Privacy Policy

Saltline ("we," "us," or "our") operates saltline.cc and provides restaurant management and prediction services to its subscribers. This policy explains what information we collect, how we use it, and what rights you have over it.

1. What we collect

Account information
When you create an account, we collect your name and email address via Google OAuth or email signup. We do not store your Google password. Passwords set directly in Saltline are stored as one-way cryptographic hashes and are never readable by us.

Restaurant configuration data
When you connect a restaurant, we collect the restaurant name, address, time zone, and operating hours you provide or that are returned from the Toast API on connection.

Toast POS order data
With your explicit authorization, we access your Toast account using API credentials you generate and provide to us. We read the following data from Toast:

• Order records (items sold, quantities, timestamps, check totals)
• Menu item definitions (names, categories, prices)
• Restaurant configuration (location, hours, time zone)

We use this data exclusively to train your restaurant's predictive models and generate prep lists and reports.

Inventory and scan data
We collect the inventory counts, barcode scans, and product information you enter manually into the Saltline app. This includes item quantities, unit types, supplier associations, and yields you configure.

External signal data
We automatically collect weather forecasts, tide predictions, and local event data from public APIs (NOAA, Open-Meteo, PredictHQ) for the geographic area of your restaurant. This data is used as input signals for the predictive model.

Usage data
We collect standard server access logs including IP addresses, browser type, and pages visited. This data is used for security, debugging, and product improvement.

Session data
We use server-side sessions stored in our database to keep you logged in. Session tokens are stored in HttpOnly cookies that are not accessible to client-side JavaScript.

2. What we do not collect

We want to be explicit about what Saltline does not access or store:

• Customer names, contact information, or personal data of any guest who visits your restaurant
• Credit card numbers, payment card data, or any payment information from your restaurant's customers
• Employee payroll or personal information beyond names optionally entered in prep logs
• Void, refund, or discount details beyond what is incidental to order totals
• Toast account passwords or credentials beyond the API key you provide

The Toast API access we use is explicitly scoped to read-only access to orders, menus, and restaurant configuration. We cannot and do not modify, void, or create records in your Toast system.

3. How we use your data

We use the data described above for the following purposes:

• Training and maintaining your restaurant's ML prediction models
• Generating morning prep lists, inventory reports, and waste analyses
• Pre-filling expected inventory values based on model predictions
• Sending you the nightly summary report via email
• Providing AI-assisted customer support using your account context
• Improving our baseline model using anonymized and aggregated data across all restaurants (see Section 5)
• Diagnosing model failures, bugs, and service issues

We do not sell your data to third parties. We do not use your data for advertising purposes.

4. Baseline model and aggregated data

Saltline uses a "baseline model" to provide predictions for new restaurants before sufficient per-restaurant data has accumulated. To build and improve this baseline, we may use anonymized, aggregated signals derived from all restaurants on the platform — for example, the general relationship between rain and chowder sales across participating restaurants, without attributing any data point to a specific restaurant.

This aggregated data does not include restaurant names, locations, employee names, specific menu items, or any information that could identify your business to another subscriber. If you wish to opt out of contributing to the baseline model, contact us and we will honor that request.

5. Data sharing

Infrastructure providers. Your data is processed and stored on Cloudflare's platform (Workers, D1, R2). Cloudflare acts as a data processor under our instructions and does not use your data for its own purposes.

Product lookup. When scanning unknown barcodes, we query Open Food Facts, a public product database. The barcode value is sent to their API. No other data is shared.

Payment processing. Billing is handled by Polar.sh. We share your email address and subscription information with Polar. We do not share restaurant operational data with Polar.

AI support. Our in-app support chat is powered by Anthropic's Claude API. Support chat messages you send are transmitted to Anthropic for response generation. Do not include sensitive business information in support chat messages.

Legal requirements. We may disclose data if required by law, court order, or to protect the rights, property, or safety of Saltline, its users, or the public.

6. Data storage and security

All data is stored on Cloudflare's infrastructure in the United States. We use encrypted connections (HTTPS) for all data transmission. Database access is restricted to authenticated application code. API keys you provide for Toast are stored encrypted at rest.

We take reasonable technical and organizational measures to protect your data, but no system is completely secure. We cannot guarantee the security of data transmitted over the internet.

7. Data retention

We retain your data for as long as your subscription is active. During an inactive subscription period (the $39/month off-season tier), your data and models are retained in full to allow seamless re-activation.

If you cancel your subscription entirely, we will retain your data for 90 days to allow reactivation, then delete it upon written request. If no deletion request is made, we may retain anonymized and aggregated data derived from your restaurant's history indefinitely as part of the baseline model dataset.

8. Your rights

You may contact us to:

• Request access to the data we hold about your restaurant
• Request correction of inaccurate data
• Request deletion of your account and associated data
• Opt out of contributing to the aggregated baseline model

To exercise any of these rights, email us at [your contact email]. We will respond within 30 days.

9. Children

Saltline is a business-to-business service intended for restaurant operators. We do not knowingly collect data from individuals under 18 years of age.

10. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by a notice in the app at least 14 days before the changes take effect. Continued use of the service after the effective date constitutes acceptance.

11. Contact

Saltline
contact@saltline.cc
York Beach, Maine