Privacy Policy

1 Introduction and Scope

1.1 Who We Are

Plaum Inc. ("Plaum," "we," "us," or "our") is a food-tech company built to connect diners and restaurants through social discovery, smart ordering, and AI-powered personalization. Plaum was co-founded by Michael Nwaeze (Co-founder & CEO) and Alexis Mugisha (Co-founder & CTO), and is incorporated and headquartered in Ontario, Canada.

1.2 What This Policy Covers

This Privacy Policy applies to all personal information we collect and process through:

The Plaum mobile app for iOS and Android (used by both consumer "foodie" users and restaurant owners/staff)
The Plaum restaurant web dashboard (used exclusively by restaurant owners, managers, and kitchen staff)
The Plaum marketing and landing website (plaum.co and related subdomains)
All APIs, backend services, and infrastructure connecting the above products

1.3 Who This Policy Applies To

This policy applies to all individuals who interact with Plaum's products and services, including:

Consumer users ("Foodies") — individuals who use the Plaum mobile app to discover restaurants, share food content, order meals, and connect with other food lovers
Restaurant users — restaurant owners, managers, and kitchen staff who use the Plaum mobile app or web dashboard to manage their restaurant presence, orders, menus, and analytics
Guest users — individuals who use the Plaum mobile app in Guest Mode without creating an account

1.4 Acceptance

By downloading or using the Plaum app, accessing the Plaum web dashboard, or using any Plaum service, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree to the terms of this policy, please cease use of all Plaum products and services.

2 Information We Collect

2.1 Information You Provide Directly

Account Registration

When you create a Plaum account, we collect:

Email address (required for all account types)
First name and last name
Username (unique, minimum 3 characters)
Password (stored as a hashed value using industry-standard algorithms; plain-text passwords are never stored or transmitted after initial receipt)
Profile photo / avatar (optional; stored on AWS S3)
Phone number (required for restaurant users only, for business contact and Stripe Connect identity verification purposes)
Bio and display name (optional)

Onboarding Quiz and Taste Preferences (Consumer Foodie Users)

During initial onboarding, consumer users complete a personalization quiz. We collect your responses to questions about:

Palate score — your general taste profile (rated A through D)
Vibe preference — the atmosphere you prefer when dining
Priority — whether you value price, quality, speed, or ambiance most
Adventure appetite — your willingness to try new or unfamiliar cuisines
Ritual habits — how often you dine out and the occasions you associate with dining
Dietary tags — dietary restrictions and preferences (e.g., vegan, vegetarian, halal, kosher, gluten-free, dairy-free, nut-free, keto, paleo)
Cuisine preferences — your preferred cuisine types selected from a curated list

This information is used exclusively to power Plaum's personalization features, including feed ranking, Palate Twin matching, and Plaum AI recommendations. It is not sold or used for third-party advertising.

Restaurant Profile Setup (Restaurant Users)

Restaurant owners onboarding to Plaum provide:

Restaurant name, description, phone number, email, and website
Physical address and geographic coordinates
Cuisine type and operating hours
Menu data: dish names, descriptions, prices, photos, modifier groups, dietary tags, allergen information, ingredients, and availability flags
Table configurations and QR code assignments
Reservation settings including availability schedules, cancellation windows, security deposit amounts, and blackout dates

Payment and Financial Information

Important: Plaum does not store, transmit, or process raw credit card numbers, debit card numbers, or bank account details on our servers. All card and payment credential handling is performed exclusively by Stripe, Inc., a PCI-DSS Level 1 certified payment processor.

