Privacy Policy
Last updated: 17 April 2026
ServeFlow Ops ("ServeFlow", "we", "our", or "us") provides operational
software for hospitality businesses. This Privacy Policy explains what
information we collect when you and your team use ServeFlow Ops, how we
use it, and the choices you have. It applies to our website at
serveflowops.replit.app
and our iOS and Android apps.
Who is the data controller?
The buyer of a ServeFlow workspace (the business owner who creates the
organisation) is the controller of the operational data their team
enters. ServeFlow acts as the processor of that data. For account-level
information (the user record itself, billing email, login credentials),
ServeFlow is the controller.
What we collect
- Account information — name, email address, hashed password, the organisation and location you belong to, your role (admin or staff), the date you joined.
- Operational data — checklists, tasks, notes, photos, inventory entries, supplier records, issue reports, AI scan results, and other content you or your team enters into the app.
- Billing information — for paid workspaces only. We do not store full card details. Payment processing is handled by Stripe (stripe.com/privacy); we store the Stripe customer and subscription identifiers and your plan history.
- Device and usage information — basic event logs such as feature usage, error reports, and request timestamps used to keep the service running and to debug issues.
- Communications — emails or messages you send to support.
What we do not collect
- We do not sell personal information.
- We do not run third-party advertising trackers in the app.
- We do not collect location, microphone, contacts, or background data unless you explicitly use a feature that needs it (for example, taking a photo for an issue report uses the camera).
How we use it
- To operate ServeFlow Ops — let you sign in, sync data across your team, and use the features your plan includes.
- To process subscription payments through Stripe and to provision, upgrade, downgrade, or cancel your plan.
- To respond to support requests.
- To detect and prevent abuse, fraud, or attempted unauthorised access.
- To improve the product through aggregated, non-identifying usage analytics.
Sub-processors
We rely on a small number of third parties to run the service:
- Stripe — payment processing for paid plans.
- OpenAI — when you use AI features (e.g. inventory scan), the relevant input is sent to OpenAI under their API terms. OpenAI does not retain API content for model training.
- Replit — application hosting and managed PostgreSQL database.
Where data lives
Operational and account data are stored in a managed PostgreSQL database
operated by Replit. Backups are encrypted at rest. We use TLS for all
data in transit.
Retention
We keep your data for as long as your account is active. When you delete
your account from inside the app (Settings → Delete Account), we
permanently delete your user record. If you are the sole admin of an
organisation, that organisation and all of its operational data are
also deleted at the same time, and any active Stripe subscription is
cancelled immediately.
Your rights
You may at any time:
- Update your name from inside the app (Settings → Account).
- Reset your password through the email-based reset flow.
- Cancel your subscription from the website (paid plans).
- Delete your account from inside the app (Settings → Delete Account).
- Contact us to request a copy of the data we hold about you, or to ask us to correct or delete it.
Children
ServeFlow Ops is a workplace tool for hospitality businesses and is not
directed at children. We do not knowingly collect data from anyone
under 16.
Changes
If we make material changes to this Policy we will update the date at
the top and, where appropriate, notify the workspace admin by email.
Contact