Privacy Policy

Last updated: April 11, 2026

Avissh AI LLC ("we," "us," "our") operates OpsBrain, a web-based inventory management application. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our application at app.getopsbrain.com and our website at getopsbrain.com.

1. Information We Collect

Information You Provide

• Account information: Store name, location, owner name, and email address provided during onboarding.
• Staff information: Staff names, roles, and PIN codes entered for team authentication.
• Inventory data: Product names, quantities, prices, vendor information, count logs, waste logs, delivery records, and order history entered through normal use of the application.
• Invoice images: Photos or PDFs of vendor invoices uploaded for AI-powered scanning. These images are processed by a third-party AI service (Anthropic) and are not stored permanently by us after processing.
• Contact form submissions: Name, email, business name, and message content submitted through our website contact forms.

Information Collected Automatically

• Device and browser data: Browser type, device type, and screen resolution — used to optimize the application experience.
• Local storage: We use browser local storage (not cookies) to cache your store setup code, weather data, AI learning cache, and order history locally on your device for performance. This data never leaves your device.
• Usage patterns: Aggregate count activity, login frequency, and feature usage — used to improve the product. We do not track individual user behavior for advertising.

Information We Do NOT Collect

• Social Security numbers, government IDs, or financial account numbers
• Credit card or payment information (payments are processed entirely by Stripe)
• Location data from your device (weather forecasts use your store's configured address, not GPS)
• Contacts, photos, or files from your device (except invoice images you explicitly upload)

2. Cookies, Tracking, and Do Not Track

OpsBrain does not use cookies. We do not use third-party tracking technologies, advertising pixels, or analytics services that track individual user behavior across websites.

We use browser local storage (a device-side technology) solely to cache your store setup code, weather data, AI learning cache, and order history for performance purposes. This data remains on your device and is never transmitted to third parties. You can clear this data at any time through your browser settings.

Our Service does not respond to "Do Not Track" browser signals. This is because we do not engage in cross-site tracking or serve targeted advertising of any kind.

3. How We Use Your Information

• To provide, operate, and maintain the OpsBrain application
• To process invoice images for AI-powered delivery check-in
• To generate inventory predictions, ordering recommendations, and analytics
• To communicate with you about your account, updates, and support requests
• To improve our products and develop new features
• To detect and prevent fraud or misuse
• To comply with legal obligations, respond to lawful requests from public authorities, and protect the rights, privacy, safety, or property of Avissh AI LLC, our users, or the public

We may use anonymized, aggregated data that cannot identify you or your store to improve our products, generate industry benchmarks, and conduct research. This is consistent with Section 5 of our Terms of Service.

We do not sell, rent, or share your personal information with third parties for advertising or marketing purposes.

4. Data Isolation and Multi-Tenancy

OpsBrain is a multi-tenant application. Each store's data is isolated using PostgreSQL row-level security (RLS) policies. Your inventory, count logs, staff information, and all operational data are accessible only to authenticated users of your store. No other OpsBrain customer can see or access your data.

5. Data Processor and Controller Roles

When OpsBrain processes staff information (names, PINs, count activity, leaderboard data) on behalf of a franchise operator, the franchise operator is the data controller and OpsBrain acts as a data processor.

As the data controller, the franchise operator (Customer) is responsible for:

• Informing their staff that OpsBrain collects and processes their names, PINs, and work activity data
• Obtaining any consents required under applicable employment or privacy laws
• Responding to staff inquiries about how their data is used

As the data processor, OpsBrain:

• Processes staff data only as necessary to provide the Service
• Does not use staff data for any purpose other than operating OpsBrain on behalf of the Customer
• Will assist Customers in responding to staff data access or deletion requests

If you are a staff member (not the account holder) and have questions about how your employer uses OpsBrain, please contact your store owner or manager first. You may also contact us at hello@getopsbrain.com.

6. Staff Activity and Employee Privacy

OpsBrain tracks the following staff activity on behalf of the franchise operator:

• Staff names associated with inventory counts, waste logs, and delivery check-ins
• Count frequency, timing, and volume for leaderboard and compliance features
• PIN-based authentication events

This data is used to operate the Service's accountability and gamification features (leaderboard, badges, compliance tracking). It is visible to the store's account holder and other authenticated staff at the same store. It is not shared with any third party or any other OpsBrain customer.

Staff members may request access to or deletion of their personal data by contacting their store operator or by emailing hello@getopsbrain.com.