Plaum collects the following payment-related information:

Order transaction records: items ordered, subtotal, tip amount, grand total, order type, and a Stripe payment intent ID (a reference token used for reconciliation — not a card number)
Stripe Connect business information (restaurant users): business legal name, tax identification number, and banking details are collected and transmitted directly to Stripe during restaurant onboarding; Plaum does not receive or store raw financial credentials
Subscription records: the module subscription plan active on a restaurant account, billing cycle, status (active, trialing, canceling, cancelled), and Stripe subscription ID

User-Generated Content ("Crumbs")

Consumer users may create and share content on Plaum, including:

Crumbs: food photos and videos you post, along with captions, restaurant and dish tags, and visibility settings (public or followers-only)
Comments and replies on Crumbs posted by yourself and others
Order reviews: star ratings (1–5) and written review text submitted after completing an order
Direct messages (DMs) sent to other Plaum users

Support Communications

When you submit a support ticket or engage in a live chat session through Plaum's in-app support system, we collect the content of your messages, any screenshots or attachments you provide, your account information, and the ticket category and status.

2.2 Information We Collect Automatically

Device and Technical Information

When you use Plaum, we automatically collect:

Device type (iPhone, Android phone) and model
Operating system name and version
Plaum app version
Expo push notification token (your device's unique identifier for push notification delivery via Apple Push Notification service / Firebase Cloud Messaging)
IP address (used for approximate geolocation, rate limiting, and fraud detection; not stored long-term in your user profile)
Session IDs and session start/end timestamps
App crash reports and error logs

Behavioral Event Data

Plaum collects anonymized behavioral events to understand how users interact with the platform and to improve our products. These events are collected in batches, sent at a threshold of 50 events or every 30 seconds (whichever occurs first). Each event record contains:

Event type (e.g., screen view, dish view, post impression, search query, feature entry)
Entity type and entity ID (e.g., the ID of a restaurant or dish being viewed)
Timestamp
Session ID
Device type (iOS or Android)

Behavioral event data does not contain email addresses, phone numbers, full names, or any other direct personal identifiers. Location data in events is limited to city-level granularity at most.

Order and Transaction History

We maintain a historical record of all orders you place through Plaum, including the restaurant, items ordered, prices, tip amount, order type (dine-in or pickup), order status transitions, and timestamps.

Social Graph Activity

We record your interactions within Plaum's social layer, including: follow and unfollow actions, the accounts you follow and the accounts that follow you, likes and saves on Crumbs, Palate Twin match scores and match history, and Twin Hunt participation and completion records.

2.3 Location Data

Location data is a core part of how Plaum works. We are transparent about how we collect it, what we use it for, and the controls you have.

Foreground Location (When the App Is Open)

When you are actively using the Plaum app, we collect your precise geographic coordinates (latitude and longitude) and derive your current city. We request the When In Use location permission on iOS and the While Using the App permission on Android. This location data is used to:

Show you nearby restaurants in your discovery feed
Enable location-based search (radius search around your current location)
Provide Plaum AI with your location context so it can give relevant food recommendations
Display estimated distance to restaurants

Background Location and Visit Geofencing (Explicit Opt-In Only)

Plaum offers an optional Visit Tracking feature that automatically logs when you visit a restaurant. This feature uses geofencing — a virtual perimeter of 40 metres radius around each restaurant location — combined with a minimum dwell time of 2 minutes before a visit is recorded. Background location is used solely for this geofencing purpose.

This feature is entirely optional and requires you to explicitly enable it. It is controlled by the Visit Tracking toggle located in your app settings (Settings > Privacy > Visit Tracking). By default, Visit Tracking is disabled. You may disable it at any time, which immediately stops background location collection.

We request the following permissions when Visit Tracking is enabled:

iOS: Always Allow location permission (NSLocationAlwaysAndWhenInUseUsageDescription)
Android: ACCESS_BACKGROUND_LOCATION

Visit log data (the restaurant name and timestamp of a visit) is stored in your account. This data is not sold to advertisers and is not shared with third parties for commercial purposes.

What We Do Not Do With Location Data

We do not sell your location data to data brokers or advertisers
We do not share precise location data with third parties for targeted advertising
We do not track your location continuously when the Visit Tracking feature is disabled

2.4 Camera and Media

Plaum requests access to your device's camera and photo library for the following specific purposes:

Camera: Scanning QR codes placed at restaurant tables to initiate dine-in orders
Photo Library: Uploading a profile avatar photo, and uploading food photos or short videos when creating a Crumb post

Media files you upload are transmitted over an encrypted connection to AWS S3 (Amazon Web Services Simple Storage Service) and delivered to other users via AWS CloudFront (a content delivery network). Uploaded photos and videos may be processed by AWS Rekognition for automated content moderation to detect explicit, violent, or otherwise prohibited content before publication.

