Legal

Privacy Policy

Effective: 2026-04-19

1. Who we are

PickCounter ("we," "us," or "PickCounter") provides a driver pickup verification platform for restaurants. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and the rights you have over it.

2. Information we collect

2.1 From restaurant operators (account holders)

  • Account information: email address, display name (optional).
  • Organization information: restaurant name, addresses, location details, plan tier.
  • Billing information: processed and stored by Stripe; we receive a customer ID, plan, and payment status — we never see card numbers.
  • Operational data: orders entered or ingested via integrations, verification events, audit logs.

2.2 From delivery drivers

  • Phone number in E.164 format, used to send the pickup verification SMS.
  • Display name as provided by the order platform or operator.
  • Profile photo if the driver opts in to selfie verification (always optional).
  • Verification metadata (timestamps of SMS sent, link opened, QR scanned, override used).
  • IP address and user-agent string when the driver opens the check-in link, used for security and fraud prevention.

2.3 About customers (incidental)

Order records may include a customer's name as supplied by the order platform. We truncate the customer name to first name and last initial on counter displays and only retain the full name as needed for the operator's audit log.

2.4 Technical and usage data

  • Standard server logs (IPs, user-agents, request paths, response codes).
  • Cookies set by Supabase Auth for session management.
  • No third-party advertising trackers, no analytics SDKs that fingerprint individual users.

3. How we use information

  • Provide the Service: route SMS, validate QR scans, surface verifications on the counter display, render dashboards.
  • Bill for use: meter verification volume and report it to Stripe.
  • Secure the Service: rate-limit abusive activity, detect anomalies, enforce HMAC validation on inbound webhooks.
  • Communicate: send transactional email (sign-in links, billing receipts, important account updates).
  • Improve the Service: aggregate, de-identified analytics on verification timing, integration health, error rates.
  • Comply with law: respond to lawful subpoenas and legal process, retain billing records, enforce our Terms.

4. Lawful basis (for users in the EU/UK)

We process operator data primarily to perform our contract with you. We process driver data on the basis of legitimate interests (the operator's legitimate interest in verifying pickups, and our legitimate interest in operating the Service), plus the driver's implicit consent through arrival at the restaurant and use of the SMS link. We rely on consent for optional features (profile photo).

5. Sharing with third parties

We share data only with the providers required to operate the Service:

  • Supabase — database, authentication, file storage, realtime channels.
  • Twilio — outbound SMS over a verified toll-free number.
  • Stripe — subscription billing, payment processing.
  • Resend — transactional email delivery.
  • Vercel — application hosting and CDN.
  • Order-platform partners (DoorDash, Uber, Grubhub, Square) — only the data each partner sends to us through their webhooks; we do not push customer or driver data back unless required by the integration.

We do not sell personal information. We do not share personal information for cross-context behavioral advertising. We may disclose information when required by law or to protect the rights, property, or safety of PickCounter, our users, or the public.

6. SMS and driver communications

We send drivers a single transactional SMS per assigned pickup. Drivers may reply STOP to opt out of all future PickCounter messages; opt-outs are honored immediately and persist across organizations. Drivers may also email privacy@pickcounter.io to request deletion of their phone number from our system.

7. Data retention

  • Account data: retained for the life of the account, then deleted within ninety days of account closure.
  • Verification records: retained for the life of the operator's subscription, plus up to seven years for audit/billing purposes.
  • Driver phone numbers: retained as long as needed to send SMS for active orders; aggregated activity records may persist for analytics.
  • Server logs: retained for thirty days.
  • Backups: rolling backups overwritten within thirty-five days.

8. Security

We protect data in transit and at rest using industry-standard encryption. Database access is restricted by Postgres row-level security policies tied to organization membership. Service-role keys never touch the browser. Webhook ingest paths require HMAC signatures. Rate limits protect SMS spend and verification endpoints. We log security events and review anomalies. No system is perfectly secure; if we discover a breach affecting your data, we will notify you in accordance with applicable law.

9. Your rights

9.1 Universal rights

You may at any time:

  • Access the personal information we hold about you.
  • Correct inaccurate information.
  • Delete your account (subject to retention requirements above).
  • Export your data in a machine-readable format.

9.2 EU / UK / EEA residents (GDPR)

You have the right to lodge a complaint with your local data-protection authority. To exercise rights under GDPR, contact privacy@pickcounter.io.

9.3 California residents (CCPA / CPRA)

You have the right to know what personal information we collect, the right to delete it, the right to correct inaccurate information, and the right to opt out of any "sale" or "sharing" of personal information. We do not sell or share personal information for cross-context behavioral advertising. To exercise these rights, contact privacy@pickcounter.io. We will not discriminate against you for exercising your rights.

10. Children

PickCounter is not directed to children under sixteen and we do not knowingly collect personal information from them. If you believe a child has provided us information, contact us and we will delete it.

11. International transfers

PickCounter is operated from the United States. If you access the Service from outside the U.S., your information may be transferred to and processed in the U.S. and other countries where our service providers operate. Where required, we rely on standard contractual clauses or equivalent safeguards for international transfers.

12. Changes

We may update this Privacy Policy from time to time. If we make material changes, we will notify you (for example, by email or in-product notice). The "Effective" date at the top of this page reflects the most recent revision.

13. Contact

For privacy questions, requests, or notices, contact privacy@pickcounter.io. Operators with questions about data processing on behalf of their organization should contact dpo@pickcounter.io.