Privacy Policy

Effective March 10, 2026 · Last updated March 10, 2026

This document is a draft template. Consult a qualified attorney before publishing.

Estora, Inc. ("Estora," "we," "us," or "our") operates Estora Inventory, a web-based inventory management application for food service businesses. This Privacy Policy explains how we collect, use, share, and protect your information when you use our platform at estora.tech and any related services (collectively, the "Service").

By creating an account or using the Service, you agree to the collection and use of information as described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information You Provide

  • Account information: Name, work email address, password, and role within your organization (owner, manager, shift lead, or staff).
  • Organization information: Business name, location name(s), and address(es).
  • Inventory data: Item names, descriptions, categories, quantities, par levels, unit costs, vendor associations, and count records.
  • Vendor data: Vendor names, contact information, delivery schedules, lead times, and order minimums.
  • Order data: Purchase orders, order history, delivery records, and invoice details.
  • Prep and usage data: Prep schedule entries, batch records, usage logs, and waste entries.
  • Communications: Messages you send to us through support channels or feedback forms.

Information Collected Automatically

  • Activity and audit data: We maintain an activity trail that logs actions taken within the Service, including who performed the action, what changed, and when. This supports accountability and operational transparency for your team.
  • Device and browser information: IP address, browser type and version, operating system, device type, and screen resolution.
  • Usage data: Pages visited, features used, timestamps, and interaction patterns within the Service.
  • Cookies and similar technologies: See Section 8 (Cookies & Tracking Technologies) below.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service — manage your account, process inventory data, generate suggested orders, run reports, and deliver the features you use.
  • Improve the Service — analyze usage patterns to identify bugs, improve performance, and develop new features.
  • Communicate with you — send account-related notices (password resets, billing confirmations, service updates), respond to support requests, and share product announcements. You can opt out of non-essential communications at any time.
  • Process billing — manage your subscription, process payments through our third-party payment processor, and send invoices.
  • Ensure security — detect and prevent fraud, unauthorized access, and abuse of the Service.
  • Comply with legal obligations — respond to lawful requests from authorities and enforce our Terms of Service.

We do not use your inventory, vendor, or operational data to build profiles for advertising. We do not sell your data.

3. How We Share Your Information

We do not sell, rent, or trade your personal information. We share information only in the following circumstances:

  • Service providers: We use third-party vendors to help operate the Service, including cloud hosting, payment processing, email delivery, and error monitoring. These providers access only the data necessary to perform their functions and are contractually required to protect it.
  • AI processing providers: See Section 4 (AI Features & Third-Party Processing) below.
  • Legal obligations: We may disclose information if required by law, court order, subpoena, or government request, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business transfers: If Estora is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you before your information becomes subject to a different privacy policy.
  • With your consent: We may share information in other ways if you direct us to or give us explicit permission.

4. AI Features & Third-Party Processing

Estora Inventory includes an AI assistant that helps you analyze inventory patterns, get operational suggestions, and answer questions about your data.

What data is sent to AI providers

  • When you interact with the AI assistant, your query and relevant context (such as inventory levels, item names, categories, and usage trends for your active location) may be sent to third-party AI processing providers.
  • We send the minimum context necessary to generate a useful response.
  • We do not send your password, payment information, or personal contact details of your team members to AI providers.

How AI providers handle your data

  • Our AI processing providers are contractually prohibited from using your data to train their models or for any purpose other than generating responses to your queries.
  • AI-generated suggestions are informational only and should not be treated as professional advice. See our Terms of Service for more detail.

5. Data Retention

  • Active accounts: We retain your data for as long as your account is active and your subscription is in good standing.
  • After cancellation: When you cancel your subscription, we retain your data for 90 days to allow for reactivation. After 90 days, we begin the deletion process.
  • Deletion requests: You may request deletion of your account and associated data at any time by contacting us at info@estora.tech. We will process deletion requests within 30 days, subject to any legal retention obligations.
  • Activity trail data: Audit log entries are retained for the same period as your account data. They are deleted when your account data is deleted.
  • Backups: Residual copies in encrypted backups are overwritten through our normal backup rotation cycle (typically within 90 days of deletion).

6. Data Security

We take the security of your data seriously and implement measures including:

  • Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS (HTTPS).
  • Encryption at rest: Data stored on our servers is encrypted at rest.
  • Access controls: Access to production systems and customer data is restricted to authorized personnel on a need-to-know basis, with multi-factor authentication required.
  • Infrastructure: The Service is hosted on US-based cloud infrastructure with SOC 2-compliant providers.
  • Incident response: We maintain an incident response process. In the event of a data breach that affects your personal information, we will notify you and applicable authorities as required by law.

No system is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information.
  • Data portability / Export: Request a copy of your data in a structured, machine-readable format (CSV export is available for inventory and order data within the Service).
  • Opt out of communications: Unsubscribe from non-essential emails at any time using the link in any marketing email.

For California residents (CCPA/CPRA)

You have the right to:

  • Know what personal information we collect, use, and disclose.
  • Request deletion of your personal information.
  • Opt out of the sale of personal information. We do not sell your personal information.
  • Non-discrimination for exercising your privacy rights.

For EEA/UK residents (GDPR)

If you are in the European Economic Area or the United Kingdom, our legal basis for processing your data is:

  • Contract performance — processing necessary to provide the Service you subscribed to.
  • Legitimate interests — improving the Service, ensuring security, and communicating with you.
  • Consent — where required (e.g., for marketing communications).

You also have the right to lodge a complaint with your local data protection authority.

To exercise any of these rights, contact us at info@estora.tech.

8. Cookies & Tracking Technologies

We use cookies and similar technologies as follows:

Cookie typePurposeDuration
Strictly necessaryAuthentication session, CSRF protectionSession (expires on logout or after inactivity)
FunctionalLanguage preference, UI settingsPersistent (up to 1 year)
AnalyticsNot currently in use. When implemented, we will update this policy and our Cookie Policy with details.

You can manage cookie preferences through your browser settings. Disabling strictly necessary cookies may prevent the Service from functioning properly.

For more detail, see our Cookie Policy.

9. Children's Privacy

The Service is designed for use by food service business professionals and is not directed at children under the age of 13 (or 16 in the EEA/UK). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under the applicable age, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at info@estora.tech.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last updated" date at the top of this page.
  • Notify you by email or through a prominent notice within the Service at least 14 days before the changes take effect.

Your continued use of the Service after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or want to exercise your privacy rights, contact us at:

Estora, Inc.
Email: info@estora.tech