Legal

Privacy Policy

Name: PourIQ
Brand: PourIQ
Price: 75.00 USD
Availability: PreOrder

Effective Date: May 21, 2026

PourIQ ("PourIQ," "we," "us," or "our") provides bar and restaurant inventory management software. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices and rights you have. This policy applies to the PourIQ platform, website (mypouriq.com), and all related services (the "Service").

1. Information We Collect

Account information.

Name, email address, and business name provided during registration.
Payment information processed by Stripe. PourIQ does not store full credit card numbers; we receive only metadata (last four digits, card type, billing ZIP) from Stripe.

Inventory and operational data.

Product names, quantities, costs, categories, suppliers, recipes, and other inventory records you enter into the Service.
Sales data we receive via integrations you authorize (e.g., POS systems).
Count history, reports, audit logs, and any other data you create within the platform.

Usage and analytics data.

Pages visited and features used, collected via Google Analytics 4 (only if you grant analytics consent).
Device type, browser type, approximate location (city/region level), and referring URL.
Error logs and performance telemetry.

Marketing form data.

If you submit a demo request, contact form, or other marketing form, we collect the information you provide (name, email, restaurant name, POS system, optional message).

2. How We Use Your Information

Provide the Service: deliver inventory management features, process integrations, generate reports.
Improve the product: analyze aggregate usage patterns.
Communicate with you: account-related notifications, billing, important Service updates, and (if you opt in) sales follow-ups.
Security: detect and prevent fraud, abuse, and unauthorized access.
Legal: comply with applicable law and respond to lawful requests.

3. Sub-Processors (Third Parties That Process Data on Our Behalf)

PourIQ relies on the following sub-processors. Each is bound by a Data Processing Agreement (DPA) where one is offered. We update this list when we change vendors.

Cloudflare, Inc. DNS, CDN, Workers, Pages, edge security. Processes HTTP request metadata.
Supabase, Inc. Primary application database, authentication, file storage. Built on AWS infrastructure.
Stripe, Inc. Payment processing and subscription billing. Stripe is PCI-DSS Level 1 certified.
HubSpot, Inc. CRM for managing demo requests, support tickets, and customer communications. Lead data submitted through marketing forms flows into HubSpot.
Resend, Inc. Transactional email delivery (welcome emails, staff invitations, billing notices).
Google LLC (Google Analytics 4). Website analytics. Loads only after you grant analytics consent. Anonymized IP enabled.
Anthropic, PBC. Large language model API used by optional AI features (demand forecasting, ordering suggestions, invoice scanning). Anthropic does not train models on API data per their commercial terms.
GitHub, Inc. Source code hosting and build automation.

If you require a current sub-processor list with DPA references, contact info@mypouriq.com.

4. Cookies, Local Storage, and Tracking

We use the following client-side storage:

Strictly necessary cookies: session authentication, CSRF protection, and your consent preferences. These cannot be turned off because the site cannot function without them.
Local storage: display preferences (e.g., theme), draft form inputs, offline cache for the PWA application.
Analytics cookies (consent-gated): if you accept analytics, Google Analytics 4 sets _ga and _ga_* cookies to measure visits. We do not use these for advertising.

We do not use Facebook Pixel, Google Ads conversion tags, or other advertising-network trackers.

You can change your cookie choice at any time using the "Manage cookies" link in the site footer or by clearing the cc_cookie consent record.

5. Sale and Sharing of Personal Information (CCPA/CPRA Disclosure)

Under California's CCPA/CPRA broad definitions, loading Google Analytics on our website may be considered "sharing personal information for cross-context behavioral advertising," even though we do not use the data for advertising and do not receive any payment for it.

If you are a California resident or your browser sends a Global Privacy Control (GPC) signal, you have the right to opt out of this sharing. We honor GPC automatically: if your browser sends GPC, analytics are off by default and you do not need to do anything.

If you want to opt out without GPC, use the cookie banner's "Reject all" button, or use the "Manage cookies" link in the footer. Your choice is recorded for 12 months.

