Privacy Policy

This Privacy Policy describes how DATAENGINE LLC, doing business as ApronPrep (“ApronPrep,” “we,” “us,” or “our”), collects, uses, and discloses information in connection with the ApronPrep platform and related services (the “Service”). By accessing or using the Service, you acknowledge this Privacy Policy.

1. Who We Are

We operate the Service from the United States and serve U.S.-based businesses.

2. Information We Collect

2.1 Account Information

We collect information you provide when registering for the Service, including business name, contact name, email address, phone number, and billing address.

2.2 Business and Compliance Data

We collect information you submit in connection with preparing regulatory and compliance documents, which may include:

• Business registration information (business name, EIN, state of organization, ownership structure)
• Permit and license application data (food service, liquor, building, sign, outdoor dining, zoning, and other local permits)
• Food safety and operational records (HACCP plans, food establishment plan review data, allergen training certifications, food protection manager certifications)
• Health inspection documentation and Board of Health correspondence
• Environmental and facility compliance records

2.3 Employee and HR Data

If you use the Service to prepare employment-related documents, we process employee data you provide, which may include:

• Employee names, contact information, and job titles
• Employment eligibility and immigration document information (Form I-9 fields and document identifiers, E-Verify enrollment data)
• Federal and state tax withholding information (Forms W-4, W-2, 940, 941, and related documents)
• Tip income reporting data
• New hire reporting data
• Unemployment insurance and payroll tax registration data
• Workplace injury and illness records (OSHA Form 300A and related data)
• Training and certification records (food handler certifications, allergen awareness training, sexual harassment prevention training, ServSafe and equivalent certifications)
• Employment agreement data and withholding elections

2.4 Sensitive Data Categories

Some of the data you submit to prepare certain documents may be sensitive. Sensitive data categories collected by or through the Service include:

• Social Security Numbers (SSNs) of employees, collected in connection with Forms W-2, W-4, 940, 941, and related tax documents
• Employer Identification Numbers (EINs)
• Immigration status and work authorization information, collected in connection with Form I-9 and E-Verify
• Financial account information (bank routing and account numbers) submitted in connection with EFTPS enrollment

We implement additional safeguards for these sensitive categories, including encryption at rest. We use sensitive data only to provide the specific Service function for which it was submitted. We do not use sensitive data for marketing, analytics, or model training purposes.

Certain sensitive fields may be processed ephemerally for document-generation purposes and not retained, while other sensitive fields may be retained where necessary to provide the relevant Service function. Our retention practices for such data are described in Section 7.

2.5 Payment Information

Payments are processed by Stripe, Inc. We do not store credit card numbers, full bank account numbers, or full payment credentials. Stripe’s privacy practices are governed by Stripe’s own privacy policy.

2.6 Automatically Collected Information

We may automatically collect: IP address; device and browser information; account access logs and timestamps; usage data (features used, pages accessed, documents generated); log and diagnostic data; and session identifiers. We use cookies and similar tracking technologies on our website, which may include:

• Session and functional cookies that support account login and core Service functionality
• Analytics cookies that help us understand how visitors interact with our website (e.g., Google Analytics)
• Advertising and conversion tracking tags from third-party platforms, including Google Ads, LinkedIn, Meta, Microsoft Advertising, and Reddit, which allow us to measure the effectiveness of our advertising campaigns and may enable those platforms to show our advertisements to you on other sites and services

You may disable cookies through your browser settings or opt out of interest-based advertising through the Digital Advertising Alliance at optout.aboutads.info or the Network Advertising Initiative at optout.networkadvertising.org. Disabling certain cookies may affect Service functionality.

3. Use of Information

We use the information we collect to:

• Provide, operate, administer, troubleshoot and maintain the Service and related infrastructure
• Create and manage user accounts
• Process subscriptions and payments
• Generate AI-assisted compliance document outputs based on inputs you provide
• Store, retrieve, and display documents you have prepared
• Provide customer support
• Detect fraud, abuse, and security issues
• Improve and enhance the Service and our AI models, using data only in anonymized or aggregated form
• Comply with applicable legal obligations

4. AI Data Usage

The Service uses artificial intelligence to assist in document preparation. We may use Inputs and Outputs in anonymized or aggregated form to improve, train, and enhance our models and Service. We do not use identifiable employee personal data — including SSNs, I-9 document information, financial account numbers, or OSHA injury records — for model training, product analytics, or marketing purposes.

