Privacy Policy

Nlogic Software LLC ("SchoolBitez," "we," "us," or "our") is committed to protecting the privacy of our users, including schools, caterers, parents, and students. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the SchoolBitez platform, including our website, mobile applications, and related services (collectively, the "Service").

By accessing or using the Service, you agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using the Service, including:

• Account Information: Name, email address, phone number, business or school name, and login credentials.
• Student Information: Student names, grade levels, school assignments, dietary restrictions, allergen information, and meal preferences as provided by parents or school administrators.
• Free and Reduced Meal Status: Eligibility information for free and reduced-price meal programs as provided by authorized school personnel (see Section 5 for protections).
• Payment Information: Billing addresses and payment method details processed through our PCI-compliant payment partners (see Section 7).
• Communications: Messages, support requests, and feedback you send to us.

1.2 Information Collected Automatically

When you access the Service, we may automatically collect:

• Device information (browser type, operating system, device identifiers)
• Log data (IP address, access times, pages viewed, referring URLs)
• Usage data (features used, actions taken, order history)
• Cookies and similar tracking technologies for session management and analytics

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the Service
• Process meal orders and facilitate payment transactions
• Manage school and caterer accounts, including menu publishing and reporting
• Communicate with you about your account, orders, and service updates
• Enforce allergen safety protocols and dietary restriction management
• Generate operational and financial reports for authorized administrators
• Improve, personalize, and expand the Service
• Comply with legal obligations and protect our legal rights

3. No Sharing of Customer Data with Third Parties

SchoolBitez does not sell, rent, trade, or otherwise share your personal information with third parties for their own marketing or commercial purposes.

We do not provide customer data, student information, parent information, or any usage data to third-party advertisers, data brokers, or any external organizations. Your data remains within the SchoolBitez platform and is used solely for the purposes of providing and improving the Service.

The only limited exceptions where data may be shared are:

• Payment Processing: Transaction data is securely transmitted to our PCI-compliant payment gateway partners (Stripe, Square, Authorize.net, or Vanco) solely to process payments. These providers are contractually prohibited from using your data for any other purpose.
• Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or if necessary to protect the rights, safety, or property of SchoolBitez, our users, or the public.
• With Your Consent: We may share information when you have given explicit written consent.

4. Data Sharing Within the Platform

Within the SchoolBitez ecosystem, certain data is shared between authorized parties to enable the Service:

• Schools and Caterers: Order information, student names, and meal selections are shared between schools and their designated caterers to fulfill meal orders.
• School Administrators: Authorized school staff may view student enrollment data, order summaries, and operational reports for their assigned schools.
• Parents: Parents can view their own children's information, order history, and account balances through the parent portal.

All data sharing within the platform is governed by role-based access controls, ensuring users can only access information they are authorized to view.

5. Protection of Free and Reduced Meal Status

SchoolBitez recognizes that a student's eligibility for free and reduced-price meals is highly sensitive information that requires special protection under federal and state law, including the National School Lunch Act and the Richard B. Russell National School Lunch Act.

We implement the following safeguards:

• Restricted Access: Free and reduced meal status information is accessible only to specifically authorized school personnel who have been granted permission by the school administrator. This information is not visible to caterers, vendors, other parents, or general school staff.
• Role-Based Permissions: School administrators have full control over which staff members can view, edit, or manage free and reduced meal status data through granular permission settings.
• Audit Trail: All access to free and reduced status data is logged for accountability and compliance purposes.
• Non-Disclosure at Point of Sale: The Point of Sale system is designed so that free and reduced meal status is not visually disclosed during the checkout process, protecting student privacy in the cafeteria.
• Data Segregation: Free and reduced status information is stored separately from general student and order data with additional encryption safeguards.

6. Children's Privacy

SchoolBitez takes the privacy of children very seriously. Our Service is designed for use by schools, caterers, and parents/guardians. We do not knowingly collect personal information directly from children under 13 years of age.

Student information is provided to the platform by parents/guardians or authorized school administrators. Schools using SchoolBitez are responsible for obtaining any necessary parental consents required under the Children's Online Privacy Protection Act (COPPA) and the Family Educational Rights and Privacy Act (FERPA).

7. PCI Compliance and Financial Data Security

SchoolBitez is fully compliant with the Payment Card Industry Data Security Standard (PCI DSS). We take the security of financial transactions and payment data extremely seriously.

Our PCI compliance measures include:

• No Storage of Card Data: SchoolBitez does not store, process, or retain credit card numbers, CVV codes, or full payment card data on our servers. All payment information is transmitted directly to and handled by our PCI-compliant payment gateway partners.
• Encrypted Transactions: All financial transactions are processed using industry-standard TLS/SSL encryption to protect data in transit.
• Tokenization: Payment methods are tokenized by our payment partners, meaning a unique token replaces sensitive card data for recurring transactions.
• Secure Payment Partners: We work exclusively with PCI DSS Level 1 certified payment providers, including Stripe, Square, Authorize.net, and Vanco.
• Regular Security Assessments: We conduct regular security audits and vulnerability assessments to maintain PCI compliance and identify potential risks.

8. Data Security

We implement industry-standard technical and organizational security measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Regular security audits and penetration testing
• Access controls and authentication requirements for all system users
• Secure data centers with physical and environmental safeguards
• Employee security training and background checks
• Incident response procedures for potential data breaches

While we strive to protect your information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to promptly addressing any security incidents.

9. Your Right to Delete Your Account

Parents and guardians have the right to delete their SchoolBitez account at any time if they no longer wish to use the Service. Upon account deletion:

• Personal Data Removal: Your personal information, including your name, email address, phone number, and login credentials, will be permanently deleted from our active systems.
• Children's Data: All associated student/children profiles and their personal information will be removed.
• Order History: Your order history will be anonymized or deleted. Schools and caterers may retain anonymized, aggregated order data for operational reporting purposes.
• Payment Data: Payment tokens stored with our payment partners will be revoked and deleted.
• Processing Time: Account deletion requests are processed within 30 days. Some data may be retained for a limited period as required by law or for legitimate business purposes (e.g., financial records for tax compliance).

To request account deletion, you may use the account deletion feature in the parent portal, or contact us at support@schoolbitez.com.

10. Cookies and Tracking Technologies

We use cookies and similar technologies to maintain user sessions, remember preferences, and analyze usage patterns. We use:

• Essential Cookies: Required for the Service to function, including authentication and session management.
• Analytics Cookies: Used to understand how users interact with the Service so we can improve it.

We do not use advertising or third-party tracking cookies. You can control cookie settings through your browser preferences, though disabling essential cookies may affect Service functionality.

11. Data Retention

We retain personal information for as long as your account is active or as needed to provide the Service. After account deletion or termination, we may retain certain data as required by law (e.g., financial transaction records for tax compliance) or for legitimate business purposes, in anonymized or aggregated form where possible.

12. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your account and associated data (see Section 9).
• Portability: Request a copy of your data in a portable format.
• Objection: Object to certain data processing activities.

To exercise any of these rights, please contact us at support@schoolbitez.com. We will respond to your request within 30 days.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. Continued use of the Service after changes constitutes acceptance of the revised policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: