. Remove your information from all active systems within 30 days
  6. Confirm deletion by email once complete

Note: Payment records and executed service agreements are retained for 7 years as required by applicable tax and contract law, even after account deletion. These records do not contain sensitive operational data about your restaurant.

Instagram and Facebook data deletion

If you connect your Instagram or Facebook account to Cavnar AI and later request deletion, we will:

  • Immediately revoke our access to your Instagram and Facebook accounts
  • Delete all stored OAuth tokens associated with your Meta accounts
  • Delete any cached social media data retrieved during your service period

You can also independently remove Cavnar AI's access at any time via Facebook Settings → Security and Login → Apps and Websites.

10 — Cookies

Cookies and tracking

Cavnar AI uses a minimal number of cookies necessary for the service to function. We do not use advertising cookies, tracking pixels, or third-party analytics services.

CookiePurposeDuration
sessionMaintains your logged-in state on the dashboardUntil you log out or session expires
csrf_tokenPrevents cross-site request forgery attacksSession

We do not use Google Analytics, Facebook Pixel, or any third-party tracking tools on dashboard.cavnar.ai. Our main website (cavnar.ai) may use basic analytics to understand visitor traffic — this data is never linked to your dashboard account.

11 — Children's Privacy

Children's privacy

Cavnar AI is a business-to-business service intended solely for restaurant owners, operators, and their designated staff. Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from anyone under 18. If we become aware that we have inadvertently collected information from a minor, we will delete it promptly. Contact us at [email protected] if you believe this has occurred.

12 — California Residents

California residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know: You may request information about the personal data we collect, use, disclose, and sell (we do not sell personal data)
  • Right to delete: You may request deletion of your personal data as described in the Data Deletion section above
  • Right to opt-out of sale: We do not sell personal data. No opt-out is necessary.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA rights

To exercise your California privacy rights, email [email protected] with subject line "California Privacy Request."

13 — Policy Changes

Changes to this policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page
  • Send an email notification to all active account holders
  • Post a notice in your dashboard for 30 days after the change takes effect

Your continued use of Cavnar AI services after a policy update constitutes acceptance of the updated policy. If you do not agree to the updated policy, you may cancel your account at any time.

14 — SMS Messaging

SMS communications

When you provide your mobile phone number and opt in to SMS alerts in your account settings, Cavnar AI collects and uses your phone number solely to send you operational notifications related to your restaurant account (e.g., new review alerts, urgent activity notifications).

  • Your phone number is never sold or shared with third parties for marketing purposes.
  • SMS consent is separate from and not required for use of the Cavnar AI platform.
  • To opt out of SMS messages at any time, reply STOP to any message we send.
  • For help, reply HELP or contact [email protected].
  • Message & data rates may apply. Message frequency varies based on account activity.
15 — Contact

Contact us

If you have questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:

Will Cavnar
Cavnar AI LLC
South Elgin, Illinois, United States
Email: [email protected]
Website: cavnar.ai

We take privacy requests seriously and will respond within 30 days. For urgent security concerns, include "URGENT" in your subject line.

This Privacy Policy was written by Will Cavnar for Cavnar AI LLC. It is governed by the laws of the State of Illinois, United States.