We do not sell personal information for money. We do not "share" personal information for cross-context behavioral advertising in the marketing sense. The CCPA/CPRA disclosures above apply because of the law's broad definition of "share," not because we engage in advertising-based data brokering.

6. Your Privacy Rights

Depending on your location, you may have the following rights:

Right to know / access: request a copy of the personal information we hold about you.
Right to delete: request deletion of your account and associated data.
Right to correct: update or correct inaccurate personal information.
Right to opt-out of sale/sharing: exercise via the cookie banner or by enabling Global Privacy Control in your browser.
Right to portability: receive your data in a structured, machine-readable format.
Right to non-discrimination: we will not deny service, charge different prices, or provide a different level of service because you exercised a privacy right.
Right to appeal (Virginia, Colorado, Connecticut residents): if we deny a privacy rights request, you may appeal by replying to our decision email; we will respond within 60 days.
Right to designate an authorized agent: you may use an authorized agent to submit requests on your behalf. The agent must provide signed permission and verifiable identity.

To exercise these rights, email info@mypouriq.com with the subject line "Privacy Request." We will respond within 30 days (45 days where law permits an extension).

To verify your identity, we may ask for two pieces of information that match what we have on file (e.g., email address used to sign up plus business name).

7. Data Storage and Security

Encryption in transit: all data between your browser and our servers is encrypted using TLS 1.2 or higher.
Encryption at rest: data at rest is encrypted on Supabase (Postgres) and Stripe infrastructure.
Access controls: production system access is limited and logged.
Regular backups: Supabase performs continuous backups with point-in-time recovery.

While we maintain reasonable safeguards, no system is 100% secure. We will notify affected users without undue delay (and in any case no later than 72 hours, where required by law) if we determine a security incident has compromised your personal information.

8. Data Retention

Active subscription: data is retained as long as your subscription is active.
After cancellation: data remains available for export for 30 days after termination.
Deletion: data is permanently deleted from production systems 90 days after termination. Backup retention is up to 30 additional days.
Marketing form submissions: retained in HubSpot for up to 36 months, or until you request deletion.
Analytics: Google Analytics retention is set to the minimum permitted (2 months at event level).

9. International Data Transfers

PourIQ is based in Virginia, United States. Our sub-processors operate primarily in the U.S. If you access the Service from outside the U.S., your data will be transferred to and processed in the U.S. We do not currently offer EU/UK-specific data residency.

10. Children's Privacy

The Service is intended for use by adults (18+) in a business context. We do not knowingly collect personal information from anyone under 18. If you believe a minor has provided personal information, contact us and we will delete it.

11. Changes to This Policy

We will provide at least 30 days' notice via the email address associated with your account for material changes, and post the updated policy with a new effective date. Continued use of the Service after the effective date constitutes acceptance.

12. Contact Information

Privacy questions / data rights requests: info@mypouriq.com (subject: "Privacy Request")
General: info@mypouriq.com
Website: mypouriq.com
Location: Virginia Beach, VA, USA

Send a Privacy Request

13. Your California / Virginia / Colorado / Connecticut / Utah Notice

This section is for residents of states with comprehensive consumer privacy laws.

Categories of personal information we collect (CCPA categories): identifiers (name, email), commercial information (subscription history), internet activity (page views, when consented), geolocation (approximate, from IP), inferences (none currently). We do not collect biometric, health, genetic, financial-account, government-ID, or precise-location data.

Sources: directly from you; from integrations you authorize (e.g., POS); from cookies (when consented).

Purposes: see Section 2 above.

Categories of recipients: see Section 3 (Sub-Processors).

Sensitive personal information: we do not knowingly process sensitive personal information as defined by CCPA/CPRA.

Retention: see Section 8.

Sale / sharing: we do not sell personal information for money. See Section 5 for CCPA/CPRA "share" disclosure (analytics).

To exercise rights, see Section 6. Authorized agents accepted with written, signed permission.