Privacy Policy

Orchatect Inc. — Maestro Platform

Effective Date: March 6, 2026

This Privacy Policy governs Orchatect Inc.'s collection, use, and disclosure of personal data across all platforms and integrations supported by the Maestro application, including Clover, Square, Meevo, QuickBooks, and Cents. Where Maestro is published on a third-party app marketplace, a platform-specific privacy policy addendum may also apply. In the event of any conflict between this master policy and a platform-specific addendum, the platform-specific addendum will control for that platform.

This Privacy Policy explains how Orchatect Inc. ("Company," "we," or "us") collects, uses, discloses, and otherwise processes personal data on behalf of our customers — typically Franchisors, Franchisees, or Merchants (collectively, "Customers") — in connection with the Maestro application. This Privacy Policy does not apply to Orchatect's privacy practices in any other context.

Where Maestro connects to a third-party Point of Sale or business platform (such as Clover POS, Square, Meevo, QuickBooks, or Cents), the term "Customer" in this policy includes the Merchant or business operator who has authorized Maestro to access their data on that platform. Customers determine the scope of personal data transferred to us or that we collect, and the information we receive may vary by Customer and by platform.

Company's processing of personal data is governed by this Privacy Policy and our agreements with Customers. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will be controlled to the extent permitted by applicable law.

This Privacy Policy is not a substitute for any privacy policy that a customer may be required to provide to their own customers, personnel, or other individuals.

1.  How Maestro Accesses Customer Data

Maestro connects to third-party POS and business management platforms through authorized integration flows (such as OAuth). When a Customer installs the Maestro application on a supported platform or grants Maestro access to their account, they authorize Orchatect to retrieve data from that platform on their behalf.

The data Maestro retrieves depends on the permissions granted by the Customer and the capabilities of the connected platform. Maestro does not access platform data beyond what is necessary to provide its multi-location management, reporting, and operational services.

Customers may revoke Maestro's access at any time through the connected platform's account or developer settings. Revocation will not affect data already retrieved and processed under the prior authorization.

2.  Information We Collect

2.1  Payment and Transaction Data

When a customer of a Customer makes a payment via a connected POS platform, we may collect information about the transaction. This may include: the payment card used, name associated with the payment card, the location of the store, date and time of the transaction, transaction amount, and information about the goods or services purchased.

We also collect historical sales data and transaction records to provide reporting and analytics through Maestro.

1.1  Inventory and Item Data

We may collect inventory data from connected platforms, including item names, descriptions, prices, categories, modifiers, and stock levels. This is used to provide cross-location inventory visibility within Maestro.

1.2  Customer Data

We may collect additional information about a Customer's end-customers, ancillary to payments or provided directly by the Customer. This may include:

• Email address or phone number
• Marketing preferences
• Loyalty program activity
• Physical address (where needed for delivery of goods or services)
• Other information end-customers provide, such as birth date, interests, preferences, reviews, or feedback

1.3  Employee and Personnel Data

We may collect information about a Customer's personnel and their interactions with connected platforms. This may include clock-in and clock-out times, tips earned, shift data, sales history, and employee identifiers. This data supports workforce and operations management features in Maestro.

1.4  Additional Customer-Provided Data

Customers may provide us with additional information directly, via access they grant to us through platform integrations, or otherwise. The types of information Customers may provide about their own customers include email addresses, phone numbers, and purchase history. The types of information Customers may provide about their personnel include email addresses, phone numbers, shifts, and sales history.

2.  How We Use the Information We Collect

We use the personal data we collect for or on behalf of Customers to provide the core services and functionality of the Maestro application, including:

• Multi-location sales reporting and analytics
• Inventory tracking and management across locations
• Employee scheduling, performance, and workforce management
• Customer relationship and loyalty program management
• Cross-platform data aggregation and business intelligence dashboards We may also use personal data for related internal purposes, including:
• Providing information about the application, such as important updates, changes, and security alerts
• Measuring performance and improving the application
• Responding to inquiries, complaints, and customer support requests

In addition, Company may use personal data as necessary or appropriate to: (a) comply with applicable laws, lawful requests, and legal processes; (b) enforce the terms and conditions governing our application; (c) protect our rights, privacy, safety, or property, and that of Customers or others; and (d) protect, investigate, and deter against fraudulent, harmful, unauthorized, or illegal activity.

3.  How We Share Information

We may share personal data that we collect with:

• The Customer from whom or on whose behalf we collected the personal data
• The third-party platform(s) on which our application runs (see Section 9 for platform-specific privacy notices)
• Third parties as a customer may direct
• Third-party service providers that help us manage and improve the application
• Company subsidiaries and corporate affiliates for the purposes described in this Privacy Policy or in our agreement with a customer

Company may disclose personal data to government or law enforcement officials or private parties as required by law, and as necessary or appropriate to: (a) comply with applicable laws and legal processes;

(b) enforce the terms and conditions governing our application; (c) protect our rights, privacy, safety, or property; and (d) protect, investigate, and deter against fraudulent, harmful, or illegal activity.

Company may sell or transfer some or all of its business or assets, including personal data, in connection with a business transaction such as a merger, consolidation, acquisition, reorganization, or sale of assets, or in the event of bankruptcy. In such cases, we will make reasonable efforts to require the recipient to honor this Privacy Policy.

