KitchenSync Privacy Policy

Last Updated: February 20, 2026

1. Introduction

KitchenSync (“we,” “our,” or “us”) is committed to protecting the privacy and security of the personal and financial information entrusted to us by our clients (“Clients”), their employees (“End Users”), and visitors to our website (“Visitors”). This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our restaurant financial operations platform, including our website, web-based applications, mobile applications, APIs, and related services (collectively, the “Services”).

Our Services include financial management, bookkeeping, accounts payable processing, payroll administration, human resources management, team communication, operational reporting, and related advisory services for restaurant businesses. We integrate with various third-party platforms—including Intuit QuickBooks Online, point-of-sale systems, payroll processors, and other financial service providers—to deliver these Services on behalf of our Clients.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use our Services.

2. Information We Collect

2.1 Information You Provide

We collect information that you voluntarily provide to us when you register for our Services, engage our financial management services, or otherwise communicate with us. This may include:

  • Business name, legal entity information, address, and contact information

  • Names, email addresses, phone numbers, and job titles of authorized representatives and account administrators

  • Financial account information, including bank account numbers and routing numbers necessary to facilitate services on your behalf

  • Credentials and authorization tokens for accounting software (e.g., QuickBooks Online), point-of-sale systems, payroll processors, and other third-party platforms you authorize us to access

  • Tax identification numbers (TINs) and employer identification numbers (EINs)

  • Employee information provided for payroll administration, benefits enrollment, human resources services, and team communication, including names, contact information, compensation details, tax withholding elections, and work schedules

  • Vendor and supplier information, including company names, contact information, and payment details

  • Transaction records, invoices, receipts, purchase orders, and other financial documents

  • Communications you send to us, including support requests, feedback, and survey responses

2.2 Information Collected Automatically

When you access our Services, we may automatically collect certain information, including:

  • Device information (e.g., device type, operating system, browser type, device identifiers)

  • Log data (e.g., access times, pages viewed, IP address, referring URL)

  • Usage information related to your interaction with our platform, including features accessed, actions taken, and time spent on various sections

  • Mobile application data, including push notification tokens and app version information, if you use our mobile applications

2.3 Information from Third-Party Services

With your explicit authorization, we access and collect financial and operational data from third-party services to provide our Services. These third-party services include but are not limited to:

  • Intuit QuickBooks Online (via the Intuit QuickBooks API) – accounting data including chart of accounts, journal entries, invoices, bills, payments, vendor records, customer records, and financial reports

  • Point-of-sale systems (e.g., Toast, Square, Clover) – sales transactions, daily sales summaries, sales tax collected, menu item data, and employee timecard records

  • Payroll processors – payroll records, employee compensation data, tax withholding information, and payment histories

  • Other financial platforms as authorized by you – transaction histories, account balances, and other financial information necessary to perform our Services

We access this data solely to provide the financial management, reporting, and operational services described in our service agreement with you. We practice data minimization and request only the specific data scopes required to deliver the Services you have engaged.

2.4 Cookies and Similar Technologies

We use cookies, local storage, and similar tracking technologies to maintain session state, remember your preferences, and analyze usage patterns. You can control cookies through your browser settings. Disabling cookies may limit certain functionality of our Services. We do not use third-party advertising cookies or tracking pixels for the purpose of serving targeted advertisements.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, maintain, and improve our financial management, bookkeeping, accounts payable, payroll administration, human resources, team communication, and advisory Services

  • To prepare financial statements, profit-and-loss reports, cash flow analyses, tax filings, and other deliverables as described in our service agreements

  • To process transactions, manage vendor payments, and facilitate payroll operations on your behalf

  • To send operational notifications, alerts, and reports through our platform and communication tools

  • To communicate with you regarding your account, service updates, scheduled maintenance, and support inquiries

  • To comply with applicable laws, regulations, and legal processes, including tax reporting obligations

  • To detect, prevent, and address fraud, security issues, and technical problems

  • To improve and develop new features, services, and functionality

  • To compile anonymized, aggregate benchmarking data that does not identify any individual Client or End User, for use in industry reporting and internal analytics (see Section 4.3 for specific limitations on QuickBooks API data)

4. QuickBooks Online API Data

4.1 Authorization and Access

We integrate with the Intuit QuickBooks Online API to access and manage financial data on behalf of our Clients. Our use of data obtained through the QuickBooks Online API is governed by the following commitments:

  • We access QuickBooks Online data only with your explicit authorization via the OAuth 2.0 authentication flow provided by Intuit. We request only the API scopes necessary to deliver the specific Services you have engaged.

