Privacy Policy

LAST UPDATED: MAY 3, 2026

1. Overview

Concierge Pilot is operated by Custom AI Apps LLC, a Texas limited liability company located at 4814 Arc Bend Road, Midlothian, TX 76065 ("we," "us," "our"). This policy explains how we collect, use, store, and protect information when you use our products, including Concierge Pilot, Texicurean OS, Arpejo, Jigger, Kitchen Cost Tracker, and any other services we operate (collectively, the "Services").

Our customers are independent restaurants, live-music venues, pet groomers, and other small businesses. Our end users include those businesses' staff, customers, and fans. This policy covers both groups.

2. Information we collect

2.1 Account information

When you create an account, we collect your name, email address, phone number, and password (stored hashed). For business accounts we also collect your business name, address, EIN, vertical (e.g., restaurant, bar, groomer), and the names and contact information of authorized users.

2.2 Operational data

Our Services store the data you create while running your business — menu items, customer orders, reservations, employee shifts, time-clock punches, payroll exports, ticketing data, fan profiles, photos uploaded to community walls, review responses, and similar records. This data is scoped per business with row-level security and is only visible to authenticated users of that business.

2.3 Payment information

We use Stripe to process payments. Card numbers, bank account numbers, and other sensitive payment details are sent directly from your browser to Stripe and are never stored on our servers. We retain only the last four digits of cards and Stripe's tokenized references.

2.4 Bank and financial data (via Plaid)

If you choose to connect a business bank account through our integration with Plaid, Inc., we receive (a) account metadata (institution name, account name, account mask), (b) transaction records (amount, date, merchant, description, Plaid category), (c) current and available balances, and (d) routing and account numbers when you authorize ACH bill payments. See the Plaid section below for details.

2.5 Communications

We retain copies of emails, SMS messages, and chat messages sent through our communication tools (CommandHub, AI Receptionist, AI Email Agent, missed-call SMS, Texicurean Partner Workspace) for the purpose of delivering them and providing in-app history.

2.6 AI-generated content and prompts

When you use AI features (review reply drafts, AI booking predictions, AI Receptionist, AI Ops Analyst, schedule generator, food cost analyst), we send relevant context to OpenAI and Anthropic via their APIs, retain the resulting outputs, and use them within your account. Per the providers' API terms, your prompts and outputs are not used to train their models.

2.7 Device and usage data

We collect IP address, browser type, operating system, pages visited, features used, and timestamps to operate, secure, and improve the Services. We do not sell this data.

3. How we use information

Operate the Services — process orders, generate schedules, run payroll, send reservations confirmations, deliver review replies, etc.
Build the real-time profit-and-loss dashboard — auto-categorize bank transactions into food cost, labor, occupancy, and operating expense buckets, then surface them to the business owner.
Initiate ACH payments to vendors — only when you authorize each payment, using bank routing and account numbers verified through Plaid Auth.
Improve security and reliability — detect fraud, debug issues, retain audit trails for refunds and shift closes.
Communicate with you — service announcements, billing notices, and product updates. We do not send marketing email without explicit opt-in.

We do not sell your information. We share it only as follows:

Service providers under contract — Stripe (payments), Plaid (bank connectivity), Supabase (database hosting), OpenAI and Anthropic (AI inference), Resend (transactional email), Twilio and Vapi (SMS and voice), Netlify (web hosting), Google (Maps, Places, Gemini), Spotify (fan music data, only with explicit OAuth consent from the fan), Ticketmaster (public event data). Each is bound by a data-processing agreement.
Within your business — data you create is visible to other authorized users of your business account based on their role.
Compliance and legal process — when required by valid subpoena, court order, or law.
Acquisition or merger — successor entity bound by this policy.

5. Plaid

We use Plaid Inc. ("Plaid") to verify and connect your business bank account when you choose to enable our Real-Time P&L or ACH Bill Auto-Pay features. By using these features, you grant us and Plaid the right to access your bank account information on your behalf.

Specifically, we may receive the following from Plaid:

Account metadata (institution name, account nickname, last four digits of account number, account type)
Transaction history (amount, posted date, authorized date, merchant name, description, Plaid category)
Current and available balances
Routing and account numbers (only when you authorize ACH bill payments via Plaid Auth)

We use this data only to (a) auto-categorize transactions into your real-time P&L dashboard, (b) display live balances on your dashboard, and (c) initiate ACH payments to your authorized vendors when you click "Pay" on a bill. We do not share this data with any third party other than the service providers listed above. We do not use it for marketing or advertising. We do not sell it.

You can disconnect any Plaid-linked account at any time from the P&L tab in CommandHub, which revokes Plaid's access token and stops further data pulls.

Plaid's own collection and use of your data is governed by Plaid's End User Privacy Policy.