7. Third-Party Services

We use the following third-party services to operate OpsBrain:

• Supabase (database hosting) — Your data is stored in a PostgreSQL database hosted by Supabase, Inc. in the United States (West US region). Supabase encrypts data at rest and in transit.
• Anthropic (AI processing) — Invoice images are sent to Anthropic's Claude API for text extraction. Images are processed in real-time and are not permanently stored by OpsBrain or Anthropic after processing is complete. Per Anthropic's API data usage policy, data sent through the API is not used to train Anthropic's models and is not retained after processing. See Anthropic's privacy policy.
• Vercel (website hosting) — Our website and application are hosted on Vercel's infrastructure.
• Stripe (payments) — Subscription payments are processed by Stripe. We never see or store your full credit card number. See Stripe's privacy policy.
• Open-Meteo (weather data) — We request weather forecasts using your store's configured city coordinates (not your personal location). Open-Meteo is a free, open-source API that does not require authentication.
• FormSubmit.co (contact forms) — Website contact form submissions are routed through FormSubmit.co to our email.

8. Data Retention

• Active accounts: Your data is retained for as long as your account is active.
• After cancellation: Your data is retained for 30 days following account cancellation, then permanently deleted. During this window, you may reactivate your account and all data will be intact.
• Data export: You may request a full export of your data at any time by emailing hello@getopsbrain.com.
• Invoice images: Uploaded invoice images are processed in real-time and are not stored permanently on our servers after the AI extraction is complete.

9. Data Security

We implement industry-standard security measures including:

• Encryption in transit (HTTPS/TLS) for all data transmission
• Encryption at rest for all database storage
• Row-level security (RLS) enforcing strict data isolation between stores
• API keys and sensitive credentials stored server-side (never exposed to the browser)
• PIN-based authentication scoped per store

No method of transmission or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

10. Your Rights

Depending on your jurisdiction, you may have the following rights:

• Access: Request a copy of the personal information we hold about you.
• Correction: Request correction of inaccurate information.
• Deletion: Request deletion of your personal information.
• Export: Request your data in a portable format (CSV).
• Opt-out: We do not sell personal information. There is nothing to opt out of.

To exercise any of these rights, email hello@getopsbrain.com. We will respond within 30 days.

11. California Residents (CCPA)

If you are a California resident, you have the right to:

• Know what personal information we collect and how it is used
• Request deletion of your personal information
• Not be discriminated against for exercising your privacy rights
• Correct inaccurate personal information

We do not sell or share personal information for cross-context behavioral advertising as defined by the CCPA. We have not sold or shared personal information in the preceding 12 months.

Categories of personal information collected in the preceding 12 months:

• Identifiers (names, email addresses, store setup codes, staff PINs)
• Commercial information (inventory records, purchase history, vendor pricing, order history, delivery records, waste logs)
• Internet or electronic network activity (device type, browser type, aggregate usage patterns)
• Professional or employment-related information (staff roles, job titles)
• Inferences drawn from the above (AI-generated ordering predictions, consumption trends, demand forecasts)

We do not collect biometric data, geolocation data, or sensitive personal information as defined under the CCPA.

California residents may designate an authorized agent to submit requests on their behalf by providing written authorization to hello@getopsbrain.com. We may require identity verification before fulfilling requests.

12. Children's Privacy

OpsBrain is a business application designed for use by adults in commercial food service operations. We do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected information from a child under 13, we will delete it promptly.

13. Law Enforcement and Legal Requests

We may disclose your information to law enforcement, government authorities, or other third parties if:

• Required by law, subpoena, court order, or other legal process
• We believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
• Necessary to detect, prevent, or address fraud, security issues, or technical problems
• Required to enforce our Terms of Service

We will attempt to notify affected Customers of such requests unless prohibited by law or court order.

14. International Data Transfers

OpsBrain is operated from and data is processed in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States.

We rely on standard contractual protections and the security measures described in this policy to safeguard data transferred internationally.

15. Data Breach Notification

In the event of a data breach that compromises the security, confidentiality, or integrity of your personal information, we will:

• Investigate the breach promptly and take steps to mitigate harm
• Notify affected Customers by email within 72 hours of confirming the breach
• Notify relevant authorities as required by applicable law (including the California Attorney General if required by the CCPA)
• Provide a description of the breach, the types of data involved, and steps you can take to protect yourself

16. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active customers by email of any material changes. The "Last updated" date at the top of this page indicates when the policy was last revised.

17. Contact Us

If you have questions about this Privacy Policy or our data practices:

Avissh AI LLC
Email: hello@getopsbrain.com
Napa Valley, California