4.  Your Rights and Choices

4.1  Data Subject Rights

To the extent that applicable law provides individuals with rights pertaining to their personal data — such as the right to review or request changes — individuals should contact the relevant Customer with any requests pertaining to that Customer's use of our application. To the extent that Orchatect is responsible for responding to data subject rights requests under applicable law, individuals may contact Orchatect as described in Section 8 below.

Where Maestro operates on a third-party platform, individuals may also have rights available directly through that platform. Please refer to the applicable platform privacy notice listed in Section 9.

4.2  Retention Period

Once the contractual or service agreement with a Customer has ended or terminated, we do not retain personal information related to the services provided beyond what is necessary for legal or regulatory purposes, or for the establishment, exercise, or defense of legal claims.

4.3  Data Deletion

Upon termination of a contractual or service agreement, we will promptly delete or anonymize all personal information collected or processed during the term of the agreement, except where retention is necessary for legal or regulatory compliance.

4.4  Collection of Data for Minors

We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental consent. If we become aware that we have inadvertently collected personal information from a minor without appropriate consent, we will take prompt steps to delete such information. Parents or guardians who believe their child has provided personal information to us without consent should contact us immediately.

In some cases, a solution deployed for a customer may require us to collect data for children, but only with the consent of the customer and the respective parents, as they provide the information themselves.

4.5  Complaints

If you have a complaint about our handling of personal data, please contact us via the information provided in Section 8 below.

4.6  Updates

We reserve the right to modify this Privacy Policy at any time. We will notify you of updates by updating the effective date of this Privacy Policy.

5.  Exceptions

In some cases, we may be required by law to retain certain personal information for a longer period of time. In such instances, we will ensure that the information is securely stored and used only for the purposes for which it was retained.

6.  Your California Privacy Rights (CCPA)

As a California resident, you have the following rights, subject to certain limitations:

• Information: You can request information about how we have collected and used your Personal Information during the past 12 months, including the categories collected, sources, business purposes, and third parties with whom we share it.
• Access: You can request a copy of the Personal Information we maintain about
• Deletion: You can ask us to delete the Personal Information we maintain about
• Nondiscrimination: You are entitled to exercise these rights free from We will not penalize you for exercising your rights by denying goods or services, increasing prices, or decreasing service quality.

6.1  How to Exercise Your Rights

• Email us at: privacy@orchatect.com
• Call us toll-free at: 1-866-672-4283
• Write to us at: 9201 Warren Pkwy Ste 200, Frisco, TX 75035

We will verify your identity before processing requests. You may submit requests on behalf of your minor child under age 13, or designate an authorized agent by providing written authorization.

6.2  Sale of Personal Information

We do not sell, as defined under the CCPA, your Personal Information to third parties. In the preceding twelve (12) months, we have not sold any personal information.

6.3  Personal Information We Collect, Use, and Share

The table below summarizes our collection and sharing of personal information during the last 12 months:

Category	Do we collect?	Do we share?
Identifiers	Yes	No
Online Identifiers	Yes	No
Protected Classification Characteristics	Yes	No
Commercial Information	Yes	No
Biometric Information	No	No
Internet or Network Information	Yes	No
Geolocation Data	Yes	No
Sensory Information	Yes	No
Professional or Employment Information	Yes	No

 

Education Information	Yes	No
Inferences	Yes	No
Financial Information	Yes	No
Medical Information	Yes	No

7.  Contact Us

You may contact us with any questions, comments, or complaints about this Privacy Policy or our privacy practices:

• Email: privacy@orchatect.com
• Phone: 1-866-672-4283
• Address: 9201 Warren Pkwy Ste 200, Frisco, TX 75035
• Website: https://orchatect.com

 

8.  Third-Party Platform Privacy Notices

Maestro integrates with the following third-party platforms. Each platform has its own privacy practices governing data collected through their systems. Where Orchatect has published a platform-specific privacy policy addendum, that addendum applies in addition to this master policy.

Platform	Platform Privacy Notice	Orchatect Addendum
Clover	View Privacy Notice	View Addendum
Square	View Privacy Notice	—
Meevo	View Privacy Notice	—
QuickBooks / Intuit	View Privacy Notice	—
Cents	View Privacy Notice	—

 

9.      Glossary

Category	Definition
Biometric Information	An individual's physiological, biological or behavioral characteristics, including DNA, that can be used to establish an individual's identity. Includes imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings.
Transaction History	Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Financial Information	Bank account number, debit or credit card numbers, insurance policy number, and other financial information.
Geolocation Data	Precise location, e.g., derived from GPS coordinates or telemetry data.
Identifiers	Real name, alias, postal address, unique personal identifier, customer number, email address, account name and other similar identifiers.
Government-issued ID	Social security number, driver's license, passport, or other government-issued ID, including an ID number or image.
Medical Information	Personal information about an individual's health or healthcare, including health insurance information.

 

Internet or Network Information	Browsing history, search history, and information regarding a consumer's interaction with an Internet website, application, or advertisement.
Online Identifiers	A device identifier, IP address, cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers.
Physical Description	An individual's physical characteristics or description (e.g., hair color, eye color, height, weight).
Professional or Employment Information	Information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations), and educational background.
Protected Classification Characteristics	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information.
Sensory Information	Audio, electronic, visual, thermal, olfactory, or similar information.

 

-----------------------------------------------------------------------------------------------

Platform-specific privacy policy addenda are available at orchatect.com/privacy. Where a platform addendum exists, it applies in addition to this master policy for use of Maestro on that platform.