Where data is used for model or product improvement, it is aggregated and de-identified to the extent practicable before use in those workflows.

5. How We Share Information

We may share information with:

• Service providers who assist in operating the Service (e.g., cloud hosting providers, customer support platforms, analytics services), subject to appropriate confidentiality obligations
• Payment processors (e.g., Stripe, Inc.)
• Professional advisors (legal counsel, accountants, compliance consultants) under appropriate confidentiality obligations
• Government authorities, law enforcement, or regulators where disclosure is required by law, regulation, or valid legal process
• Successors in connection with a merger, acquisition, reorganization, or sale of substantially all of our assets, upon notice to you

We do not sell personal information to third parties for monetary consideration. We do share certain information — such as cookie identifiers and browsing activity on our website — with third-party advertising platforms (including Google, LinkedIn, Meta, Microsoft, and Reddit) for cross-context behavioral advertising purposes. California residents have the right to opt out of this sharing; see Section 8.2 for details.

6. Data Security

We implement reasonable administrative, technical, and organizational safeguards designed to protect your information, including:

• Written information security policies and procedures
• Encryption of data in transit using TLS
• Encryption at rest for sensitive data categories (SSNs, EINs, I-9 document information, and financial account data)
• Access controls and role-based permissions
• Personnel confidentiality obligations
• Incident detection and response procedures

No security system is completely impenetrable. We cannot guarantee absolute security. In the event of a personal data breach affecting sensitive categories of data, we will notify affected customers in accordance with applicable law and our contractual obligations.

7. Data Retention

We retain your information for as long as reasonably necessary to provide the Service, comply with our legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data category:

• Account and business data: retained for the duration of your active account plus a reasonable period thereafter
• Compliance and regulatory documents: retained in accordance with your instructions and applicable record-retention requirements
• Employee data submitted for document preparation: retained for the period necessary to support active documents and associated Service functionality; sensitive data that is processed ephemerally (used only to populate a document and not stored) is discarded upon generation
• Sensitive data stored at rest (SSNs, I-9 data, financial account numbers): retained only for the period necessary to support the relevant Service function
• Backup, log, and diagnostic data: retained per our standard operational practices

We do not retain cardholder data beyond the completion of a payment transaction.

8. Your Rights

8.1 General Rights

Depending on applicable law, you may have the right to: access your personal data; correct inaccurate data; request deletion of data we hold about you; and object to or restrict certain processing. To submit a request, contact [email protected]. We may need to verify your identity and authority to make the request before processing a request.

8.2 California Privacy Rights (CCPA / CPRA)

If you are a California resident, California law provides you with the following rights:

Right to Know. You may request disclosure of the categories of personal information we collect, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it. You may also request the specific pieces of personal information we have collected about you.

Right to Delete. You may request deletion of personal information we have collected about you, subject to certain exceptions (e.g., information we are required to retain by law).

Right to Correct. You may request correction of inaccurate personal information we hold about you.

Right to Opt Out of Sale or Sharing. We share certain cookie and browsing data with third-party advertising platforms for cross-context behavioral advertising purposes. You have the right to opt out of this sharing. To opt out, click the “Do Not Sell or Share My Personal Information” link in the footer of our website, or submit a request to [email protected]. You may also opt out of interest-based advertising directly through participating ad platforms via optout.aboutads.info.

Right to Non-Discrimination. We will not discriminate against you for exercising any of your privacy rights.

To submit a California privacy rights request, contact us at [email protected]. We will use commercially reasonable procedures to verify your identity and authority to make the request and respond in accordance with applicable timeframes under California law.

8.3 Employee Data Rights

If you are an employee whose personal data has been submitted to the Service by your employer, you may contact us at [email protected] to request access to or correction of your data. We will coordinate with the employing business, as the employer is the data controller for employee information submitted through the Service. In some cases, applicable law or the employer’s instructions may affect the scope or timing of our response.

9. Children’s Privacy

The Service is not intended for individuals under 18. We do not knowingly collect personal data from children. If we become aware that we have collected personal data from a person under 18, we will take steps to delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Updated policies will be posted on our website with a revised “Last Updated” date. Continued use of the Service after the effective date of any change constitutes acceptance of the updated Policy.

11. Contact

Questions about this Privacy Policy may be directed to: