Privacy Policy

ChefSync SAS ("ChefSync," "we," "us," or "our") is committed to protecting your privacy and the personal data you entrust to us. This Privacy Policy explains how we collect, use, store, share, and protect personal information when you access or use the ChefSync Platform, including our website, mobile applications, APIs, and related services (collectively, the "Services").

This policy applies to all users of the Services, including restaurant owners, managers, staff members, and any other individuals whose personal data we process in connection with the operation of the Platform. By using the Services, you acknowledge that you have read and understood this Privacy Policy.

Our data processing practices are governed by Colombian Law 1581 of 2012 ("Ley de Protección de Datos Personales"), Decree 1377 of 2013, and other applicable regulations issued by the Superintendencia de Industria y Comercio (SIC). Where our processing activities have cross-border implications, we also adhere to internationally recognized data protection principles.

ChefSync SAS is the data controller responsible for the personal data processed through the Services. We determine the purposes and means of processing your personal information.

For any questions, concerns, or requests related to this Privacy Policy or your personal data, you may contact us:

• Email: hello@chefsync.io
• Address: ChefSync SAS, Bucaramanga, Santander, Colombia
• Website: https://chefsync.io

We have designated a Data Protection Officer (DPO) responsible for overseeing our privacy compliance program. The DPO can be reached at the email address above and will respond to all inquiries within two (2) business days.

We collect personal data that is necessary to provide, maintain, and improve the Services. The types of information we collect include:

Under Colombian Law 1581 of 2012, we process personal data based on one or more of the following legal grounds:

• Contractual necessity: Processing is necessary to perform our contract with you, including providing the Platform, managing your subscription, and delivering customer support.
• Consent: For certain processing activities, such as marketing communications and non-essential analytics, we obtain your explicit consent. You may withdraw consent at any time.
• Legitimate interests: We process data to maintain platform security, prevent fraud, improve our services, and comply with legal obligations, provided that your rights and freedoms are not overridden.
• Legal obligation: We may process data to comply with applicable laws, regulations, court orders, or requests from government authorities.

We do not process personal data for purposes that are incompatible with those for which it was originally collected, unless we obtain your additional consent or are required by law to do so.

We use the personal data we collect for the following purposes:

• Providing the Services: To create and manage your account, authenticate your identity, process orders, synchronize kitchen operations, and enable the core functionality of the Platform.
• Improving the Platform: To analyze usage patterns, identify bugs, develop new features, and optimize performance based on aggregated and anonymized data.
• Customer support: To respond to your inquiries, troubleshoot issues, and provide technical assistance through email, chat, and phone channels.
• Security and fraud prevention: To detect unauthorized access, prevent account abuse, identify fraudulent trial registrations, and protect the integrity of the Platform.
• Billing and administration: To process payments, manage subscriptions, send invoices, and handle billing disputes.
• Communications: To send service-related notifications, security alerts, product updates, and marketing materials (where you have consented).
• Legal compliance: To comply with data protection laws, tax regulations, and other applicable legal requirements.

We do not sell your personal data to third parties. We only share personal data in the following circumstances:

We retain your personal data for as long as necessary to fulfill the purposes for which it was collected, to comply with legal obligations, to resolve disputes, and to enforce our agreements.

Under Law 1581 of 2012 and related regulations, you have the following rights regarding your personal data:

• Right of access: You have the right to obtain confirmation of whether we process your personal data, and if so, to access that data and receive a copy.
• Right to rectification: You may request the correction of inaccurate or incomplete personal data.
• Right to deletion: You may request the deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when you withdraw consent, or when processing is unlawful.
• Right to object: You may object to the processing of your personal data for direct marketing purposes or when processing is based on legitimate interests.
• Right to restrict processing: You may request that we limit the processing of your data while we verify its accuracy or evaluate the legitimacy of processing.
• Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another controller where technically feasible.
• Right to revoke consent: Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at hello@chefsync.io with the subject line "Data Protection Request." We will respond within ten (10) business days, or fifteen (15) business days if additional verification is required, in accordance with Colombian law.

We use cookies and similar tracking technologies to enhance your experience, maintain security, and analyze usage. These technologies allow us to remember your preferences, authenticate your sessions, detect fraud, and understand how users interact with the Platform.

Cookies are small text files placed on your device when you visit our website or use our applications. We also use local storage, session storage, and device fingerprinting for similar purposes.

You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may prevent you from accessing certain features of the Platform.

For a comprehensive list of the cookies we use, their purposes, and their retention periods, please refer to our Cookie Policy.

ChefSync uses cloud infrastructure providers that may store or process personal data in data centers located outside of Colombia, including in the United States and the European Union. By using the Services, you acknowledge and consent to the transfer of your personal data to these jurisdictions.

We ensure that international transfers are protected by appropriate safeguards in accordance with Colombian data protection regulations. These safeguards include:

• Standard contractual clauses approved by the Superintendencia de Industria y Comercio
• Data processing agreements with all third-party providers
• Certifications and compliance frameworks such as SOC 2 and ISO 27001 maintained by our infrastructure partners
• Regular audits of third-party security and privacy practices

We do not transfer personal data to countries that do not provide an adequate level of data protection unless appropriate safeguards are in place.

The Platform is intended for business and professional use and is not directed at children under the age of eighteen (18). We do not knowingly collect personal data from children. If you believe that a child has provided us with personal data without parental consent, please contact us immediately at hello@chefsync.io, and we will take steps to delete such information.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, or legal requirements. When we make material changes, we will notify you by email or through the Platform at least thirty (30) days before the changes take effect.

The "Last updated" date at the top of this policy indicates when it was last revised. We encourage you to review this policy periodically to stay informed about how we protect your personal data.

Your continued use of the Services after any changes to this Privacy Policy constitutes your acceptance of the revised policy.