Privacy Policy

1. Introduction

ExecEats Inc.(“we”, “us”, “our”) operates the ExecEats mobile application and website at www.execeatsapp.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By accessing or using ExecEats, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following types of information to provide and improve the Service:

Account Information

When you create an account, we collect your name, email address, and phone number. Authentication is handled through Apple, Google, or Microsoft Single Sign-On (SSO) providers. We do not store passwords.

Company Email (for access verification)

If you choose to verify a company email address to unlock full platform access, we collect and verify that email address. We use the email domain solely to determine your account access tier and do not share it with third parties.

Order Information

We collect delivery addresses, order history, event names, attendee counts, and dietary preferences you provide when placing and managing orders through the platform.

Dietary and Allergen Preferences

We collect dietary requirements (e.g., vegan, halal, kosher) and allergen information you provide for order customization. This information is collected solely for order fulfillment and is not used for health-related profiling, advertising, or shared with health-related third parties. Under the Washington My Health My Data Act, dietary information may be considered consumer health data and is treated with appropriate care.

Payment Information

Payment processing is handled securely through Stripe. We do not store your credit card numbers or full payment details on our servers. Stripe may collect information necessary to process your transactions in accordance with their privacy policy.

AI Interaction Data

If you use our AI Meal Planner feature, we collect the conversation messages you send and the responses generated. This data is processed by our AI technology provider to generate menu and event suggestions. Conversations are not used to train AI models and are retained only for the duration of your planning session.

Voting and Suggestion Data

If you submit cuisine requests or menu item suggestions, or vote on suggestions from other users, we collect that information to help improve vendor offerings on the platform.

Vendor Agreement Data (Catering Vendors Only)

If you are a catering vendor signing an agreement with ExecEats Inc. through our vendor portal, we collect the following information at each signature event in order to maintain a defensible audit trail under the federal Electronic Signatures in Global and National Commerce Act (ESIGN) and the Washington Uniform Electronic Transactions Act (UETA):

• Your IP address at the time of signing
• Your browser user-agent string
• The exact date and time of each signature event (review, signature, counter-signature, decline)
• The template version of the agreement you signed
• The Schedule values pinned to your signature (commission rate, insurance tier, Premium-cohort flag and expiry)
• Any decline reason or comments you choose to provide during the signing ceremony
• Cryptographic hashes of the agreement content, the rendered PDF you reviewed, and the fully-executed signed PDF
• A copy of the rendered and signed PDF

We do not collect biometric signature data (signing-pad pressure, hand-drawn signature images, handwriting dynamics, etc.). The signature ceremony is conducted through our e-signature processor, SignWell (see Section 5), which records and returns the metadata listed above.

Usage Data

We collect information about how you interact with the Service, including features used, pages visited, and actions taken. This data helps us improve the platform and user experience.

Device Information

We may collect device type, operating system version, unique device identifiers, and push notification tokens to deliver notifications and ensure compatibility with your device.

3. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the ExecEats Service
• To process orders and facilitate delivery coordination between Executive Assistants and vendors
• To share order details (delivery address, items ordered, dietary requirements, and event details) with the catering vendor fulfilling your order, solely for order preparation and delivery
• To send order status notifications via push notifications or email — based on your communication preferences
• To send transactional SMS/text-message alerts — such as new-order notifications to opted-in catering vendors and operational alerts to internal staff — to phone numbers you provide, only after you opt in. We do not send marketing or promotional text messages.
• To verify your company email and determine your account access tier
• To communicate important service updates, security alerts, and administrative messages
• To improve our platform, develop new features, and enhance the overall user experience
• To detect and prevent fraud, abuse, and security incidents
• To produce, execute, store, and defend vendor agreements between catering vendors and ExecEats Inc., including counter-signature, version history, renewals, and dispute response (vendor signers only)

We do not use your information for third-party advertising or cross-app tracking.

4. Data Sharing with Vendors

When you place an order, we share the following information with the catering vendor fulfilling your order: delivery address, items ordered, portion sizes, dietary requirements, special instructions, event name, and delivery schedule. This information is shared solely for order preparation and delivery. Vendors are contractually prohibited from using your personal information for any other purpose.