2.5 Voice and Audio Data

Consumer Users — Plaum AI Voice Input (Mobile App)

Consumer users may interact with Plaum AI — Plaum's AI-powered food assistant — using their voice. To enable this, we request microphone and speech recognition permissions on your device. Here is exactly how your voice data is processed:

Audio is captured by your device's microphone while you are actively speaking a query
Speech-to-text conversion is performed on-device or via your device's operating system speech recognition API (provided by Apple or Google)
The resulting text transcript of your spoken query is transmitted to Plaum's backend servers over an encrypted connection
The text transcript is then sent to AWS Bedrock (using Anthropic's Claude model) for processing
Plaum retains: the text transcript of your query, Plaum AI's text response, a session identifier, and a timestamp
Raw audio recordings are not retained by Plaum after transcription is complete

Restaurant Staff — Kitchen AI Copilot Voice Input (Web Dashboard)

Restaurant staff using the Plaum web dashboard have access to the Kitchen AI Copilot (also powered by Plaum AI), which can be activated using the wake word "Plaum". Voice recognition for this feature is processed by the browser's built-in Web Speech API, which is handled by the user's browser vendor (e.g., Google Chrome, Microsoft Edge) and operating system — not by Plaum's servers.

Text-to-speech output (the AI's spoken responses) is generated by Inworld AI TTS, a third-party voice synthesis service. Only the AI-generated text string is sent to Inworld AI; no personally identifiable information about end users is transmitted.

Plaum logs the following data from Kitchen AI Copilot interactions:

The parsed intent of the voice command (e.g., "claim order," "update status")
A confidence score for the recognized intent
Whether the command succeeded or failed
A session identifier linking the interaction to a restaurant and staff account
Voice command transcripts, which are stored in the staff member's browser localStorage and transmitted to Plaum's backend for audit and quality assurance purposes

Plaum retains aggregated, anonymized voice interaction metrics to improve the Kitchen Copilot product.

2.6 Plaum AI Interaction Data

All text and voice queries submitted to Plaum AI (the consumer-facing chatbot in the mobile app) are processed by AWS Bedrock using Anthropic's Claude model. The following data is collected in connection with Plaum AI interactions:

Your message text (and voice transcripts, as described in Section 2.5)
Plaum AI's responses
Your current location context (approximate coordinates or city name) provided to Plaum AI to enable location-aware recommendations
Relevant profile context provided to Plaum AI: your dietary preferences, cuisine preferences, palate score, and recent order history
Session identifiers and timestamps

Conversation history (your messages and Plaum AI's responses) is retained in your account so Plaum AI can provide context across multiple sessions. You may delete your conversation history at any time from within the app (Settings > Plaum AI > Clear History).

When you authorize Plaum AI to take actions — such as adding items to your cart or initiating the checkout process — those actions are logged as part of your order history, exactly as if you had taken the same action manually.

AI Training: Plaum does not use your Plaum AI conversation content to train third-party AI models without your explicit, informed consent. Your conversations are processed for the purpose of delivering responses to you, not for model training by Anthropic or other third parties.

2.7 Authentication Data

Email and Password

Passwords are hashed using industry-standard cryptographic algorithms (bcrypt or equivalent). Plain-text passwords are never stored by Plaum after the initial hashing process and are never transmitted in plain text after account creation.

Google Sign-In (OAuth 2.0)

If you sign in with Google, we receive from Google the following information, limited to the scopes you authorize (openid, profile, email):

Your email address
Your Google display name
Your Google profile photo URL
A unique Google user identifier (the OAuth "sub" field)

We do not receive your Google password, Google search history, Gmail content, or any other Google account data beyond these basic profile fields. Your Google account data is used solely to create and authenticate your Plaum account.

