Privacy Policy

1. Who this applies to

Our users are café owners, managers, and staff (“you”). The Service is not directed to consumers or the general public, and it is not intended for anyone under 18. When you connect a third-party account or upload data, you confirm you’re authorized to do so and to share that data with us.

2. Information we collect

Information you give us

• Account & profile: your name and email address, and the password you set (passwords are handled by our authentication provider and are not visible to us).
• Café & business details: café name, address, location (latitude/longitude), time zone, operating hours, and your settings and preferences.
• Team members:the email addresses you invite, and each member’s role (owner, manager, member).
• Vendors & purchasing: vendor names, contact emails, phone numbers, websites, addresses, ordering schedules, and any consignment payout details you enter.
• Inventory & counts: items, units, par levels, on-hand counts, and the person who recorded a count.
• Invoices you upload or forward by email: the invoice files and the information read from them (vendor, date, line items, amounts).
• Brand & content inputs: the brand voice/audience notes you provide for social briefs.

Information from accounts you connect

• Toast POS: when you connect Toast, we read your menu, inventory, stock levels, and order history (including order totals, item-level sales, quantities, guest counts, and the raw order records Toast returns, which can include payment-method metadata such as card type). We use this to power forecasting and ordering. We do not write data back to Toast.
• Google Calendar (optional): if you connect it, we read your calendar list and the events on the calendars you select (event titles, times, locations, descriptions), plus the Google email address of the connected account, to use events as demand signals.
• Instagram / Facebook (Meta) (optional):if you connect Instagram, we access — through the Meta Graph API and only to build your social brief — your Instagram Business account’s username and follower count; account insights (such as reach, profile views, and engagement); your recent media (captions, type, timestamps, permalinks) and their metrics (reach, saves, shares, likes, comments); and active stories and their metrics. We store an access token to maintain the connection. We do not post, comment, or message on your behalf. See “Instagram data” below.
• Connection credentials: to keep these integrations working, we securely store the API keys and OAuth tokens for the accounts you connect.

Information we obtain about your business from public sources

• Google Maps / Places:using your café’s Google Place, we retrieve details such as address, hours, and your business’s public Google rating and reviews, and we look up nearby cafés (“competitors”) and their public ratings to provide neighborhood context.
• Local events & news: we discover nearby events and local business news relevant to your café from public web sources and the event-source URLs you provide.
• Weather:we fetch local weather forecasts and history (from Open-Meteo) based on your café’s coordinates.

Information we generate

• Forecasts, trends, and the factors behind them; reputation/sentiment summaries derived from your public Google reviews; and AI-generated social briefs and brand-voice drafts.

Information collected automatically

• Usage & device data: basic, privacy-friendly analytics about page views and performance (via Vercel Analytics), and server logs needed to operate and secure the Service.
• Cookies & local storage:we use strictly necessary cookies to keep you signed in (set by our authentication provider) and a short-lived cookie to secure connection flows. We store small interface preferences (like a chosen view) in your browser’s local storage. We do not use advertising or cross-site tracking cookies.

3. How we use information

• Provide, operate, and maintain the Service and your account.
• Forecast demand, suggest and assemble vendor orders, reconcile invoices, track inventory, and generate social briefs and brand-voice drafts.
• Send vendor purchase orders and related emails at your direction (see Sharing).
• Provide support, respond to requests, and send service-related messages.
• Keep the Service secure, prevent abuse, and debug problems.
• Improve and develop features (using aggregated or de-identified data where practical).
• Comply with law and enforce our Terms.

We do not sell your personal information, and we do not use it for third-party advertising.

4. AI processing

Some features use Google’s Gemini API to generate results. To do this, we send relevant inputs to Google’s generative-AI service — for example: the contents of an invoice you upload (to read its line items); your café’s sales, menu, events, weather, and review summaries, plus connected Instagram metrics and captions (to write a social brief); and your website text and public reviews (to draft a brand voice). Google processes this data to return a result and, under the Gemini API terms for this type of usage, does not use it to train its models. We use AI to assist you; AI output can be wrong or incomplete, so review it before relying on or publishing it.

