Smart Café Solution Privacy Policy

Last Updated: June 19, 2025

Introduction

Smart Café Solution ("we," "our," or "us") is committed to protecting the privacy and security of all users of our school café management platform. This Privacy Policy explains how we collect, use, store, and protect information when you use our services, including our mobile application and web platform.

Information We Collect

Student Information

We collect limited information about students to facilitate café operations:

Student ID or Username: School-assigned identifier for account access
Grade Level: To provide age-appropriate menu options and portion sizes
Dietary Restrictions/Allergies: To ensure safe meal preparation and recommendations
Purchase History: Transaction records for meal purchases and account management

Parent/Guardian Information

We collect the following information from parents or guardians:

Contact Information: Name, email address, and phone number for account management
Payment Information: Credit card or bank account details for wallet funding (processed securely through third-party payment processors)
Account Preferences: Spending limits, notification preferences, and meal preferences for their child

School Staff and Administrator Information

For authorized school personnel:

Professional Information: Name, role, school affiliation, and contact details
Login Credentials: Secure authentication information for system access
Usage Data: System interaction logs for security and improvement purposes

Automatically Collected Information

Our system automatically collects:

Device Information: Device type, operating system, and app version
Usage Analytics: Features used, time spent in app, and interaction patterns
Location Data: General location for service delivery (school premises only)
Technical Data: IP addresses, browser type, and connection information

How We Use Information

We use collected information for the following purposes:

Service Provision

Process meal orders and payments
Manage digital wallet balances and transactions
Provide real-time order status updates
Facilitate pickup and delivery coordination

Account Management

Create and maintain user accounts
Authenticate users and prevent unauthorized access
Send transaction confirmations and receipts
Provide customer support

Safety and Compliance

Accommodate dietary restrictions and allergies
Comply with school nutrition standards
Maintain food safety protocols
Generate required reports for school administration

Improvement and Analytics

Analyze usage patterns to improve service quality
Optimize menu offerings based on preferences
Enhance user interface and experience
Troubleshoot technical issues

We do not sell, rent, or trade personal information. We may share information in the following circumstances:

With School Partners

Share necessary information with participating schools for service delivery
Provide reports on café operations and student nutrition programs
Coordinate with school administration for policy compliance

With Service Providers

Payment processors for secure transaction handling
Cloud hosting providers for data storage and system operation
Analytics services for app improvement (with data anonymization)
Customer support tools for help desk operations

Legal Requirements

Comply with applicable laws, regulations, or legal processes
Protect the rights, property, or safety of users, schools, or the public
Respond to lawful requests from government authorities

Data Security

We implement comprehensive security measures to protect your information:

Technical Safeguards

Encryption: All data is encrypted in transit and at rest using industry-standard protocols
Secure Servers: Data is stored on secure, monitored servers with restricted access
Authentication: Multi-factor authentication for administrative accounts
Regular Updates: System security patches and updates are applied promptly

Operational Safeguards

Access Controls: Limited access to personal information on a need-to-know basis
Employee Training: Staff receive regular privacy and security training
Incident Response: Procedures in place for potential security incidents
Regular Audits: Periodic security assessments and compliance reviews

Payment Security

PCI Compliance: Payment processing meets Payment Card Industry standards
Tokenization: Credit card information is tokenized and not stored directly
Fraud Detection: Monitoring systems to detect suspicious payment activity

Parental Rights and Control

For Student Accounts

Parents and guardians have the right to:

Access: Review their child's account information and transaction history
Control: Set spending limits and meal preferences
Update: Modify contact information and payment methods
Delete: Request deletion of their child's account and associated data
Restrict: Limit certain features or disable the account temporarily

Communication Preferences

Parents can choose to receive:

Transaction notifications and receipts
Low balance alerts and funding reminders
Menu updates and special announcements
Account security notifications

Student Privacy Protection

FERPA Compliance

We align our practices with the Family Educational Rights and Privacy Act (FERPA):

Transaction records are treated as education records when applicable
We do not disclose student information without proper authorization
Schools maintain control over student data and access rights
Parents can review and request corrections to their child's information

Age-Appropriate Features

Interface designed for easy use by students of all ages
Spending controls to prevent excessive purchases
Healthy meal recommendations based on nutritional guidelines
Clear pricing and transaction information

Data Retention

Retention Periods

Active Accounts: Data retained while account is active and for legitimate business purposes
Transaction Records: Maintained for accounting and compliance purposes (typically 7 years)
Inactive Accounts: Data purged after 2 years of inactivity
Marketing Data: Removed upon opt-out or account deletion

Deletion Process

When accounts are deleted:

Personal identifying information is removed from active systems
Transaction records may be retained in anonymized form for compliance
Backup data is purged according to our retention schedule

Your Rights and Choices

Access and Portability

Request copies of your personal information
Obtain data in a commonly used, machine-readable format
Transfer data to another service provider where technically feasible

Correction and Updates

Update account information and preferences at any time
Correct inaccurate or incomplete information
Modify communication preferences

Deletion and Restriction

Request deletion of accounts and associated personal data
Restrict processing of information for specific purposes
Object to certain uses of information

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in our services or business practices
New legal requirements or regulatory guidance
Improvements in privacy protection measures
User feedback and industry best practices

When we make material changes:

We will update the "Last Updated" date
Users will be notified through the app or email
Continued use constitutes acceptance of the updated policy

Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our privacy practices:

Email: privacy@certifysphere.com
Support: support@certifysphere.com
Website: https://certifysphere.com
Company: Certifysphere Solutions LLC

Data Protection Officer

For specific privacy inquiries or to exercise your rights: Email: dpo@certifysphere.com

Additional Information

State Privacy Laws

California Consumer Privacy Act (CCPA)

California residents have additional rights including:

Right to know what personal information is collected
Right to delete personal information
Right to opt-out of sale of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights

Other State Laws

We comply with applicable state privacy laws including those in Virginia, Colorado, and Connecticut. Contact us for information about specific state law protections.

International Users

While Smart Café Solution primarily serves schools in the United States:

We may process data of international students attending U.S. schools
International data transfers are protected by appropriate safeguards
Users outside the U.S. can contact us regarding local privacy law compliance

School-Specific Policies

Individual schools may have additional privacy policies that apply to:

Student data collected through school systems
Integration with existing school information systems
Reporting requirements to school districts or education authorities

We work with each school partner to ensure compliance with their specific privacy requirements and policies.

Effective Date: June 19, 2025
Next Review: December 19, 2025

For the most current version of this Privacy Policy, visit: https://certifysphere.com/products/smart-cafe-privacy-policy

Introduction​

Information We Collect​

Student Information​

Parent/Guardian Information​

School Staff and Administrator Information​

Automatically Collected Information​

How We Use Information​

Service Provision​

Account Management​

Safety and Compliance​

Improvement and Analytics​

Information Sharing and Disclosure​

With School Partners​

With Service Providers​

Legal Requirements​

Data Security​

Technical Safeguards​

Operational Safeguards​

Payment Security​

Parental Rights and Control​

For Student Accounts​

Communication Preferences​

Student Privacy Protection​

FERPA Compliance​

Age-Appropriate Features​

Data Retention​

Retention Periods​

Deletion Process​

Your Rights and Choices​

Access and Portability​

Correction and Updates​

Deletion and Restriction​

Changes to This Privacy Policy​

Contact Information​

Data Protection Officer​

Additional Information​

State Privacy Laws​

California Consumer Privacy Act (CCPA)​

Other State Laws​

International Users​

School-Specific Policies​