Sign in with Apple (iOS Only)

If you use Sign in with Apple, we receive from Apple:

Your email address, or Apple's relay email address if you choose to hide your real email
Your name (first use only, if you choose to share it)
A unique, stable Apple user identifier

We honor Apple's email relay system — if Apple provides a relay address, we use it and do not attempt to identify your underlying Apple ID email.

Authentication Token Storage

Mobile app: Authentication tokens (JWT access tokens and refresh tokens) are stored exclusively in expo-secure-store, which uses the iOS Keychain and Android Keystore — hardware-backed secure enclaves on your device. Tokens are never stored in plain text or in unencrypted device storage.
Web dashboard: Session tokens are stored in httpOnly, Secure-flagged cookies. If you select "Remember Me" at login, a refresh token is also stored in your browser's localStorage for session persistence.

3 How We Use Your Information

3.1 Core Service Delivery

We use your information to operate and deliver the Plaum platform, including: creating and authenticating your account; displaying your personalized discovery and following feeds; processing dine-in and pickup orders; enabling live chat between customers and restaurant staff during an active order; and sending order confirmations, status updates, and receipts via push notification and email.

3.2 Personalization and AI Features

We use your taste preferences, palate score, dietary tags, order history, and behavioral signals to:

Compute and continuously refine your Palate Score
Run the Palate Twin matching algorithm — a graph-based compatibility engine powered by Neo4j — to identify and suggest users with compatible food profiles
Power Plaum AI food recommendations, in-app navigation assistance, and cart management
Rank your discovery feed based on proximity, preferences, social connections, and behavioral signals
Calculate your influence score for content reach and featured placement

3.3 Social Features

We use your content and social graph data to enable Crumb posting, liking, saving, and commenting; to power follow relationships and the following feed; to facilitate Twin Hunts (gamified paired food missions); to operate the Shared Space paired profile between matched Palate Twins; and to enable private direct messaging between users.

3.4 Restaurant Operations

For restaurant users, we use your data to enable real-time kitchen order queue management (via WebSocket), power restaurant analytics dashboards (profile views, post impressions, engagement rates, revenue summaries), administer loyalty point programs and promotional campaigns, and manage Stripe Connect payouts.

3.5 Payment Processing

We use payment-related information to process consumer payments via Stripe, route restaurant payouts via Stripe Connect, maintain transaction records for receipts, refunds, and dispute resolution, and comply with financial reporting and tax obligations.

3.6 Safety, Moderation, and Legal Compliance

We use your information to conduct automated content moderation of uploaded photos and videos via AWS Rekognition; to review content flagged by users or automated systems; to enforce our Community Standards and Terms of Service; to detect and prevent fraud, abuse, account compromise, and other harmful activity; and to comply with applicable laws, court orders, and regulatory requirements.

3.7 Communications

We use your contact information to send: transactional emails (order confirmations, receipts, email verification, password resets, restaurant staff invitations) via Resend; push notifications for order updates, social activity, Palate Twin milestones, and Twin Hunt events; and responses to support tickets and live chat sessions. You can manage push notification preferences in your device settings.

3.8 Analytics and Product Improvement

We analyze aggregated, anonymized behavioral event data to understand how features are used and to guide product improvements. We use error tracking (Sentry, on the web dashboard) and crash reporting to identify and fix technical issues. We may conduct A/B testing of new features using anonymized data.

