1. Introduction
Welcome to AEDAN ("we," "our," or "us"). We are committed to protecting your privacy and handling your data in an open and transparent manner.
This Privacy Policy explains how Gaazzeebo collects, uses, stores, and protects information when you use our AEDAN AI restaurant assistant service (the "Service"), accessible via our website, admin dashboard, and embedded widgets.
LEGAL NOTICE: By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must immediately cease all use of the Service. Your continued use constitutes acceptance of any updates or modifications to this Policy.
Our Commitment: Your restaurant data and customer information belong to you, subject to the broad licenses and commercialization rights granted to us in this Privacy Policy and our Terms of Service. We may use, analyze, aggregate, anonymize, and commercialize your data to advance restaurant technology, improve industry outcomes, and generate revenue through data products and services.
Binding Agreement: This Privacy Policy is incorporated into and forms part of our Terms of Service. By using the Service, you agree to both documents in their entirety.
2. Information We Collect
2.1 Account Information
When you create an AEDAN account, we collect:
- Restaurant name and business details
- Contact email address
- Phone number (optional)
- Billing information (processed securely through Stripe)
- Restaurant location and operating hours
2.2 Customer Conversation Data
When customers interact with AEDAN on your website, we collect:
- Customer messages and AI responses
- Customer name, email, and phone (if provided during reservations/orders)
- Reservation details (date, time, party size, special requests)
- Order details (menu items, quantities, delivery information)
- Conversation metadata (timestamps, session IDs, conversation phase)
2.3 Menu and Business Data
- Uploaded menu PDFs and structured menu data
- Restaurant configuration (hours, table capacity, delivery zones)
- Custom AI training data and preferences
2.4 Analytics and Usage Data
- Conversation metrics (volume, success rate, AI confidence scores)
- Revenue analytics (order values, trends)
- Dashboard usage patterns
- Widget performance data
- Employee activity logs (for team management features)
2.5 Technical Data
- IP addresses and device information
- Browser type and version
- Operating system
- Pages visited and actions taken
- Error logs and diagnostic data
3. How We Use Your Information
We use collected information for the following purposes:
3.1 Service Delivery
- Process reservations and orders through AI conversations
- Train and improve AEDAN's understanding of your menu and business
- Send email confirmations and notifications to customers
- Provide real-time analytics and insights
- Enable team collaboration features
3.2 Service Improvement
- Analyze conversation patterns to improve AI accuracy
- Identify and fix bugs or errors
- Develop new features based on usage patterns
- Optimize system performance and response times
3.3 Customer Support
- Respond to support inquiries
- Troubleshoot technical issues
- Provide onboarding and training assistance
3.4 Billing and Compliance
- Process subscription payments
- Send billing invoices and receipts
- Detect and prevent fraud
- Comply with legal obligations
4. Data Access & Platform Consent
Important: By Creating an Account, You Grant Us Access
By signing up for AEDAN and using our platform, you expressly grant aedanrose.ai and Gaazzeebo full access to all restaurant data, customer information, conversation records, analytics, and business metrics collected through the Service. This access is essential for us to provide, maintain, improve, and support the AI-powered features you rely on.
4.1 What Data Access Includes
Your consent upon registration grants us access to:
- All Restaurant Data: Menus, hours, locations, configurations, training documents, and business settings
- Customer Conversations: Complete conversation histories, including messages, reservations, orders, and customer contact information
- Analytics & Metrics: Performance data, revenue analytics, conversion rates, AI confidence scores, and usage statistics
- Team Activity: Employee accounts, permissions, scheduling, and activity logs
- Operational Data: System logs, error reports, API usage, integration data, and technical diagnostics
4.2 Why We Need This Access
Access to your restaurant data is required to:
- Train and optimize AEDAN's AI models to accurately understand your specific menu, policies, and business needs
- Process customer reservations, orders, and inquiries in real-time
- Generate analytics and insights about your restaurant's performance
- Provide technical support and troubleshoot issues when you request assistance
- Improve our AI algorithms and service features for all users
- Ensure platform security, prevent fraud, and maintain service quality
- Comply with legal obligations and enforce our Terms of Service
- Conduct industry research, benchmarking studies, and market analysis to advance restaurant technology
- Create aggregated datasets, reports, and insights that benefit the restaurant industry as a whole
- Develop new AI models, features, and services based on industry-wide data patterns
- Partner with third-party researchers, industry organizations, and technology companies to improve restaurant operations
4.3 How We Protect Your Data
While we have full access to your data, we implement strict security and privacy controls:
- Data is encrypted at rest (AES-256) and in transit (TLS 1.3)
- Access is limited to authorized personnel on a need-to-know basis
