Privacy Policy

Effective Date: January 2025 • Version 1.0

Overview

This Privacy Policy describes how Thyme 2 Play LLC ("T2P," "we," "us") collects, uses, and protects information when you use the RGP Platform ("Platform").

We built the Platform for restaurant operators. We understand your data is sensitive—employee information, financial records, customer details. We treat it accordingly.

1. Information We Collect

1.1 Account Information

When you subscribe, we collect:

• Business name and contact information
• Email addresses for account administrators
• Billing information (processed by Stripe—we don't store full payment details)

1.2 Operational Data You Provide

Through your use of the Platform, you may input:

• Employee Data: Names, contact information, roles, schedules, compensation, performance records
• Menu Data: Items, recipes, pricing, ingredients, configurations
• Financial Data: Sales records, costs, reports
• Customer Data: Loyalty program information, contact details, preferences
• Operational Data: Equipment inventories, vendor information, compliance records

1.3 Data from Integrations

With your authorization, we receive data from:

• POS Systems (Toast, Square, etc.): Sales, menu items, employee time entries
• Scheduling Systems (Sling, 7Shifts, etc.): Schedules, time tracking
• Other Integrations: As you configure

1.4 Usage Data

We automatically collect:

• Login times and session duration
• Features accessed
• Error logs and performance data
• Device and browser information

1.5 AI Interactions

When you interact with AI features:

• Queries and responses are processed to provide the service
• Conversations may be used to improve AI performance (anonymized)
• We do not use your specific business data to train models for other customers

2. How We Use Information

2.1 To Provide the Service

• Operating and maintaining your Platform access
• Processing transactions and sending invoices
• Providing customer support
• Delivering reports and analytics you request

2.2 To Improve the Platform

• Analyzing usage patterns (aggregated/anonymized)
• Identifying bugs and performance issues
• Developing new features
• Improving AI accuracy and helpfulness

2.3 To Communicate

• Service announcements and updates
• Billing notifications
• Support responses
• Product news (you can opt out)

2.4 To Protect and Comply

• Preventing fraud and abuse
• Enforcing our Terms of Service
• Complying with legal obligations

3. Information Sharing

3.1 We Do Not Sell Your Data

3.2 Service Providers

We share data with vendors who help operate the Platform:

These providers are contractually bound to protect your data and use it only for the specified purposes.

3.3 Integrations You Authorize

When you connect third-party services (Toast, Sling, etc.), data flows between the Platform and those services according to your configuration and their privacy policies.

3.4 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect the rights, property, or safety of T2P, our users, or others.

3.5 Business Transfers

If T2P is acquired or merged, your information may transfer to the new owner. We will notify you before any such transfer.

4. Data Security

4.1 Technical Measures

• Data encrypted in transit (TLS) and at rest
• Access controls and authentication
• Regular security assessments
• Secure cloud infrastructure

4.2 Operational Measures

• Limited employee access to customer data
• Confidentiality agreements
• Security training
• Incident response procedures

4.3 Your Role

Security is shared. You are responsible for:

• Keeping login credentials secure
• Using strong passwords
• Controlling who has account access
• Reporting suspected breaches promptly

4.4 Breach Notification

5. Data Retention

5.1 Active Accounts

We retain your data while your subscription is active and for a reasonable period after to support business continuity and legal compliance.

5.2 After Termination

• You have 30 days after subscription ends to export your data
• After 30 days, we delete your operational data from active systems
• Some data may persist in backups for up to 90 days
• Aggregated, anonymized data may be retained indefinitely

5.3 Legal Holds

We may retain data longer if required for legal proceedings, audits, or regulatory compliance.

6. Your Rights

6.1 Access and Export

You can access and export your data at any time through the Platform's export features.

6.2 Correction

You can correct inaccurate data directly in the Platform or by contacting us.

6.3 Deletion

You can request deletion of your data by contacting us. Some data may be retained as described in Section 5.

6.4 Portability

Your data exports are provided in standard formats (CSV, JSON, PDF) for use with other systems.

6.5 Opt-Out

You can opt out of marketing communications by clicking "unsubscribe" or contacting us. Service-related communications cannot be opted out while subscribed.

7. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: What personal information we collect and how we use it
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: We do not sell personal information
• Non-Discrimination: We will not discriminate against you for exercising these rights

To exercise these rights, contact us at privacy@sageops.io.

8. Employee and Customer Data

8.1 Your Employees

You input employee data into the Platform. You are the data controller for this information. You are responsible for:

• Providing required notices to employees
• Obtaining necessary consents
• Responding to employee data requests
• Complying with employment privacy laws

We process employee data as your service provider (data processor).

8.2 Your Customers

If you store customer information in the Platform (loyalty programs, etc.), similar responsibilities apply. You control how customer data is collected and used.

9. AI and Automated Processing

9.1 How AI Works

The Platform uses AI to provide operational assistance, generate documents, answer questions, and make recommendations.

9.2 Human Oversight Required

9.3 No Fully Automated Decisions

We do not make significant decisions about you or your employees based solely on automated processing. AI assists; humans decide.

9.4 AI Data Usage

• Your queries are processed to generate responses
• We may use anonymized interaction patterns to improve AI
• Your specific business data is not used to train models for other customers

10. Cookies and Tracking

10.1 Essential Cookies

We use cookies necessary for the Platform to function:

• Authentication and session management
• Security features
• User preferences

10.2 Analytics

We may use analytics tools to understand Platform usage. This data is aggregated and does not identify individuals.

10.3 No Advertising Tracking

We do not use advertising cookies or sell data to advertisers.

11. Children's Privacy

The Platform is designed for business use and is not intended for individuals under 18. We do not knowingly collect information from children.

12. International Data

12.1 Data Location

The Platform is hosted in the United States. By using the Platform, you consent to the transfer and processing of your data in the US.

12.2 International Users

If you are outside the US, your data will be transferred to and processed in the US, which may have different data protection laws than your country.

13. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by:

• Email to account administrators
• Notice in the Platform

Continued use after changes constitutes acceptance.

14. Contact Us

Questions or concerns about privacy?

Thyme 2 Play LLC
Email: privacy@sageops.io
Website: sageops.io

For Terms of Service, see: sageops.io/terms