3.9 Legal Basis for Processing (GDPR — EEA and UK Users)

For users in the European Economic Area and the United Kingdom, we rely on the following legal bases for processing your personal data:

Contract (Article 6(1)(b)): Processing necessary to deliver the service you signed up for — account management, order processing, content delivery, payment processing
Legitimate Interests (Article 6(1)(f)): Fraud prevention, security monitoring, product analytics, content moderation, and customer support
Consent (Article 6(1)(a)): Background location tracking (Visit Tracking), marketing emails, and any optional data enrichment features
Legal Obligation (Article 6(1)(c)): Retaining transaction records for tax and financial compliance; responding to lawful legal requests

4 How We Share Your Information

4.1 With Other Plaum Users

Depending on your privacy settings, the following information may be visible to other Plaum users:

Your username, display name, avatar, and bio (public profile)
Your Crumbs and the restaurants/dishes you have tagged
Your follower count and the accounts you follow (if your profile is public)
Your Palate Score (visible on your profile)
Your Palate Twin match score (visible only to your matched twin)
Content shared in the Shared Space (visible only to the two matched users)
Direct messages (visible only to the sender and recipient)

4.2 With Restaurant Partners

When you place an order through Plaum, we share the following information with the restaurant fulfilling your order:

Your first name
Your order items, quantities, modifiers, and special instructions
Your tip amount and order total
Your order type (dine-in, including table number, or pickup)

We do not share your email address, phone number, payment card information, or full name with restaurant partners.

4.3 With Third-Party Service Providers

We share data with the following third-party service providers strictly as necessary to operate our platform. Data Processing Agreements (DPAs) are in place with providers where required by GDPR and applicable privacy law.

Provider	Purpose	Data Shared
Stripe, Inc.	Payment processing, restaurant payouts (Stripe Connect)	Transaction amounts, Stripe customer ID, Stripe Connect account data
Google Maps / Google LLC	Restaurant map views and location search (mobile app)	Location coordinates
Google LLC (Sign-In)	OAuth 2.0 authentication	OAuth tokens (email, display name, profile photo URL)
Apple Inc. (Sign In with Apple)	OAuth authentication (iOS)	OAuth tokens (email or relay email, Apple user ID)
AWS Bedrock / Anthropic Claude	Plaum AI consumer chatbot response generation	Message text, user context (location, preferences, order history)
Inworld AI	Kitchen Copilot text-to-speech synthesis (web dashboard)	AI-generated text strings only; no end-user PII transmitted
AWS S3 / CloudFront	Media storage and CDN delivery	Uploaded photos and videos (user-generated content)
AWS Rekognition	Automated content moderation	Uploaded photos and videos
Supabase	PostgreSQL database and authentication infrastructure	All user data stored in the primary relational database
Neo4j Aura	Social graph database; Palate Twin matching algorithm	User IDs, follow relationships, palate preference scores
Upstash Redis	Caching layer (feed cache, rate limiting)	Temporary cached data (TTL-bound; expires automatically)
Confluent Kafka	Event streaming and behavioral analytics pipeline	Anonymized behavioral event payloads
Resend	Transactional email delivery	Email address, email content (order confirmations, account emails)
Sentry	Error tracking and crash monitoring (web dashboard)	Anonymized stack traces, session context, user ID
Expo / FCM / APNs	Push notification delivery (iOS and Android)	Device push token, notification payload

4.4 Business Transfers

In the event of a merger, acquisition, financing, reorganization, or sale of all or a portion of Plaum's assets, your personal information may be transferred to the acquiring entity or successor. We will provide advance notice to affected users via email and/or in-app notification before such a transfer occurs and will provide opt-out mechanisms where legally required.

4.5 Legal Disclosures

We may disclose your personal information when required by applicable law, court order, subpoena, or lawful request from a governmental or regulatory authority. We may also disclose information when we believe in good faith that disclosure is necessary to: (a) protect the safety, rights, or property of Plaum, its users, or the public; (b) detect, investigate, or prevent fraud or illegal activity; or (c) comply with applicable legal obligations.

4.6 What We Do Not Do

We do not sell your personal information to data brokers, marketers, or advertisers
We do not share your data with social media platforms for advertising targeting purposes
We do not share raw precise location data with third parties for commercial or marketing purposes
We do not use your Crumbs, dietary preferences, or order history to build advertising profiles for third-party ad networks

5 Data Retention

5.1 While Your Account Is Active

We retain your personal data for as long as your account is active and as long as is necessary to provide you with the Plaum service. Specifically:

Account profile data — retained for the lifetime of your account
Order and transaction history — retained for a minimum of 7 years from the transaction date, in compliance with Canadian and international tax and financial record-keeping requirements
Plaum AI conversation history — retained for 12 months from the date of each conversation, then automatically and permanently deleted, unless you choose to delete it sooner
Behavioral event data (anonymized) — retained in aggregated analytics stores for up to 24 months
Support tickets and chat history — retained for the lifetime of your account plus 2 years for quality assurance and dispute resolution purposes

5.2 Upon Account Deletion

When you delete your Plaum account, we will:

Permanently delete your profile, username, bio, avatar, dietary preferences, and cuisine preferences within 30 days of the deletion request
Remove your Crumbs, comments, likes, saves, and social connections within 30 days
Permanently delete your Plaum AI conversation history within 30 days
Delete your media files (photos and videos stored on AWS S3) within 30 days
Retain transaction records and financial data for the legally required period (typically 7 years from the transaction date) with personally identifiable information minimized where legally permissible

5.3 Backup Retention

Encrypted database backups may retain data for up to 90 days after deletion before being purged from backup rotation cycles. This means your data may persist in encrypted backups for up to 90 days after a deletion request, even though it is no longer accessible through the Plaum interface.

6 Your Rights and Choices

6.1 Rights Under GDPR (European Economic Area and United Kingdom Users)

If you are located in the EEA or UK, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:

Right of Access: Request a copy of all personal data we hold about you
Right to Rectification: Request correction of inaccurate or incomplete personal data
Right to Erasure ("Right to Be Forgotten"): Request permanent deletion of your personal data, subject to legal retention requirements
Right to Data Portability: Receive your personal data in a structured, machine-readable format (JSON or CSV) so you can transfer it to another service
Right to Restriction of Processing: Request that we limit our processing of your data while a dispute is under review
Right to Object: Object to processing of your data based on legitimate interests
Right to Withdraw Consent: Withdraw consent at any time for consent-based processing (e.g., background location tracking, marketing emails), without affecting the lawfulness of prior processing

6.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

Right to Know: The right to know what personal information we collect, use, disclose, and share about you
Right to Delete: The right to request deletion of your personal information
Right to Correct: The right to request correction of inaccurate personal information
Right to Opt Out of Sale: Plaum does not sell personal information. No opt-out action is required.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights

6.3 Rights Under PIPEDA (Canadian Users)

If you are a Canadian resident, you have the following rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation:

Right of Access: Request access to the personal information we hold about you and information about how it has been used and disclosed
Right to Correction: Challenge the accuracy and completeness of your personal information and have it corrected
Right to Withdraw Consent: Withdraw consent to our collection, use, or disclosure of your personal information, subject to legal and contractual restrictions

6.4 How to Exercise Your Rights

To submit a data access, correction, deletion, or portability request, contact us at:

Email: admin@plaum.co
Subject Line Guidance: Use "Privacy Request — [Your Username]" for general requests; "GDPR Request" or "CCPA Request" or "PIPEDA Request" for jurisdiction-specific requests.

We will respond within 30 days for GDPR requests, 45 days for CCPA requests, and 30 days for PIPEDA requests. We may require identity verification before processing your request to protect your account security.

6.5 In-App Controls

You can exercise many privacy choices directly within the Plaum app:

Visit Tracking: Settings > Privacy > Visit Tracking (toggle to enable or disable background geofencing)
Push Notifications: Settings > Notifications (manage notification preferences per category)
Plaum AI History: Settings > Plaum AI > Clear History (delete your AI conversation history)
Account Deletion: Settings > Account > Delete Account
Profile Visibility: Settings > Privacy (set your profile to public or followers-only)
Content Deletion: Delete individual Crumbs, comments, or messages from within the app at any time

6.6 Marketing Communications

You may unsubscribe from any Plaum marketing or promotional emails at any time by clicking the unsubscribe link at the bottom of any such email. Please note that transactional emails — such as order receipts, payment confirmations, email verification messages, and security alerts — are a required part of the service and cannot be opted out of while your account is active.

7 Third-Party Services and Links

7.1 Stripe

Consumer payments and restaurant payouts are processed by Stripe, Inc., a PCI-DSS Level 1 certified payment processor. Stripe's Privacy Policy governs any personal data you submit directly to Stripe's payment forms, including card numbers and billing addresses. Plaum does not store, transmit, or process raw payment card data on its own servers. By using Plaum's payment features, you also agree to Stripe's Privacy Policy.

7.2 Google

If you use Google Sign-In to authenticate your Plaum account, you are subject to Google's Privacy Policy. Plaum requests only the minimum OAuth 2.0 scopes required for authentication (openid, profile, email). Your Google account data is used exclusively to create and authenticate your Plaum account and is not used for advertising or shared with third parties beyond what is described in Section 4.3. The Plaum mobile app also uses the Google Maps SDK for location-based features; this is subject to Google's Maps API Terms.

7.3 Apple

If you use Sign in with Apple on an iOS device, you are subject to Apple's Privacy Policy. Plaum fully honors Apple's private email relay system. If Apple provides a relay address instead of your real email, Plaum uses the relay address and does not attempt to identify or correlate your underlying Apple ID email.

7.4 Amazon Web Services (AWS)

Plaum's media storage (S3), content delivery (CloudFront), AI processing (Bedrock/Claude), and automated content moderation (Rekognition) infrastructure is hosted on Amazon Web Services. AWS acts as a sub-processor of personal data on our behalf. AWS Data Processing Agreements are in place where required by GDPR and applicable privacy legislation.

7.5 Inworld AI

The Kitchen AI Copilot on the Plaum restaurant web dashboard uses Inworld AI for text-to-speech synthesis. Only the AI-generated text strings (the Copilot's responses) are sent to Inworld AI for audio generation. No personally identifiable information about restaurant staff or end consumers is transmitted to Inworld AI in connection with this feature.

7.6 Sentry

Sentry is used for error monitoring and crash tracking on the Plaum restaurant web dashboard. Sentry may receive anonymized stack traces, session context, and user IDs (not email addresses or names) to assist in debugging technical issues. Sentry does not receive payment data or AI conversation data.

7.7 Third-Party Links and Restaurant Websites

The Plaum platform may display links to third-party restaurant websites, social media profiles, or external menus. Plaum is not responsible for the privacy practices, content, or security of any third-party website. We encourage you to review the privacy policies of any external sites you visit.

8 Children's Privacy

Plaum is not intended for use by individuals under the age of 13. We do not knowingly collect personal information from children under 13. Users between the ages of 13 and 17 must have parental or legal guardian consent to create an account and use Plaum.

If we become aware that we have inadvertently collected personal information from a child under 13 without verified parental consent, we will take immediate steps to delete that information from our systems. If you are a parent or legal guardian and believe your child has created a Plaum account without your consent, please contact us at admin@plaum.co with the subject line "Child Privacy — [child's username or email]" and we will promptly investigate and delete the account and associated data.

9 Data Security

9.1 Technical Safeguards

Plaum implements a range of technical security measures to protect your personal information:

Encryption in transit: All data transmitted between your device and Plaum's servers is encrypted using TLS 1.2 or higher. WebSocket connections (used for real-time order updates) use WSS (WebSocket Secure)
Encryption at rest: Database data stored in Supabase PostgreSQL is encrypted using AES-256 at rest. AWS S3 buckets are encrypted using AWS-managed keys
Secure token storage (mobile): Authentication tokens are stored in expo-secure-store, which leverages iOS Keychain and Android Keystore — hardware-backed secure enclaves that protect cryptographic material
Secure session cookies (web): Web dashboard session cookies are configured with httpOnly and Secure flags, preventing JavaScript access and requiring HTTPS transport
Payment security: Plaum is PCI-DSS compliant by design — all card data is handled exclusively by Stripe; Plaum's infrastructure never touches raw payment credentials
Password hashing: Passwords are hashed using bcrypt or equivalent before storage; plain-text passwords are never retained

9.2 Access Controls

Access to user data within Plaum's organization is restricted on a strict need-to-know basis. Production database access requires multi-factor authentication. Within the restaurant platform, staff access is role-scoped — staff accounts (non-admin) have read-only access to most restaurant data and cannot modify menu items, settings, or billing information.

