Get Your Multi-Location Management Software with The Maestro® Solution

This “Privacy Policy” explains how Orchatect Inc. (“Company” or “we”) collects, uses, discloses, and otherwise processes personal data on behalf of our customers – typically, Franchisors or Franchisees (any, a “Customer” or “Customers”) – in connection with our application, Maestro. This Privacy Policy does not apply to the Company’s privacy practices in any other context.

The Company’s processing of personal data in connection with our application is governed by this Privacy Policy and our agreements with Merchants. In the event of any conflict between this Privacy Policy and a customer agreement, the customer agreement will control to the extent permitted by applicable law.

This Privacy Policy is not a substitute for any privacy policy that a Customer may be required to provide to their customers, personnel, or other individuals.

Orchatect Privacy Policy for Maestro

We may collect personal data from or on behalf of Customers. Customers determine the scope of the personal data transferred to us or that we collect, and the information we receive may vary by Customer. Typically, the information we collect on behalf of Customers includes:

Information Orchatect collects

Effective Date: 12/01/2023

Information that we collect when a customer for a Customer makes a payment

When a customer makes a payment via a POS, we collect information about the transaction, which may include personal data. Information about transactions includes the payment card used, name associated with the payment card, the location of the customer’s store, date and time of the transaction, transaction amount, and information about the goods or services purchased in the transaction.

We may collect additional information ancillary to the payment. This information may include:
  • Customers’ email address or phone number, such as when the customer chooses to receive an electronic receipt.
  • Customers’ marketing preferences, such as whether the customer wishes to receive marketing communications or newsletters.
  • Information about participating customers’ activity in a merchant loyalty program
  • Customers’ physical address, where needed for delivery of goods or services.
  • Other information the customer provides, such as birthdate, interests or preferences, reviews, and feedback.

Information that we collect about personnel of a Customer

We may collect information about Customers’ personnel and interactions with the POS, such as clock-in and clock-out time and tips earned.

Additional information that Merchants provide to us about their customers or personnel

Customers may provide us with additional information directly, via access they grant to us, or otherwise. The types of information that customers may provide to us about their customers include email addresses, phone numbers, and purchase history. The types of information that merchants may provide to us about their personnel include email addresses, phone numbers, shifts, and sales history.

How we use the information we collect

We use the personal data we collect for or on behalf of Customers, to provide our services and the functionality of our application:

We may also use personal data for related internal purposes, including:
  • To provide information about the application, such as important updates or changes to the application and security alerts
  • To measure performance of and improve the application
  • To respond to inquiries, complaints, and requests for customer support

In addition, Company may use personal data as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

How we share information

We may share personal data that we collect with:
  • The Customer from whom or on whose behalf we collected the personal data
  • The platform on which our application runs, the POS.




  • With third parties as a Customer may direct
  • With third party service providers that help us manage and improve the application
  • With Company subsidiaries and corporate affiliates for the purposes described in this Privacy Policy or in our agreement with a Customer

Company may disclose personal data to government or law enforcement officials or private parties as required by law, and disclose and use such information as we believe necessary or appropriate to (a) comply with applicable laws and lawful requests and legal processes, such as to respond to subpoenas or requests from government authorities; (b) enforce the terms and conditions that govern our application; (c) protect our rights, privacy, safety or property, and/or that of you or others; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.

Company may sell or transfer some or all of its business or assets, including your personal data, in connection with a business transaction (or potential business transaction) such as a merger, consolidation, acquisition, reorganization or sale of assets or in the event of bankruptcy, in which case we will make reasonable efforts to require the recipient to honor this Privacy Policy.
  • You may view Clover’s Privacy Notice here.
  • You may review Square’s Privacy Notice here.
  • You may review LightSpeed’s Privacy Notice here.
  • You may review Intuit’s Privacy Notice here.

Your rights and choices

Data subject rights

To the extent that applicable law provides individuals with rights pertaining to their personal information, such as to review and request changes to their personal information, individuals should contact the Customer with any requests pertaining to the Customer’s use of our application. To the extent that Orchatect is responsible for responding to data subject rights requests under applicable law, individuals may contact Orchatect with applicable requests as explained in Orchatect’s Privacy Notice, https://www.orchatect.com/privacy. Company will assist a Customer, or third party partner, as applicable, in responding to such requests subject to our contract with a Customer or a third party partner.