5. Instagram & Facebook (Meta) data

If you connect Instagram, our use of information received from the Meta Platforms follows the Meta Platform Terms and Developer Policies. Specifically:

• What we access: your Instagram Business account profile, insights, recent media and their metrics, and active stories — as listed in Section 2.
• Why:solely to analyze your account’s performance and generate your weekly social content brief. We never post, comment, or send messages without an explicit action from you, and we do not share this data with third parties except the AI processor used to generate your brief (described above) and our infrastructure providers.
• Disconnect & delete:you can disconnect Instagram at any time on the Social page. Disconnecting deletes the stored access token for that connection. To delete the Instagram-derived data we’ve stored (e.g., metrics saved within past briefs), follow “Data deletion” below.

6. How we share information

We share information only as needed to run the Service. We use the following categories of service providers (“sub-processors”), each of which receives only the data needed for its function:

• Supabase — database, authentication, and file storage (hosts your account and café data, including uploaded invoices).
• Vercel — application hosting and privacy-friendly analytics.
• Google— Maps/Places (business & neighborhood data), Calendar (if you connect it), and the Gemini AI API (to generate results, as described above).
• Meta Platforms — Instagram Graph API (if you connect Instagram).
• Resend — email delivery. We use Resend to send the vendor purchase orders and emails you choose to send, and to receive invoices vendors email to your dedicated inbound address.
• Open-Meteo — weather data (receives only coordinates, no personal data).

Sending to your vendors: when you send a purchase order, we transmit its contents (items, quantities, prices, dates, and your reply-to email) to the vendor and any recipients you add. You control the recipients and content.

We may also share information to comply with law, respond to lawful requests, protect rights and safety, or in connection with a merger, acquisition, or sale of assets (with notice where required).

7. Data retention

We keep information for as long as your account is active and as needed to provide the Service. Connection tokens are kept until you disconnect that integration. Uploaded invoices remain until you delete them or close your account. When you ask us to delete your data or close your account, we delete or de-identify it within a reasonable period, except where we must retain it to comply with law, resolve disputes, or enforce our agreements. Routine backups and logs are retained for a limited time and then expire.

8. Your choices & rights

• Access & correction: you can view and edit most of your data in the app, or ask us for a copy.
• Disconnect integrations: you can disconnect Toast, Google Calendar, or Instagram at any time, which stops further data collection from that source and removes its stored credentials.
• Deletion: you can ask us to delete your data or close your account (see below).
• Analytics: our analytics are aggregate and privacy-friendly; you can also use browser controls to limit cookies (strictly necessary cookies are required to sign in).

If you are in the EEA or UK, you have rights to access, correct, delete, restrict, or object to processing, and to data portability; our legal bases are performance of our contract with you, your consent (for optional integrations), and our legitimate interests in operating and improving the Service. If you are a California resident,you have rights to know, access, delete, and correct your personal information and to not be discriminated against for exercising them; we do not “sell” or “share” personal information as those terms are defined under California law. To exercise any right, email privacy@vulpinlabs.com; we may need to verify your identity.

9. Data deletion

To delete your data:

• Disconnect a source (Toast, Google Calendar, or Instagram) in the app to remove its stored credentials and stop further collection.
• Delete specific records (such as invoices) within the app.
• Delete your account and associated data by emailing privacy@vulpinlabs.com from your account email, or with enough detail for us to locate your account. We will confirm and complete deletion within a reasonable period, subject to legal retention requirements.

10. Security

We protect data with encryption in transit (TLS) and at rest, access controls and row-level security so each café’s data is isolated, and least-privilege handling of credentials. No system is perfectly secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your information, we will notify you as required by law.

11. Where data is processed

Butter is operated from the United States, and our providers process data in the United States and other countries. If you access the Service from outside the U.S., you understand your information will be processed in the U.S. Where required, international transfers are made under appropriate safeguards.

12. Children

The Service is for businesses and is not intended for children. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us information, contact us and we will delete it.

13. Third-party services & links

The Service integrates with and links to third-party services (such as Toast, Google, Meta, and your vendors’ sites). Their handling of your information is governed by their own terms and privacy policies, which we encourage you to review. We are not responsible for third-party practices.

14. Changes to this policy

We may update this Privacy Policy from time to time. We’ll change the “Last updated” date above and, for material changes, provide additional notice. Your continued use of the Service after an update means you accept the revised policy.

15. Contact us

Butter — Privacy. Email privacy@vulpinlabs.com.