- All employee access is logged and monitored
- We never sell your data to third parties or use it for purposes unrelated to providing the Service
- Data is processed in accordance with GDPR, CCPA, and other applicable privacy regulations
4.4 Data Commercialization & Industry Advancement
Important: By using AEDAN, you grant us the right to use, analyze, process, aggregate, anonymize, and commercialize your data for purposes including, but not limited to:
Research & Development
- Industry Research: Conduct studies on restaurant trends, consumer behavior, pricing strategies, menu optimization, and operational efficiency
- AI Training: Use your conversations, menu data, and customer interactions to train proprietary AI models for our platform and other applications
- Product Development: Develop new features, tools, and services based on insights derived from your data
- Benchmarking: Create industry benchmarks, best practice guides, and performance standards using aggregated data from all users
Commercial Use & Data Monetization
- Aggregated Data Sales: We may sell, license, or distribute anonymized, aggregated datasets to third parties including market research firms, technology companies, consulting firms, academic institutions, and industry organizations
- Industry Reports: Publish and monetize reports, whitepapers, and insights derived from your data (in anonymized/aggregated form)
- Consulting Services: Use data-driven insights to provide consulting services to other restaurants, chains, or industry stakeholders
- Partnership Opportunities: Share data with strategic partners, technology vendors, and service providers to develop integrated solutions and industry innovations
- AI Model Licensing: License AI models trained on your data to third parties for use in restaurant technology, hospitality platforms, or related industries
What "Anonymized" and "Aggregated" Means
When we commercialize data, we typically use anonymized or aggregated data, which means:
- Anonymized Data: Data that has been stripped of personally identifiable information (PII) such as restaurant names, owner names, addresses, and customer identities
- Aggregated Data: Data combined from multiple restaurants to show industry-wide trends, patterns, and statistics (e.g., "Italian restaurants in California average 120 reservations per week")
However, we reserve the right to share non-anonymized data with partners, researchers, and third parties under confidentiality agreements when necessary to advance restaurant technology and improve industry outcomes.
Revenue Sharing
You acknowledge and agree that:
- We retain 100% of revenue generated from the commercialization of your data
- You are not entitled to any compensation, royalties, or revenue sharing from our use of your data
- Your subscription fee compensates you for the Service; data rights are granted separately as part of this agreement
Examples of Data Use
Practical examples of how we may use and monetize your data include:
- Selling aggregated restaurant performance data to market research firms (e.g., "Average order value trends in fast-casual dining")
- Licensing AI conversation models trained on your customer interactions to other hospitality software companies
- Providing anonymized menu pricing data to consulting firms advising restaurants on pricing strategies
- Publishing industry reports on peak dining times, popular menu items, and customer preferences (with data from multiple restaurants)
- Partnering with food delivery platforms and sharing operational data to improve their services
- Training general-purpose AI models using your customer service conversations and selling those models
4.5 Your Continued Consent
By continuing to use AEDAN after account creation, you reaffirm your consent to this data access arrangement, including all commercialization rights described above. If you do not agree to grant us these rights, you should not create an account or use the Service. You may withdraw consent at any time by canceling your account, after which your data will be deleted in accordance with our retention policy. However, data already aggregated, anonymized, or incorporated into AI models prior to cancellation may continue to be used and commercialized indefinitely.
5. Data Storage & Security
4.1 Where We Store Your Data
- Google Firestore: Real-time operational data (conversations, reservations, orders)
- PostgreSQL: Analytics and historical data
- Redis: Temporary caching (2 minutes to 1 hour retention)
- All data is stored in secure, tier-4 data centers in the United States
4.2 Security Measures
- Encryption: AES-256 encryption at rest, TLS 1.3 in transit
- Authentication: Firebase Authentication with bcrypt password hashing
- Access Control: Role-based access (Admin, Manager, Server, Hostess)
- Monitoring: 24/7 automated security monitoring and threat detection
- Backups: Daily automated backups with 30-day retention
- SOC 2 Type II: Compliance with enterprise security standards
4.3 Data Retention
- Active accounts: Data retained for duration of subscription
- Canceled accounts: Data deleted within 30 days of cancellation
- Legal hold: Some data may be retained longer for legal compliance
- Anonymized data: Aggregate analytics may be retained indefinitely
5. Third-Party Services & Data Sharing
5.1 Operational Service Providers
We use the following trusted third-party services to operate AEDAN:
- Google Gemini AI: Processes customer conversations to understand intent and generate responses. Your data is shared with Google for AI processing.