6. Third-party services

Each subprocessor below has access to the categories of data needed to perform its function. We have data-processing or business-associate agreements in place where required.

Stripe — payment processing, Connect, refunds, webhooks (privacy policy)
Plaid — bank connectivity (privacy policy)
Supabase — Postgres database, authentication, storage (privacy policy)
OpenAI — AI inference (privacy policy)
Anthropic — AI inference (privacy policy)
Resend — transactional email (privacy policy)
Twilio / Vapi — SMS and voice (Twilio privacy)
Netlify — web hosting (privacy policy)
Google — Places, Maps, Gemini (privacy policy)
Spotify — Web Playback SDK, top artists (only when fan consents via OAuth) (privacy policy)

6a. SMS communications (consumer notice)

When a business uses Concierge Pilot to send SMS to its customers or patients (for example, a dental practice sending appointment confirmations and reminders to its patients), the following terms apply to those recipients:

Program description. Messages are transactional and informational — appointment confirmations, appointment reminders, reschedule notifications, and booking-related follow-ups. We do not send marketing or promotional SMS through this program.
Opt-in. Recipients opt in by submitting a booking request through the business's website or chat assistant where the SMS consent disclosure is shown adjacent to the phone-number collection field. Consent is required before any message is sent.
Message frequency. Up to 6 messages per month per recipient, typically fewer.
Carrier rates. Message and data rates may apply. Concierge Pilot and the business do not charge recipients for SMS; recipients pay their own carrier's standard rates.
Opt-out. Reply STOP at any time to unsubscribe. Additional supported keywords: STOPALL, UNSUBSCRIBE, CANCEL, END, QUIT. After opting out, no further messages will be sent for that business and number.
Help. Reply HELP for assistance, or contact the sending business directly (their contact information is provided on their website).
Carrier disclaimer. Carriers are not liable for delayed or undelivered messages.
No sale of phone numbers. We do not sell, rent, or share recipient phone numbers with third parties for marketing purposes. Phone numbers collected for SMS are used solely to deliver the consented messages and are shared only with our SMS delivery subprocessor (AWS End User Messaging) under contract.
SMS subprocessor. SMS is delivered via Amazon Web Services End User Messaging under a HIPAA-eligible Business Associate Agreement.

7. Security

We protect your data through:

Encryption in transit (TLS 1.2+) and at rest (Postgres encryption-at-rest on managed Supabase)
Row-level security policies that scope every database read and write to the business that owns the data
Auth-gated edge functions with JWT verification on every privileged endpoint
HMAC-verified webhooks for Stripe and inbound email
Idempotency tables to prevent duplicate processing
Audit columns on sensitive operations (refunds, shift closes, payroll exports)
Least-privilege access for our internal team — production database access is restricted to a small audited engineering group
Quarterly review of subprocessors and access lists

No system is perfectly secure. If we discover a breach affecting your data we will notify you in accordance with applicable law.

8. Data retention

We retain your data for as long as your account is active. When you close your account, we delete or anonymize personally identifiable data within 30 days, except where retention is required for legal, tax, or fraud-prevention purposes (typically up to 7 years for financial records).

Plaid access tokens are deleted immediately upon account disconnection. Bank transaction history remains available in your account until you delete it or close the account.

9. Your rights

Depending on your jurisdiction, you may have rights to:

Access the personal data we hold about you
Correct inaccurate data
Delete your data (subject to retention requirements above)
Export your data in a portable format (CSV exports are available for most data types directly in the app)
Withdraw consent for data processing where consent is the legal basis
Lodge a complaint with a supervisory authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

California residents (CCPA / CPRA): you have the right to know, delete, correct, and opt out of "sale" or "share" of personal information. We do not sell or share personal information for cross-context behavioral advertising. You may submit a verifiable consumer request to the email above.

10. Cookies

We use first-party cookies and localStorage to keep you signed in, remember your preferences (such as Help on/off), and store ephemeral state. We do not use third-party advertising cookies or cross-site tracking pixels. Authentication cookies are session-scoped and HttpOnly where possible.

11. Children's privacy

Our Services are not intended for use by children under 13. We do not knowingly collect personal information from anyone under 13. If we learn we have collected such information, we will delete it promptly.

12. International users

We operate the Services from the United States. If you access them from outside the U.S., you understand your information will be transferred to and processed in the U.S., where data protection laws may differ from your jurisdiction.

13. Changes to this policy

We may update this policy from time to time. The "Last updated" date at the top reflects the most recent revision. For material changes, we will provide notice via email or in-app banner.

14. Contact us

Privacy questions, data requests, or notice of a security concern:

Custom AI Apps LLC
Attn: Privacy
4814 Arc Bend Road
Midlothian, TX 76065
Email: [email protected]