Last updated: June 1, 2026
Privacy Policy
1. Who We Are
Cater.app is operated by Dynamic Digital, LLC, a Pennsylvania limited liability company. Cater.app is a subscription-based catering management platform that helps caterers create quotes, manage orders, track clients, and run their business.
For privacy-related inquiries, contact us at info@cater.app.
2. What Cater.app Does
Cater.app is a paid SaaS platform for catering businesses. It provides tools for menu management, quote generation, order tracking, client management, invoicing, meal plan subscriptions, and team collaboration. Users create an account, subscribe to a plan, and manage their catering operations through the platform.
3. Information We Collect
What We Do NOT Collect
- We do not collect precise geolocation data
- We do not access your contact lists or address books
- We do not collect biometric data
- We do not engage in cross-site tracking for advertising
Account Data
When you sign up, we collect your email address and password (stored as a salted hash — we never store plaintext passwords). You may optionally provide your name, company name, phone number, and business address in your profile settings.
Business Data You Submit
Through normal use of the platform, you enter business data including: client contact information, menu items and pricing, quotes, orders, invoices, ingredients, venues, and internal notes. This data is stored in our database to provide the service and is accessible only to you and your team members.
Payment Data
Payment processing is handled entirely by Stripe. We do not store credit card numbers, bank account details, or other payment credentials on our servers. We store only your Stripe customer ID to link your account to your subscription.
Analytics Data
We use Google Analytics 4 (GA4) to collect aggregate usage data including page views, device and browser type, referral source, country-level location, and session duration. This data does not identify you personally. See the Cookies section below for opt-out instructions.
Email Communications
We use Amazon Simple Email Service (SES) to send transactional emails such as password resets, quote notifications, order confirmations, and invoice delivery. We do not send marketing emails without your consent.
4. How We Use Information
- Service provision: To operate the platform, process your quotes and orders, and deliver the features you use.
- Account management: To authenticate you, manage your subscription, and communicate account-related information.
- AI features: Certain features use AI models to assist with content generation and business insights. See the AI Disclosures section below.
- Improvement: To understand how the platform is used and identify areas for improvement (via aggregate analytics).
- Security: To detect and prevent fraud, abuse, and security incidents.
- Legal compliance: To comply with applicable laws and respond to lawful requests.
5. AI Disclosures
Cater.app uses AI models from the following providers to power certain features:
- OpenAI (GPT models)
- Anthropic (Claude models)
- Google (Gemini models)
When you use AI-powered features, relevant data (such as menu items, client information, or business context) may be sent to these providers' APIs for processing. These providers process data via their API services and do not use API data to train their models.
Your data is not used to train AI models. Data submitted to AI features is processed for your request and is not retained by AI providers for model training or improvement.
AI-generated content may contain inaccuracies and should be reviewed before use. AI-generated outputs do not constitute professional advice.
6. Cookies
| Cookie | Purpose | Duration | Opt Out |
|---|---|---|---|
_ga, _ga_* | Google Analytics — aggregate usage measurement | Up to 2 years | GA opt-out add-on |
authjs.session-token | Authentication session | 30 days | Log out or clear browser data |
authjs.csrf-token | CSRF protection | Session | Clear browser data |
We do not use advertising cookies or engage in cross-site tracking. Cater.app does not currently respond to Do Not Track (DNT) browser signals, as there is no industry standard for compliance.
7. Third-Party Processors
| Provider | Purpose | Privacy Policy |
|---|---|---|
| Stripe | Payment processing | stripe.com/privacy |
| Amazon Web Services (SES) | Email delivery | aws.amazon.com/privacy |
| Google Analytics | Usage analytics | policies.google.com/privacy |
| OpenAI | AI processing | openai.com/privacy |
| Anthropic | AI processing | anthropic.com/privacy |
| Google (Gemini) | AI processing | policies.google.com/privacy |
8. Data Retention
- Account data: Retained for the lifetime of your account. Deleted within 30 days of account deletion.
- Business data (clients, quotes, orders, invoices, menu items): Retained for the lifetime of your account. Deleted within 30 days of account deletion.
- AI-processed data: Sent to AI providers for processing and not stored beyond the request. AI providers process via API and do not retain data for training.
- Analytics data: Retained by Google Analytics for 14 months.
- Server logs: Retained for 30 days for security and debugging purposes.
- Payment records: Retained by Stripe per their data retention policy. We retain only subscription status and Stripe customer IDs.
9. Your Rights
GDPR (EEA/UK Residents)
If you are located in the European Economic Area or the United Kingdom, you have the right to:
- Access the personal data we hold about you
- Request rectification of inaccurate data
- Request erasure of your data ("right to be forgotten")
- Restrict or object to certain processing
- Data portability — receive your data in a machine-readable format
- Lodge a complaint with your local supervisory authority
Our legal bases for processing under Article 6 GDPR are: contract performance (providing the service), legitimate interests (security, analytics, improvement), and consent (where applicable).
We will respond to rights requests within 30 days.
CCPA (California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Request correction of inaccurate personal information
- Opt out of the sale or sharing of personal information
Cater.app does not sell or share personal information as defined under the California Consumer Privacy Act.
How to Exercise Your Rights
Email info@cater.app with your request. We may need to verify your identity before processing. We will respond within 30 days.
10. International Data Transfers
Cater.app is hosted on servers located in the United States. If you access the service from outside the US, your data will be transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) and other applicable safeguards for international data transfers where required.
11. Children
Cater.app is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at info@cater.app and we will promptly delete it.
12. Security
- All data in transit is encrypted via TLS/HTTPS
- Passwords are hashed using bcrypt with a cost factor of 12
- Payment data is handled entirely by Stripe — no payment credentials are stored on our servers
- Database access is restricted to the application server only (no public access)
- In the event of a data breach, we will notify affected users and applicable authorities within 72 hours
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be posted with a new "Last updated" date at the top of this page. We encourage you to review this page periodically. For significant changes, we may provide additional notification via email.
14. Contact
For questions or concerns about this Privacy Policy or our data practices:
- Email: info@cater.app
- Entity: Dynamic Digital, LLC
- Location: Pennsylvania, United States
- Response time: Within 30 days
This privacy policy is provided for informational purposes. We recommend consulting with a qualified attorney for legal compliance advice specific to your jurisdiction.