5. Third-Party Services

We use the following third-party services to operate the Service. Each service processes data in accordance with its own privacy policy:

• Cloud infrastructure provider — database hosting and authentication services
• Stripe (payment processing) — stripe.com/privacy
• Apple Push Notification Service — push notifications for iOS devices
• Telnyx (SMS/text-message delivery) — transmits transactional text alerts to the phone numbers of opted-in vendors and internal staff — telnyx.com/privacy-policy
• Email delivery provider — transactional emails such as order confirmations and status updates
• AI technology provider — AI meal planning and menu suggestion features
• Error monitoring service — application error tracking and performance monitoring to improve reliability
• Hosting provider — website hosting and anonymized usage analytics
• SignWell (Docsketch, LLC) — e-signature processing for catering vendor agreements; records signer identity, IP address, user-agent, and signature timestamps in support of ESIGN/UETA compliance — signwell.com/privacy

We do not share your personal information with any third parties for marketing or advertising purposes.

SMS/text-messaging consent. When you opt in to receive text messages from ExecEats, your phone number is used solely to deliver the transactional messages you requested. No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Text-messaging originator opt-in data and consent will not be shared with any third parties.

6. Cookies and Tracking

The ExecEats website may use essential cookies for functionality such as session management. We do not use third-party advertising cookies, tracking pixels, or behavioral advertising technologies.

The ExecEatsiOS application does not track users across other companies' apps or websites as defined by Apple's App Tracking Transparency framework. We do not participate in advertising networks or share device identifiers with advertisers.

7. Data Security

We take the security of your personal information seriously and implement industry-standard measures to protect it:

• All data is encrypted in transit and at rest using industry-standard encryption
• Database access controls ensure users can only access their own data
• Authentication is handled through trusted SSO providers (Apple, Google, Microsoft) — we do not store passwords
• Payment data is handled entirely by Stripe and never touches our servers
• We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information as follows:

• Account data: Retained while your account remains active. Deleted within 30 days of a deletion request.
• Order history: Retained for 3 years for business record-keeping, tax compliance, and to provide you with historical order information.
• Payment records: Retained by Stripe in accordance with their data retention policy and applicable financial regulations.
• Push notification tokens: Automatically removed when expired or when you uninstall the application.
• In-app notifications: Automatically purged after 90 days.
• Usage data: Retained in anonymized or aggregated form for up to 2 years for analytics and service improvement.
• Vendor agreement records: Retained for as long as ExecEats Inc. operates the Service, or as required by applicable law, whichever is longer. This includes all versions of every vendor agreement (sent, declined, executed, superseded, expired, terminated), the signed PDF, and the audit metadata listed in Section 2 (Vendor Agreement Data). Extended retention is necessary to respond to vendor disputes about agreement terms, signature authenticity, or contract performance that may arise years after a signing event.

You may request deletion of your account and all associated personal data at any time. You can initiate account deletion directly from your profile settings in the app, or by contacting us. A 30-day grace period applies, during which you can sign back in to cancel the deletion. You can also export a copy of all your personal data as a JSON archive from your profile settings before deletion.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal data we hold about you
• Correction — Request that we correct any inaccurate or incomplete data
• Deletion — Request that we delete your personal data, subject to legal retention requirements
• Portability — Request a copy of your data in a structured, machine-readable format. You can also export your data directly from your profile settings in the app. For catering vendors, the data export includes a complete record of every agreement you have signed with ExecEats Inc. — signer metadata (IP, user-agent, timestamps), template version, the Schedule values at signing, any decline reasons or comments you provided, cryptographic hashes of the agreement content and PDFs, and a copy of each rendered and signed PDF.
• Opt-out — Opt out of non-essential communications at any time through your account settings or by contacting us

To exercise any of these rights, please contact us at privacy@execeatsapp.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

• Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
• Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
• Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, contact us at privacy@execeatsapp.com or write to us at the address below.

11. Children's Privacy

The ExecEats Service is designed for business professionals and is not directed at children under the age of 13 (or 16 in applicable jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@execeatsapp.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you through the Service or via email.

We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

• Email: privacy@execeatsapp.com
• Address: ExecEats Inc., 1522 Western Ave STE 59470, Seattle, WA 98101 USA