Retention Period

Once the contractual or service agreement with our customers has ended or terminated, we do not retain any personal information related to the services provided to our customers beyond what is necessary for legal or regulatory purposes, or for the establishment, exercise, or defense of legal claims.

Data Deletion

Upon the termination of the contractual or service agreement, we will promptly delete or anonymize all personal information collected or processed during the term of the agreement, except to the extent that retention is necessary for legal or regulatory compliance purposes.

Collection of Data for Minors

We recognize the importance of protecting the privacy of minors, especially in the online environment. We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental consent and unless there’s an exception as detailed in the next section. If we become aware that we have inadvertently collected personal information from a minor without appropriate consent, we will take prompt steps to delete such information from our records.

Parents or guardians who believe that their child has provided personal information to us without their consent should contact us immediately to request the removal of this information.

Exceptions

In some cases, we may be required by law to retain certain personal information for a longer period of time. In such instances, we will ensure that the information is securely stored and used only for the purposes for which it was retained.

In some cases, the solution deployed for a customer may require us to collect data for children, but this will be at the consent of the customer and the respective parents, as they provide the information themselves into certain parts of the solution.

Updates

We reserve the right to modify this Privacy Policy at any time. We will notify you of updates by updating the date of this Privacy Policy.

Complaints

If you have a complaint about our handling of personal data, you may contact us via the contact information provided below.

Contact us

You may contact us with any questions, comments, or complaints, about this Privacy Policy or our privacy practices via:

Email: privacy@orchatect.com

Office Address: 2100 N Greenville Ave Suite 1100 Richardson, TX 75082

Website: https://orchatect.com

Category (see the glossary below for definitions) Do we collect this information? Do we share this information for business purposes?
Identifiers [Yes] [No]
Online Identifiers [Yes] [No]
Protected Classification Characteristics [Yes] [No]
Commercial Information [Yes] [No]
Internet or Network Information [Yes] [No]
Geolocation Data [Yes] [No]
Sensory Information [Yes] [No]
Professional or Employment Information [Yes] [No]
Education Information [Yes] [No]
Inferences [Yes] [No]
Financial Information [Yes] [No]
Medical Information [Yes] [No]
Category Definition
Categories of Personal Information Date Elements within the Category
Biometric Information An individual’s physiological, biological or behavioral characteristics, including DNA, that can be used, singly or in combination with each other or with other identifying data, to establish an individual’s identity. Biometric information includes, but is not limited to, imagery of the iris, retina, fingerprint, face, hand, palm, vein patterns, and voice recordings, from which an identifier template, such as a face print, a minutiae template, or a voiceprint, can be extracted, and keystroke patterns or rhythms, gait patterns or rhythms, and sleep, health, or exercise data that contain identifying information.
Transaction History Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
Financial Information Bank account number, debit or credit card numbers, insurance policy number, and other financial information.
Geolocation Data Precise location, e.g., derived from GPS coordinates or telemetry data.
Identifiers Real name, alias, postal address, unique personal identifier, customer number, email address, account name other similar identifiers.
Government-issued ID Social security number, driver’s license, passport, or other government-issued ID, including an ID number or image.
Medical Information Personal information about an individual’s health or healthcare, including health insurance information.
Internet or Network Information Browsing history, search history, and information regarding a consumer’s interaction with an Internet website, application, or advertisement.
Online Identifiers An online identifier or other persistent identifier that can be used to recognize a person, family or device, over time and across different services, including but not limited to, a device identifier; an Internet Protocol address; cookies, beacons, pixel tags, mobile ad identifiers, or similar technology; customer number, unique pseudonym, or user alias; telephone numbers, or other forms of persistent or probabilistic identifiers (i.e., the identification of a person or a device to a degree of certainty of more probable than not) that can be used to identify a particular person or device.
Physical Description An individual’s physical characteristics or description (e.g., hair color, eye color, height, weight).
Professional or Employment Information Information relating to a person's current, past or prospective employment or professional experience (e.g., job history, performance evaluations), and educational background.
Protected Classification Characteristics Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
Sensory Information Audio, electronic, visual, thermal, olfactory, or similar information.