9.3 Security Incident Response

In the event of a data breach or security incident that is likely to result in a risk to your rights and freedoms, we will notify affected users within 72 hours of becoming aware of the breach, as required under GDPR. We will provide notice through applicable in-app notifications and/or email, and will cooperate with applicable regulatory authorities as required.

9.4 Limitations

While we implement industry-standard security measures, no system or method of electronic data transmission or storage is completely secure. We cannot guarantee the absolute security of your personal information. You are responsible for maintaining the confidentiality of your account password and for any activity that occurs under your account. If you suspect unauthorized access to your account, please contact us immediately at admin@plaum.co.

10 International Data Transfers

Plaum Inc. is incorporated and headquartered in Ontario, Canada. Our infrastructure — including databases (Supabase), AI processing (AWS Bedrock), graph databases (Neo4j Aura), and object storage (AWS S3) — is hosted primarily in the Canada.

If you access Plaum from the European Economic Area (EEA), the United Kingdom, or other jurisdictions with legal restrictions on cross-border data transfers, your personal information will be transferred to and processed in Canada.

For users in the EEA and UK, we rely on the following legal mechanisms to legitimize cross-border data transfers where applicable:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to non-adequate countries
Canada's adequacy status under the European Commission's adequacy decisions, applicable to transfers to Plaum Inc. in Canada

By using Plaum, you acknowledge and consent to the transfer of your personal information to Canada as described in this policy.

11 Cookies and Tracking Technologies

11.1 Plaum Mobile App

The Plaum iOS and Android mobile app does not use browser cookies. Instead, we use:

expo-secure-store for secure authentication token storage (iOS Keychain / Android Keystore)
In-memory state management (Zustand) for session state during an active app session
Upstash Redis for server-side feed caching with automatic TTL expiration
Batched behavioral event collection as described in Section 2.2

11.2 Plaum Restaurant Web Dashboard

The restaurant web dashboard uses the following client-side storage:

httpOnly session cookies for authentication (access token)
Browser localStorage for:
- Refresh token (if "Remember Me" is selected)
- Kitchen AI Copilot session history and conversation context (per restaurant/user session)
- UI preferences (language/locale, widget dock position)
- Order state persistence (active order information between page navigations)
No third-party advertising cookies, tracking pixels, or social media widgets are used on the restaurant web dashboard

11.3 Plaum Landing Website

The Plaum marketing website (plaum.co) may use functional cookies for navigation and performance purposes. If analytics tools are used on the landing website, they will be described in this policy with applicable opt-out mechanisms.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the products and services we offer, or applicable law. When we make changes, we will:

Post the updated policy on this page with a revised "Last Updated" date
Send an in-app notification for material changes that affect how we use your personal data
Send an email notification for material changes, where required by law

Your continued use of Plaum after the effective date of any changes constitutes your acceptance of the updated Privacy Policy. If you do not agree to the updated policy, you should stop using Plaum and may request deletion of your account and personal data as described in Section 6.

13 Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or Plaum's data practices, please contact us:

Plaum Inc.
Ontario, Canada

Michael Nwaeze — Co-founder & CEO
Alexis Mugisha — Co-founder & CTO

All Privacy, Legal & Support Inquiries:
Email: admin@plaum.co

When contacting us about a privacy request, please include in the subject line:

"Privacy Request — [Your Username]" for general data access or deletion requests
"GDPR Request" for European/UK privacy rights requests
"CCPA Request" for California privacy rights requests
"PIPEDA Request" for Canadian privacy rights requests

Including your username and the type of request in the subject line helps us respond to you faster.