  • We use QuickBooks Online data exclusively to provide the bookkeeping, financial reporting, accounts payable management, and related financial services described in our service agreement with you.

  • We do not sell, rent, lease, or trade any data obtained through the QuickBooks Online API to any third party for any reason.

  • We do not use QuickBooks Online API data for advertising, marketing to third parties, consumer profiling, or any purpose unrelated to providing our Services directly to you.

  • We do not share QuickBooks Online API data obtained from your account with other KitchenSync clients or any unrelated third parties.

  • QuickBooks Online API data is not used as an input for training machine learning models, artificial intelligence systems, or similar technologies, except where such processing is performed solely to deliver Services to you and the resulting models are not shared with or applied to other clients.

4.2 Disconnect and Data Deletion

You may revoke our access to your QuickBooks Online data at any time through any of the following methods:

  • Disconnecting our application from your QuickBooks Online account via the Intuit App Center or your QuickBooks Online settings

  • Using the disconnect functionality within the KitchenSync platform

  • Contacting us directly at [email protected]

Upon disconnection or revocation of access:

  • We will immediately cease making API calls to your QuickBooks Online account.

  • We will cease using your QuickBooks Online data to provide active Services.

  • We will retain previously accessed QuickBooks Online data only as necessary to fulfill our contractual obligations, comply with legal and regulatory requirements (including tax record retention), and resolve any pending disputes. Such retained data will be handled in accordance with Section 7 (Data Retention) of this Policy.

  • You may request deletion of all QuickBooks Online-sourced data by contacting us at [email protected]. We will process deletion requests within thirty (30) days, subject to legal retention obligations.

4.3 Benchmarking Exclusion

Any anonymized, aggregate benchmarking data we compile (as described in Section 3) is derived from our proprietary analyses and does not include raw data obtained directly through the QuickBooks Online API. We do not transmit or expose QuickBooks Online API data to any benchmarking, analytics, or data aggregation services operated by third parties.

5. Disclosure of Your Information

We do not sell your personal or financial information. We may share your information only in the following limited circumstances:

  • With your authorized representatives, account administrators, and designated employees, as necessary to provide our Services

  • With third-party service providers who assist us in delivering our Services (e.g., cloud hosting providers, payment processors, payroll service providers, communication infrastructure providers), subject to written confidentiality obligations and data processing agreements that restrict their use of your data to performing services on our behalf

  • With financial institutions and payment networks solely as necessary to process transactions you have authorized through our platform

  • With regulatory authorities, tax agencies, or government bodies as required by applicable law or as necessary to fulfill tax filing and reporting obligations on your behalf

  • In response to a valid court order, subpoena, or other compulsory legal process

  • To protect the rights, property, or safety of KitchenSync, our Clients, End Users, or the public, including to enforce our agreements and prevent fraud

  • In connection with a merger, acquisition, reorganization, or sale of all or substantially all of our assets, provided the acquiring entity agrees to be bound by this Privacy Policy and we provide you with notice of such transfer

5.1 Subprocessors

We maintain a list of categories of subprocessors who may access your data in the course of providing our Services. These categories include cloud infrastructure providers, database hosting services, email and communication services, payment processing partners, and payroll administration services. All subprocessors are bound by written data processing agreements. A current list of subprocessor categories is available upon request by contacting [email protected].

6. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect the confidentiality, integrity, and availability of your information. These measures include:

  • Encryption of data in transit using TLS 1.2 or higher and encryption of data at rest using AES-256 or equivalent standards

  • Role-based access controls limiting data access to authorized personnel on a need-to-know basis

  • Secure credential storage using industry-standard encryption and hashing techniques; OAuth tokens and API credentials are never stored in plaintext

  • Regular security assessments, vulnerability scanning, and penetration testing

  • Use of SOC 2-audited or similarly certified cloud infrastructure providers for hosting and data storage

  • Logging and monitoring of access to sensitive data and systems

  • Employee security awareness training and background checks for personnel with access to client data

  • Incident response procedures for identifying, containing, and remediating security events

While we strive to protect your information using industry best practices, no method of transmission over the Internet or method of electronic storage is entirely secure, and we cannot guarantee absolute security.

6.1 Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal or financial information, we will notify affected Clients and, where required, affected individuals and regulatory authorities, in accordance with applicable data breach notification laws. Notification will include a description of the incident, the types of data affected, and the steps we are taking to remediate the issue and prevent recurrence.

7. Data Retention

We retain your information for as long as necessary to fulfill the purposes for which it was collected, to provide our Services under your active service agreement, and to comply with our legal, regulatory, and contractual obligations. Specific retention periods include:

  • Active service data: Retained for the duration of your service agreement and for a reasonable transition period thereafter (not to exceed ninety (90) days following termination, unless otherwise agreed).

  • Financial records and tax-related data: Retained for a minimum of seven (7) years following the applicable tax year, or as otherwise required by applicable law.

  • System logs and usage data: Retained for up to twenty-four (24) months for security, troubleshooting, and service improvement purposes.

  • Anonymized, aggregate data: May be retained indefinitely as it does not identify any individual Client, End User, or natural person.

Upon termination of our service agreement, we will provide you with reasonable access to export your financial information as set forth in our Terms of Service. Following the applicable retention period, data will be securely deleted or anonymized.

8. Your Rights and Choices

Depending on your jurisdiction, you may have certain rights with respect to your personal information, including:

  • The right to access the personal information we hold about you and receive a copy in a portable format

  • The right to request correction of inaccurate or incomplete information

  • The right to request deletion of your personal information, subject to legal and contractual retention obligations

  • The right to revoke authorization for third-party data access (e.g., disconnecting QuickBooks Online, POS systems, or other integrated platforms)

  • The right to restrict or object to certain processing of your personal information

  • The right to opt out of certain data uses where applicable under law

  • The right to lodge a complaint with a supervisory authority in your jurisdiction

To exercise any of these rights, please contact us at [email protected]. We will respond to verified requests within the timeframes required by applicable law, and in no event later than forty-five (45) days from receipt of the request.

9. California Privacy Rights

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Specifically:

  • We do not sell or share personal information as defined under the CCPA/CPRA.

  • You have the right to know what personal information we collect, use, and disclose.

  • You have the right to request deletion of your personal information, subject to certain exceptions.

  • You have the right to correct inaccurate personal information.

  • You have the right to opt out of the sale or sharing of personal information (not applicable, as we do not sell or share personal information).

  • You will not be discriminated against for exercising your privacy rights.

To submit a request related to your California privacy rights, please contact us at [email protected] or call us at the phone number listed on our website. We may need to verify your identity before processing your request.

10. Children’s Privacy

Our Services are designed for use by businesses and are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take prompt steps to delete such information.

11. International Data Transfers

Our Services are primarily hosted and operated in the United States. If you access our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction. By using our Services, you consent to the transfer of your information to the United States and the processing of your information in accordance with this Privacy Policy.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by posting the updated Privacy Policy on our website, updating the “Last Updated” date above, and, where appropriate, sending notice via email or through our platform. Your continued use of our Services after any changes constitutes your acceptance of the updated Privacy Policy. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

KitchenSync

Email: [email protected]

Website: www.kitchensync.us

For data access, correction, deletion, or disconnect requests, please email [email protected] with the subject line “Privacy Request” and include your company name and the specific request.