Privacy Policy

BiteBot LLC, a Virginia limited liability company ("we," "us," or "our") operates an AI-powered voice ordering platform for restaurants at bitebot.ai (the "Platform"). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use our Platform, whether as a restaurant owner ("Restaurant Partner") or as a customer placing an order via our AI voice agent ("Caller").

By using our Platform or interacting with our AI voice agent, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our services.

Restaurant Partners

• Account information: email address, password (encrypted)
• Restaurant details: business name, phone number, email, street address, city, state, zip code
• Contact information: contact name, contact email, contact phone
• Menu data: item names, prices, descriptions, categories, dietary information
• Configuration data: operating hours, bot settings, POS integration details
• Billing information: processed securely through Stripe (we do not store credit card numbers)
• Usage data: voice minutes used, order counts, call logs

Callers (Restaurant Customers)

• Phone number (via caller ID)
• Name (as provided during the call)
• Voice recordings of the call
• Call transcripts (generated from voice recordings)
• Order details: items ordered, special instructions, order preferences
• Order history and preferences: summaries of past orders (items, customizations, frequency) associated with your phone number, used to personalize future ordering experiences at the same restaurant
• Call metadata: date, time, duration, sentiment analysis

Automatically Collected Information

• Browser type and version (for the web dashboard)
• Authentication tokens (stored locally for session management)
• IP address (for security and fraud prevention)

• Order Processing: To facilitate voice orders between callers and restaurants
• Personalization: To recognize returning callers and provide a personalized ordering experience based on their past order history with the restaurant (e.g., recalling previous orders, remembering preferences). This data is specific to each restaurant and is never shared across restaurants.
• Service Delivery: To operate, maintain, and improve our AI voice ordering platform
• Quality Monitoring: To review call recordings and transcripts for accuracy and service improvement
• AI Training: To improve our voice recognition, natural language processing, and order accuracy (using aggregated, de-identified data)
• Billing: To process subscription payments and track voice minute usage
• Communication: To send service-related notifications, updates, and support responses
• Security: To detect and prevent fraud, abuse, and unauthorized access
• Legal Compliance: To comply with applicable laws, regulations, and legal processes

We share personal information with the following categories of third-party service providers:

• Retell AI: Voice agent infrastructure provider. Processes call audio and generates transcripts. Retell AI Privacy Policy
• Amazon Web Services (AWS): Cloud infrastructure, data storage, and authentication services. AWS Privacy Policy
• Stripe: Payment processing for subscription billing. We do not store your credit card information. Stripe Privacy Policy
• POS Providers (Square, Clover): Point-of-sale integration for order delivery to restaurant systems. Only order data is shared when a restaurant has configured POS integration.

We do not sell your personal information to third parties. We do not share caller data with anyone other than the restaurant being called and the service providers listed above.

All calls to restaurants using BiteBot are recorded. At the beginning of each call, our AI voice agent discloses that the caller is speaking with an AI assistant and that the call is being recorded for quality purposes. By continuing the call after this disclosure, callers consent to the recording.

Call recordings and transcripts are used for order processing, quality assurance, dispute resolution, and service improvement. Recordings are retained for the period specified in our data retention policy below.

• Call recordings: Retained for 90 days, then automatically deleted
• Call transcripts and order data: Retained for 12 months
• Caller preference summaries: Retained for 12 months from last order, then automatically deleted
• Restaurant Partner account data: Retained for the duration of the account, plus 60 days after account closure to allow for data export
• Billing records: Retained for 7 years as required by tax regulations

We implement industry-standard security measures to protect your personal information, including:

• Encryption of data in transit (TLS/HTTPS) and at rest (AES-256)
• Multi-factor authentication for administrative access
• Role-based access controls and least-privilege permissions
• Regular security monitoring and logging
• Secure password hashing (via AWS Cognito)

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

Depending on your location, you may have the following rights regarding your personal information:

• Right to Know: Request details about the personal information we have collected about you
• Right to Access: Obtain a copy of your personal information
• Right to Correction: Request correction of inaccurate personal information
• Right to Deletion: Request deletion of your personal information, subject to legal retention requirements
• Right to Opt-Out: We do not sell personal information. You may opt out of order-based personalization by requesting deletion of your order history via the restaurant or by contacting us. Restaurant Partners may disable personalization for all callers through their dashboard settings.
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

California Residents: Under the California Consumer Privacy Act (CCPA), you have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt-out of the sale of personal information (we do not sell personal information). To exercise your CCPA rights, contact us at the address below.

To exercise any of these rights, please contact us at privacy@bitebot.ai. We will respond to your request within 30 days.

Our Platform is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

We may update this Privacy Policy from time to time. When we make material changes, we will notify Restaurant Partners through the Platform dashboard and update the "Last Updated" date at the top of this policy. Your continued use of the Platform after changes are posted constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

• Email: privacy@bitebot.ai
• Website: bitebot.ai