C
chalpronto

Privacy Policy

Last updated: April 27, 2026

Kiwana AI, Inc. (“ChalPronto”, “Company”, “we”, “us”, or “our”) operates ChalPronto at chalpronto.com (the “Service”). This Privacy Policy describes how we collect, use, share, and protect personal information about Businesses, Partners, Consumers, and visitors. It should be read together with our Terms of Service.

Marketplace context. ChalPronto is a software platform connecting Businesses with Consumers. When you place an order through a Storefront, the Business is an independent data controller for the personal information you provide (name, phone, address, etc.) for the purposes of fulfilling your order. ChalPronto acts as a data processor for Businesses with respect to that data and as a data controller for its own platform purposes (account management, fraud prevention, analytics).

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, phone number, password (encrypted)
  • Business information: business name, address, industry, tax ID, logo, menu content
  • Partner information: name, email, phone, Stripe Connect account details
  • Order information: items ordered, delivery preferences, payment details
  • Communications: messages sent through the platform, support requests

1.2 Information Collected Automatically

  • Usage data: pages visited, features used, time spent on the Service
  • Device information: browser type, operating system, device type
  • IP address: used for security, rate limiting, and approximate location
  • Cookies: authentication tokens and session management

1.3 Information from Third Parties

  • Google Authentication: name, email, profile photo (when you sign in with Google)
  • Stripe: payment confirmation, subscription status, Connect account status

2. How We Use Your Information

  • Provide, maintain, and improve the Service
  • Process orders and payments
  • Send order confirmations, notifications, and updates via WhatsApp or email
  • Calculate and process partner commissions and payouts
  • Provide customer support
  • Detect and prevent fraud or abuse
  • Comply with legal obligations
  • Analyze usage patterns to improve the Service (anonymized and aggregated)

3. How We Share Your Information

We do not sell your personal information. We may share information with:

  • Businesses: order details necessary to fulfill your order (name, phone, order items)
  • Payment processors: Stripe, for payment processing and Connect payouts
  • Communication providers: Twilio, for WhatsApp/SMS notifications
  • AI providers: Google (Gemini), for menu extraction and message generation (no personal data sent)
  • Cloud infrastructure: Google Cloud Platform, for hosting and storage
  • Legal requirements: when required by law, court order, or governmental authority

4. Data Storage and Security

Your data is stored on secure servers hosted on Google Cloud Platform (US) and Neon PostgreSQL (US East). We use encryption in transit (TLS/SSL) and at rest. Payment card data is handled entirely by Stripe and never touches our servers.

We implement reasonable security measures including authentication, authorization, rate limiting, and input validation. However, no system is 100% secure, and we cannot guarantee absolute security.

5. Data Retention

  • Account data: retained while your account is active and for 30 days after deletion
  • Order data: retained for 7 years for tax and legal compliance
  • Commission data: retained for 7 years for financial reconciliation
  • Usage analytics: aggregated data retained indefinitely; raw logs deleted after 90 days

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: request a copy of your personal data
  • Correction: update inaccurate or incomplete data
  • Deletion: request deletion of your personal data
  • Portability: receive your data in a structured, machine-readable format
  • Opt-out: unsubscribe from marketing communications

To exercise these rights, contact us at [email protected].

7. Cookies

We use essential cookies for authentication and session management. We use Google Analytics for usage analytics (anonymized). We do not use advertising cookies or tracking pixels.

8. Children's Privacy

The Service is not intended for children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

9. International Data Transfers

Your data may be transferred to and processed in the United States. By using the Service, you consent to this transfer. We rely on standard contractual clauses and other safeguards for international transfers where required.

10. California Privacy Rights (CCPA)

California residents have additional rights under the CCPA, including the right to know what personal information is collected, the right to delete personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

11. AI Processing of Your Data

Some Service features use artificial intelligence — including large language models and vision models supplied by third parties such as Google (Gemini) and Anthropic (Claude) — to extract menu items, generate translations, classify content, and assist with messaging. We send the minimum data required to provide each feature, and we do not permit our AI providers to train their models on your data. AI outputs are probabilistic and may be inaccurate; see Section 13 of our Terms of Service for the allocation of responsibility for AI-generated content.

12. Marketplace Data Roles & Limits on Liability

For Consumer-supplied data shared with a Business through a Storefront (such as customer name, phone, delivery address, and order details), the Business is an independent data controller responsible for handling that data in compliance with applicable law. ChalPronto's role is limited to processing that data on the Business's behalf for the purpose of facilitating the order. ChalPronto is not responsible for a Business's independent data-handling practices, including any unauthorized disclosure, retention, or use of Consumer data outside the Service.

To the maximum extent permitted by law, ChalPronto disclaims liability for third-party data breaches, government data requests served on third-party processors, and acts or omissions of Businesses with respect to Consumer data they receive through the Service.

13. Data Breach Notification

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information. No system is perfectly secure. In the event of a data breach affecting your personal information, we will notify affected users and relevant regulators as required by applicable law.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-product notification. The “Last updated” date at the top indicates when the policy was last revised. Your continued use of the Service after the effective date of an update constitutes your acceptance of the updated policy.

15. Contact

For privacy-related questions or requests, contact us at:

Kiwana AI, Inc.
Email: [email protected]