Privacy Policy

Last updated: May 9, 2026

Contents

1. Overview

ProoN (“ProoN,” “we,” us,” or “our”) provides an AI-powered phone ordering platform for restaurants. This Privacy Policy explains what information we collect, how we use and share it, and the choices you have. It applies to two groups of users:

  • Restaurant owners and staff who sign up for ProoN (an account, a subscription, and use of our dashboard).
  • Customers calling participating restaurants, whose voice is processed by our AI agent to take orders, reservations, or messages on the restaurant's behalf.

By using ProoN — whether as a restaurant operator or as a caller — you agree to the practices described here. If you do not agree, do not use the service.

2. Who We Are

ProoN is operated by Bakes & Brews LLC, a California limited liability company, doing business as ProoN, based in California, USA. For privacy questions, see Section 15.

3. Information We Collect

3.1. From restaurant accounts

  • Account info: name, email, password (hashed), and (if added) profile photo.
  • Business info: restaurant name, address, phone number, cuisine type, business hours, menu, and operational preferences.
  • Payment info: handled by Stripe (we never see or store card numbers). We retain the last 4 digits, brand, expiration, and Stripe customer/subscription IDs.
  • POS connection tokens: if you connect Clover, Square, or Toast, we store OAuth access/refresh tokens to push orders to your POS on your behalf.
  • Communications: support emails, in-app messages, and call recordings of any phone-based support you initiate with us.

3.2. From callers (your customers)

  • Caller phone number (delivered automatically by the telephony network).
  • Voice audio for the duration of the call.
  • Transcripts and call metadata (start time, duration, outcome).
  • Order details spoken during the call: items, quantities, modifications, allergies, occasion, pickup time, name, and callback number.
  • Reservation or voicemail content when those features are enabled.

3.3. Automatically

  • Usage data: pages viewed, features used, IP address, device, browser, and approximate location derived from IP.
  • Cookies and similar: see Section 8.

4. How We Use Your Information

  • Provide the service: take orders, push them to your POS, send confirmations.
  • Authenticate accounts, prevent fraud, and enforce our Terms.
  • Bill subscriptions through Stripe and track usage minutes.
  • Train and improve our AI prompts, voice quality, and order accuracy. We do not sell call audio or transcripts to third parties for model training outside our service providers.
  • Communicate service updates, security alerts, and support responses.
  • Comply with legal obligations (tax, accounting, lawful requests).

Restaurants can view, edit, or delete order records and customer profiles for their own organization in the dashboard.

5. How We Share Information

We share information only as needed to operate the service:

  • Service providers who process data on our behalf under contractual confidentiality:
    • Supabase — managed Postgres database + auth + storage
    • Vercel — application hosting
    • Retell AI — voice AI platform (calls, transcription, TTS)
    • Anthropic — large language model used by the agent
    • ElevenLabs — text-to-speech (when custom voices are enabled)
    • Twilio — SMS delivery and telephony
    • Stripe — subscription billing
    • Cloudflare — DNS, CDN, and edge security
  • The restaurant you called receives the order details (items, name, callback number, allergy notes, pickup time) so they can prepare and fulfill your order.
  • Connected POS providers(Clover, Square, Toast, etc) receive the order so it appears in the kitchen system. Payment links generated by these providers are sent to the customer; payment funds settle directly to the restaurant's POS account.
  • Legal compliance: we may disclose information if required by law, valid subpoena, or to protect rights and safety.
  • Business transfers: in a merger, acquisition, or asset sale, your information may transfer. We will notify you and the new entity will honor this Privacy Policy.

We do not sell or rent personal information. We do not share customer phone numbers with marketers or data brokers.

6. SMS Notifications

SMS is optional and never required to use ProoN. Customers can place orders, book appointments, and use every feature of the AI agent without opting in to text messages. Declining SMS has no effect on order processing, pickup time, or service quality.

If a customer chooses to opt in (verbal “yes” during the call, or via the web form on our SMS Terms page), they receive transactional SMS confirmations only — maximum 4 messages per order, no marketing, and they can reply STOP to opt out at any time. Full details and the web opt-in form are at our SMS Notification Terms.

7. Call Recordings & Transcripts

Calls handled by ProoN are recorded and transcribed. Recordings and transcripts are stored encrypted and used to:

  • Verify what was ordered if there's a dispute.
  • Train and improve the AI agent's accuracy.
  • Enable the “Live” in-dashboard call console for the restaurant.

The restaurant retains the audio (their ownership, on their account). ProoN can't access individual restaurant recordings except for troubleshooting at the restaurant's request. Where state law requires two-party consent for recording, the AI agent verbally discloses recording at the start of the call.

8. Cookies & Analytics

We use cookies and similar technologies to keep you signed in, remember preferences, and measure how the dashboard is used. We use Vercel Web Analytics and Speed Insights — both privacy-friendly, no cross-site tracking. We do not use third-party advertising trackers.

9. Data Security

We protect personal information with industry-standard safeguards:

  • Encryption in transit (TLS 1.2+) and at rest (database-level AES-256).
  • Row-level security policies on every multi-tenant database table.
  • Service-role keys stored in environment-variable secrets, never in code.
  • OAuth tokens for POS connections stored encrypted.
  • Webhook signature verification on all inbound provider events.
  • Regular dependency audits and security patches.

No system is 100% secure. If we become aware of a breach affecting your information, we will notify affected users and authorities as required by applicable law.

10. Data Retention

  • Account info — retained while your account is active.
  • Order & reservation records — retained 24 months for record-keeping; restaurants can delete earlier on request.
  • Call recordings & transcripts — retained 90 days by default. Restaurants on the Pro tier may extend up to 12 months.
  • Customer profiles & phone numbers — retained while the restaurant's account is active. Customers may request deletion via the restaurant or via privacy@proon.ai.
  • Logs & usage data — retained 90 days.
  • Stripe billing records — retained per Stripe's policy and applicable tax law (typically 7 years).

11. Your Rights & Choices

Depending on where you live (California CCPA, EU/UK GDPR, etc), you may have the right to:

  • Access a copy of personal information we hold about you.
  • Correct inaccurate information.
  • Delete your information (subject to legal-retention exceptions).
  • Port your information to another service in a structured format.
  • Object to processing for legitimate-interest purposes.
  • Opt out of SMS by replying STOP.
  • Withdraw consent at any time.

To exercise any of these, email privacy@proon.ai. We respond within 30 days. We do not discriminate against users who exercise their rights.

Do Not Sell My Personal Information (CCPA): we do not sell personal information. There is no opt-out toggle because there is nothing to opt out of.

12. Children's Privacy

ProoN is not directed to children under 13. We do not knowingly collect information from children under 13. If you believe a child has provided information, contact us and we will delete it.

13. International Transfers

ProoN is operated from the United States. If you access the service from outside the US, your information will be transferred to and processed in the US, where data protection laws may differ from your jurisdiction. By using the service you consent to this transfer.

14. Changes to This Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent revision. For material changes affecting how we use personal information, we will email registered restaurant owners at least 30 days before the change takes effect.

15. Contact Us

For privacy questions, data deletion requests, or to exercise your rights:

ProoN
Email: privacy@proon.ai
Website: www.proon.ai