BARLYTICS PRIVACY POLICY

Effective Date: April 21, 2026

Barlytics Inc. ("Barlytics," "we," "our," or "us") provides inventory and operations software for bars, restaurants, and hospitality businesses. This Privacy Policy explains how we collect, use, disclose, and protect information when businesses and their authorized users use our mobile apps, web app, integrations, and related services (collectively, the "Services").

This Privacy Policy is written for a business-to-business product. If you use the Services on behalf of a business, information associated with your use of the Services may also be accessible to your employer or account administrator.

1. Information We Collect

We may collect the following categories of information:

A. Account and Profile Information

  • Name
  • Email address
  • Organization or venue name
  • Account identifiers
  • Authentication and login-related information

B. Business Operational Data

  • Beverage inventory records
  • Purchasing and invoice information
  • Sales and transaction-level POS data
  • Reports, exports, preferences, and configuration data

We do not intend to collect restaurant guest personal information through current POS integrations. Based on our current implementation, the POS data we ingest is transaction-level operational data rather than diner-level customer profile data.

C. Device, Session, Log, and Diagnostic Information

  • IP address
  • User agent and browser/device information
  • Session and authentication metadata
  • Error, crash, and performance diagnostics
  • Service access logs

D. Files and Images You Submit

If you upload invoices, receipts, or similar files, we process them to extract relevant information.

2. Information We Do Not Currently Intend to Collect

We do not currently intend to collect users' phone numbers, mailing addresses, or payment card information through the current version of the Services.

We also do not currently intend to collect restaurant guest names, loyalty profiles, or similar diner-level personal information through current POS integrations.

3. How We Use Information

We may use information to:

  • Provide, operate, maintain, secure, and improve the Services;
  • Create and manage accounts and authenticate users;
  • Connect with supported integrations and process customer requests;
  • Process invoices and other uploaded documents;
  • Generate analytics, reports, operational recommendations, forecasts, and related outputs;
  • Troubleshoot, debug, prevent fraud, monitor performance, and address technical issues;
  • Communicate with you about the Services, support, updates, security matters, and administrative notices;
  • Comply with legal obligations and enforce agreements;
  • Train, refine, and improve AI models, algorithms, and machine-learning systems used in or developed for the Services; and
  • Create aggregated or de-identified information for analytics, benchmarking, product improvement, and other lawful business purposes.

4. How We Disclose Information

We may disclose information to:

  • Hosting, infrastructure, database, authentication, email, logging, monitoring, analytics, support, and security providers;
  • Document processing and AI service providers used to extract or process information from uploaded files;
  • Integration partners and APIs at your direction;
  • Professional advisors, auditors, insurers, financing sources, and acquirers in connection with a financing, merger, acquisition, reorganization, or asset sale;
  • Distributors, brands, suppliers, and industry participants who receive aggregated or de-identified data products, benchmarking reports, or analytics; and
  • Government authorities or other parties when required by law or when reasonably necessary to protect rights, safety, security, or the Services.

We do not currently describe the Services as selling personal information for cross-context behavioral advertising. We may share aggregated and de-identified information with third parties as described in Section 5 below.

5. Aggregated and De-Identified Information

We may derive aggregated, statistical, and de-identified information from the Services and use it for any lawful business purpose, including benchmarking, analytics, product improvement, industry insights, and the creation of commercial data products, provided that such information does not reasonably identify you, your business, or any individual.

Data Products and Commercial Use

We may create, package, license, distribute, and sell data products, benchmarking reports, analytics, and industry insights derived from aggregated and de-identified information. These products may be made available to third parties, including distributors, brands, suppliers, and industry participants.

Opt-Out

By default, your data may be included in aggregated and de-identified datasets used for the purposes described above, including commercial data products. You may opt out of having your data included in commercial data products sold or licensed to third parties by contacting us at privacy@barlytics.ai. Opting out will not affect your access to or use of the Services.

Future Voluntary Sharing

We may in the future offer features that allow you to voluntarily share more specific data — including identifiable business-level data — with distributors, brands, suppliers, or other third parties through the Services. Any such sharing will require your separate, affirmative consent at the time it becomes available and will be described in an updated version of this Privacy Policy.

6. Cookies and Similar Technologies

Our web application currently uses cookies or similar technologies that are necessary for authentication, session management, security, and operation of the Services.

We do not currently describe the Services as using advertising cookies. If we materially change our use of cookies or similar technologies, we will update this Privacy Policy as appropriate.

7. Invoice and File Handling

If you upload invoice images or similar files, we may transmit them to third-party service providers to perform OCR, parsing, extraction, or related processing needed to provide the Services. These third-party processors operate under zero data retention agreements, meaning they do not retain or use your uploaded files or their contents for model training or other purposes beyond the immediate processing request.

Based on our current implementation, we do not retain copies of invoice images after processing. We do retain extracted data for operational use within the Services. We also retain a SHA-256 content hash of each uploaded file indefinitely for the purpose of detecting duplicate uploads and maintaining system integrity.

8. Data Retention

We retain information for as long as reasonably necessary to provide the Services, maintain security, comply with legal obligations, resolve disputes, enforce agreements, and support legitimate business operations.

Retention periods may vary based on the type of information, the business relationship, operational needs, backup cycles, legal requirements, and security considerations. Our backup and log retention practices are designed to balance operational needs with data minimization principles, and may change as our infrastructure evolves.

We may retain aggregated or de-identified information — including information derived from accounts that have been closed or deleted — indefinitely, provided that such information does not reasonably identify a person or business.

9. Security

We use administrative, technical, and organizational measures designed to protect information. These measures include encryption of sensitive values at rest, encrypted transmission of data in transit, and reasonable access controls designed to limit internal access to personnel with a legitimate need.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security.

10. Your Choices and Rights

Depending on your location and applicable law, you or your organization may have rights to request access to, correction of, deletion of, or information about certain personal data.

You may contact us at privacy@barlytics.ai for privacy-related requests. We may need to verify identity and authority before processing a request.

11. Business Account Administrators

If you use the Services through a business account, the organization that controls the account may access, manage, and request changes relating to your account information and use of the Services.

12. U.S. Processing

Your information may be processed in the United States and in other locations where we or our service providers operate.

13. Children

The Services are intended for business users and are not directed to children under 13.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will post the updated version and revise the Effective Date. If required by law, we will provide additional notice.

15. Contact Us

Barlytics Inc.

Privacy inquiries: privacy@barlytics.ai

Legal inquiries: legal@barlytics.ai