arrow_back Chitline

Privacy Policy

Effective May 1, 2025 · Last updated May 1, 2025

1. Who We Are

Chitline ("we", "us", "our") is a software company based in British Columbia, Canada. We provide an online ordering and kitchen management platform for independent pizza shops and food service operators. This policy explains how we collect, use, and protect personal information in accordance with British Columbia's Personal Information Protection Act (PIPA) and applicable federal law.

For privacy questions or requests, contact us at [email protected].

2. Information We Collect

Restaurant Operators (Account Holders)

  • Email address and password (hashed; never stored in plaintext)
  • Organization details: business name, logo, brand colours, operating hours, tax rate, delivery settings, and timezone
  • Subscription information: plan tier, billing status, trial dates

End Customers (Ordering)

  • Name, email address, and phone number
  • Delivery address (when applicable)
  • Order history and preferences

Automatically Collected

  • Session cookies for authentication and guest cart persistence (UUID-based)
  • IP address and standard server access logs
  • Browser and device type (via HTTP headers)

Analytics

We use PostHog to collect product usage data, including signup events, plan tier, and organization identifiers. This data is processed on PostHog's US servers. We use it in aggregate to improve the product and do not sell it.

3. Why We Collect It

We collect personal information only for the following purposes:

  • To create and manage your account and restaurant profile
  • To process and fulfill customer orders placed through your ordering page
  • To send transactional emails (order confirmations, receipts, password resets)
  • To manage your subscription and process payments through Stripe
  • To provide customer support
  • To improve and develop Chitline's features using aggregated analytics
  • To comply with legal and tax obligations

We will not use your information for unrelated purposes without your consent.

4. Third-Party Service Providers

We share personal information with the following service providers to operate Chitline. Each is bound by their own privacy policy and data processing agreements:

  • Stripe — Payment processing for subscriptions. Chitline does not store credit card numbers. Stripe is PCI-DSS compliant and stores payment data on its own secure infrastructure.
  • PostHog — Product analytics. Processes usage event data on servers in the United States.
  • Resend — Transactional email delivery (order confirmations, password resets).
  • Tigris — S3-compatible file storage for menu images and restaurant logos.

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

5. Data Retention

  • Account data: Retained while your account is active and for 90 days following cancellation, after which it is deleted or anonymized.
  • Order data: Retained for 2 years to support accounting, tax reporting, and dispute resolution.
  • Guest session data: Cart and session cookies expire within 24 hours for unauthenticated visitors.
  • Server logs: Retained for up to 90 days for security and debugging purposes.

6. Security

We implement reasonable safeguards to protect personal information:

  • All data is transmitted over TLS/HTTPS encryption
  • Passwords are hashed using bcrypt and never stored in plaintext
  • Authentication tokens are signed and stored securely
  • Payment card data is handled entirely by Stripe under their PCI compliance program
  • File uploads are stored in access-controlled cloud storage

No method of transmission or storage is 100% secure. If you believe your account has been compromised, contact us immediately at [email protected].

7. Cookies

Chitline uses session cookies to keep you signed in and to maintain your cart as a guest visitor. We do not use third-party advertising cookies or cross-site tracking cookies. You can disable cookies in your browser settings, but doing so may prevent you from signing in or completing an order.

8. Your Rights Under PIPA BC

If you are a resident of British Columbia, you have the right to:

  • Access the personal information we hold about you
  • Request corrections to inaccurate or incomplete information
  • Withdraw consent to collection or use (note: some withdrawals may prevent us from providing the service)
  • Know how your information is used and with whom it is shared

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

If you are unsatisfied with our response, you may file a complaint with the Office of the Information and Privacy Commissioner for British Columbia (OIPC BC) at www.oipc.bc.ca.

9. Cross-Border Data Transfers

Some of our service providers (PostHog, Stripe, Resend, Tigris) process data on servers located in the United States. By using Chitline, you consent to the transfer of your information to these providers for the purposes described in this policy. We require our providers to maintain appropriate safeguards.

10. Changes to This Policy

We may update this policy from time to time. When we make material changes, we will notify account holders by email or via an in-app notice. Continued use of Chitline after the effective date of a revised policy constitutes your acceptance of the changes.

11. Contact Us

Chitline
British Columbia, Canada
[email protected]

Terms of Service Home