- Google Firebase: Authentication, real-time database, cloud functions. Your data is stored on Google's infrastructure.
- Railway: Backend hosting and deployment
- Render: Static site hosting
- Stripe: Payment processing and billing. We do not store credit card numbers (Stripe handles PCI compliance).
- SendGrid/Mailgun: Transactional emails (reservation confirmations, order receipts)
5.2 Commercial Data Recipients
We may share, sell, or license your data to the following categories of third parties for commercial purposes:
- Market Research Firms: Companies that purchase restaurant industry data for market analysis and reporting
- Consulting Companies: Advisory firms that use our data to provide insights to their clients
- Technology Companies: Software vendors, SaaS platforms, and technology providers who purchase AI models or datasets
- Academic Institutions: Universities and research institutions conducting studies on hospitality, AI, or consumer behavior
- Industry Organizations: Restaurant associations, trade groups, and industry bodies that use data for benchmarking
- Government Agencies: Regulatory bodies, economic development agencies, or government research programs (when legally required or commercially advantageous)
- Strategic Partners: Business partners, co-development partners, and companies with whom we have commercial relationships
- Data Brokers: Third-party data aggregators and brokers who purchase datasets for resale
- Advertising & Marketing Platforms: Companies that use data for targeted advertising, customer segmentation, or marketing analytics
- Investors & Acquirers: Potential buyers, investors, or merger partners during due diligence or acquisition processes
5.3 Data Sharing Scenarios
We may share your data (anonymized, aggregated, or identifiable) in the following scenarios:
- Direct Sales: Selling datasets, reports, or insights directly to third parties for a fee
- Licensing Agreements: Licensing our AI models (trained on your data) to technology companies
- Research Collaborations: Partnering with academic or industry researchers who access your data for studies
- Business Development: Sharing data with potential partners to explore joint ventures or integrations
- Acquisitions & Mergers: Transferring data to acquirers or merger partners as part of a business transaction
- Legal Requirements: Disclosing data in response to subpoenas, court orders, or legal processes
- Platform Integrations: Sharing data with third-party platforms (e.g., delivery apps, POS systems) to enable integrations
5.4 No Control Over Third-Party Use
Once we share your data with third parties:
- We have no control over how they use, store, or further distribute your data
- Their privacy policies and data practices apply to their use of your data
- They may retain your data indefinitely, even after you delete your AEDAN account
- They may create derivative works, insights, or products based on your data
- We are not liable for their misuse, data breaches, or privacy violations
5.5 Confidentiality Agreements
While we may require some third-party recipients to sign confidentiality agreements, these agreements:
- Do not prevent them from using your data for their own commercial purposes
- May allow them to create derivative works or products based on your data
- May expire after a certain period, allowing unrestricted future use
- Are between us and the third party; you have no enforcement rights
Bottom Line: By using AEDAN, you consent to us sharing your data with unlimited third parties for commercial purposes, with limited restrictions on how they use it.
6. Your Rights
You have the following rights regarding your data:
6.1 Access Your Data
- View all your restaurant data in the admin dashboard
- Request a complete data export (CSV/JSON format)
- Available within 48 hours of request
6.2 Delete Your Data
- Cancel your account at any time via the dashboard
- Request immediate data deletion by contacting support
- All data deleted within 30 days (except legally required records)
6.3 Correct Your Data
- Update account information in the dashboard
- Modify restaurant details, menus, and settings
- Contact support for assistance with corrections
6.4 Opt-Out of Marketing
- Unsubscribe from marketing emails via the link in any email
- You will still receive transactional emails (billing, service updates)
6.5 Port Your Data
- Export your data in machine-readable format (CSV, JSON)
- Use exported data with other services
7. GDPR & CCPA Compliance
7.1 GDPR (EU Users)
If you are located in the European Economic Area (EEA), you have additional rights under GDPR:
- Legal Basis: We process data based on contract fulfillment and legitimate business interests
- Data Controller: Gaazzeebo is the data controller
- EU Representative: [To be appointed if serving EU customers]
- Right to Erasure: "Right to be forgotten" - request complete data deletion
- Data Portability: Receive your data in structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests
7.2 CCPA (California Users)
If you are a California resident, you have rights under CCPA:
- Right to Know: What personal information we collect and how we use it
- Right to Delete: Request deletion of your personal information
- Right to Opt-Out: We do not sell personal information
- Non-Discrimination: We will not discriminate for exercising your rights
To exercise your rights: Email gaazzeebo@gmail.com or use the "Delete My Data" option in the dashboard.
8. Cookies & Tracking
We use cookies and similar technologies to improve your experience:
8.1 Essential Cookies
- Authentication tokens (keep you logged in)
- Session management
- Security features
8.2 Analytics Cookies
- Google Analytics (anonymized IP addresses)
- Widget usage tracking
- Dashboard interaction analytics
8.3 Cookie Control
You can control cookies through your browser settings. Note that disabling cookies may affect Service functionality.
9. Children's Privacy
AEDAN is not intended for users under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by:
- Email notification to your account email
- Dashboard notification banner
- Updated "Last Modified" date at the top of this page
Continued use of the Service after changes constitutes acceptance of the updated policy.
12. Disclaimers & Limitations of Liability
IMPORTANT LEGAL PROTECTIONS
12.1 No Warranties
TO THE MAXIMUM EXTENT PERMITTED BY LAW, THE SERVICE AND ALL DATA PROCESSING ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO:
- Warranties of merchantability, fitness for a particular purpose, or non-infringement
- Warranties regarding data accuracy, completeness, or reliability
- Warranties that the Service will be uninterrupted, secure, or error-free
- Warranties that data breaches, losses, or unauthorized access will not occur
12.2 Limitation of Liability
TO THE FULLEST EXTENT PERMITTED BY LAW, GAAZZEEBO, ITS OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AFFILIATES, AND SERVICE PROVIDERS SHALL NOT BE LIABLE FOR:
- Any indirect, incidental, special, consequential, or punitive damages
- Loss of profits, revenue, data, goodwill, or business opportunities
- Data breaches, security incidents, or unauthorized access to your data
- Errors, inaccuracies, or failures in AI processing or data handling
- Third-party actions, including hackers, cybercriminals, or malicious actors
- Force majeure events, including natural disasters, pandemics, wars, or government actions
- Actions or omissions of third-party service providers (Google, Firebase, Stripe, etc.)
- Your failure to implement adequate security measures or protect your account credentials
- Damages arising from your violation of this Privacy Policy or Terms of Service
- Regulatory fines, penalties, or enforcement actions resulting from your use of the Service
TOTAL LIABILITY CAP: Our total aggregate liability arising from or related to this Privacy Policy or your use of the Service shall not exceed the lesser of: (a) the amount you paid to us in the 12 months preceding the claim, or (b) $100 USD.
12.3 Indemnification
You agree to indemnify, defend, and hold harmless Gaazzeebo, its affiliates, officers, directors, employees, agents, and service providers from and against any and all claims, damages, losses, liabilities, costs, and expenses (including reasonable attorneys' fees) arising from or related to:
- Your use or misuse of the Service
- Your violation of this Privacy Policy or applicable laws
- Your failure to obtain proper consents from customers whose data you collect
- Any data you provide, upload, or transmit through the Service
- Privacy violations, GDPR/CCPA violations, or other regulatory non-compliance
- Third-party claims arising from your use of the Service
- Your breach of any representations or warranties made in this Privacy Policy
12.4 Data Breach Disclaimer
While we implement reasonable security measures, NO SYSTEM IS 100% SECURE. You acknowledge and agree that:
- Data breaches may occur despite our security efforts
- We are not liable for breaches caused by third-party attacks, vulnerabilities, or force majeure
- You waive any claims related to data breaches unless caused by our gross negligence or willful misconduct
- Our sole obligation in the event of a breach is to notify you in accordance with applicable law
- You are responsible for implementing your own backup and disaster recovery measures
12.5 Third-Party Services Disclaimer
We use third-party services (Google Gemini AI, Firebase, Stripe, etc.) to operate the Service. You acknowledge that:
- We have no control over these third-party services and their data practices
- We are not responsible for their actions, failures, or data breaches
- Their terms of service and privacy policies apply to their processing of your data
- You waive any claims against us arising from third-party service failures or misconduct
12.6 Assumption of Risk
BY USING THE SERVICE, YOU EXPRESSLY ASSUME ALL RISKS ASSOCIATED WITH:
- Storing and processing sensitive business and customer data via cloud services
- Relying on AI systems for business-critical operations
- Potential exposure to cybersecurity threats, hacking attempts, and data breaches
- Regulatory compliance risks related to data privacy laws
- Business disruption if the Service becomes unavailable
12.7 Severability
If any provision of this Privacy Policy is found to be unenforceable or invalid, that provision shall be limited or eliminated to the minimum extent necessary, and the remaining provisions shall remain in full force and effect.
12.8 No Waiver
Our failure to enforce any right or provision of this Privacy Policy shall not be deemed a waiver of such right or provision.