Privacy Policy

Last updated — 9 July 2026

Welcome to AI Bunny Inc ("AI Bunny", "we", "our", or "us"). We value your privacy. This document explains what personal data we collect, why we collect it, and how you can exercise your rights. It applies to the following ("Services"):

  • Driver App (iOS/Android).
  • Restaurant Dashboard & POS (web/mobile).
  • White‑Label Restaurant Apps & Websites.
  • AI Phone Agent.
  • AI Chat Agents (WhatsApp, Instagram, or other messaging platforms).
  • aibunny.tech and any site that links here.

By using the Services you consent to the practices described below.

1 · Definitions

Client – a business (e.g., restaurant) that contracts with us.
Reseller – a business or individual authorized to market and refer Clients to AI Bunny. Resellers are governed by separate Reseller Agreements.
End User – any individual who interacts with the Services (diners, drivers, restaurant staff).
Personal Data – information that identifies or relates to an identifiable person.

2 · Information We Collect

2.1 Account Data

  • Diners – name, email, phone, delivery address, hashed password, order history.
  • Drivers – name, email, phone, hashed password, delivery stats.
  • Restaurant Staff – name, business email/phone, role.
  • Resellers – name, business name, email, phone, tax ID (if required for reporting), bank account details (routing and account number) for commission payments.

2.2 Payment Data

We never store raw card numbers. Card data is processed and tokenised by third-party PCI-compliant payment processors. We store only the token, card brand, and last four digits so you can reuse the payment method.

2.3 Transactional & Usage Data

  • Order details (items, price, tip, tax, timestamps).
  • Driver App data: precise device location (GPS) the app may collect during deliveries, in-app card payments the Driver App may process, and cash-out and earnings records.
  • Loyalty and rewards activity (points earned and redeemed, tied to a customer account or phone number) where a Client offers a rewards program.
  • Driver route events (accepted, en-route, delivered).
  • AI Phone Agent call recordings & transcripts.
  • AI Chat Agents message logs & conversation history (WhatsApp, Instagram, etc.).
  • Push-notification tokens (device IDs).
  • Technical logs (IP, device model, OS, crash reports).
  • URL parameters and referral source tracking (reflink, UTM parameters, campaign attribution data).

Location information. Where delivery features are used, we may collect and process precise location data to provide, route, and track deliveries. This may include delivery addresses converted into map coordinates (geocoding) and, where the Driver App is used, the driver's precise device location, which may be shown to the diner on a live order-tracking screen during an active delivery. We use precise location only to provide and improve these delivery and mapping functions, and not for advertising or to infer personal characteristics.

2.4 Cookies & Similar Tech

We use cookies and similar tracking technologies to provide and improve the Services:

  • Essential Cookies – Required for sign-in, authentication, and basic functionality.
  • Analytics Cookies – Google Analytics 4 helps us understand aggregate traffic patterns and improve user experience.
  • Advertising & Marketing Cookies – Meta Pixel (Facebook Pixel) and similar technologies from advertising platforms (Google Ads, etc.) are used for measurement services, marketing attribution, conversion tracking, and targeted advertising. These technologies may collect information about your browsing activity across websites to deliver relevant ads.
  • URL Tracking Parameters – We use URL parameters (such as "reflink" or UTM parameters) to track the effectiveness of our marketing campaigns and referral sources. These parameters help us understand which channels bring visitors to our site.

Your Choices: You can disable non-essential cookies in your browser settings. To opt out of targeted advertising specifically, visit:

Note that disabling advertising cookies will not stop you from seeing ads, but the ads may be less relevant to your interests.

2.5 Sources

We collect Personal Data directly from End Users (diners, drivers, restaurant staff, administrative users, and website visitors), from Restaurants that use the Services, from your devices and browsers (via SDKs, cookies, and similar tools), from payment processors that confirm payment status, from telephony providers that route calls and messages, and from messaging platforms (such as WhatsApp, Instagram, or similar) that facilitate AI agent conversations.

2.6 Notice at Collection (California)

The table below summarises the categories of Personal Data we collect, the business purposes for which we use them, the categories of third parties to whom we disclose them, and how long we keep them. We do not sell or share Personal Data for cross-context behavioural advertising under California law, and we do not process sensitive Personal Data for purposes requiring a right to limit its use.

Category (CPRA definition)ExamplesBusiness purposesDisclosed toRetention
IdentifiersName, email, phone, device IDs, restaurant IDAccount creation, authentication, support, communicationsClients, infrastructure providers, telephony carriers (Vonage or similar), messaging vendorsAs long as necessary to provide Services, comply with legal obligations, resolve disputes, and enforce agreements, or until deletion is requested
Customer recordsBilling contact, business address, order historyOrder processing, invoicing, fraud prevention, analyticsPayment processors, Clients, bookkeeping tools
Commercial informationOrders placed, subscription tier, delivery metricsProvide Services, customer success, forecastingClients, AI providers (OpenAI or similar), analytics platforms, payment processors
Internet activityLog data, IP, browser type, referral URLs, session events, URL tracking parameters (reflink, UTM), advertising cookies (Meta Pixel, Google Ads)Security, debugging, analytics, improving UX, marketing attribution, targeted advertisingInfrastructure providers, analytics platforms (Google Analytics), advertising platforms (Meta/Facebook, Google Ads)
Geolocation (coarse; precise location may be collected)City/state derived from IP; precise GPS the Driver App may collect during deliveries; delivery zonesDelivery dispatch and order tracking, route optimisation, fraud prevention, product localisationClients, mapping APIs
Audio/electronicAI Phone Agent call recordings, AI Chat Agents message logs, support calls, chat logsQuality assurance, dispute resolution, improving AI modelsAI providers (OpenAI or similar), speech-to-text services (Google Speech-to-Text, Deepgram, or similar), text-to-speech services (11 Labs or similar), telephony carriers (Vonage or similar), messaging platforms (WhatsApp, Instagram, or similar)
Professional informationRestaurant role, franchise affiliation, business licencesContract fulfilment, onboarding, compliance reviewsClients, onboarding partners
InferencesAggregated performance metrics.Improve routing, personalise dashboards, detect anomaliesClients (for their workforce), internal teams
Financial informationBank account numbers, routing numbers, tax IDs for reseller commission paymentsProcess commission payments, tax reporting complianceBanking partners (for ACH transfers), tax authorities (if required)7 years (tax and financial compliance) unless law requires longer

3 · How We Use Information

  • Create and manage accounts.
  • Process and deliver orders.
  • Calculate and process reseller commission payments.
  • Authenticate users and send real‑time notifications.
  • Send transactional—and, with your opt‑in, marketing—SMS/email.
  • Provide support and resolve disputes.
  • Improve, secure, and debug the Services.
  • Comply with legal obligations and enforce terms.

4 · When We Share Data

We never sell Personal Data. We share it only with:

  • Infrastructure – Google Cloud, Firebase, AWS S3, Vercel.
  • Payments – third-party PCI-compliant payment processors.
  • Banking Partners – financial institutions for processing reseller commission payments via ACH.
  • AI & Voice – OpenAI, 11 Labs, Google Speech-to-Text, Deepgram, or similar AI services.
  • Messaging – Vonage (or similar) for SMS delivery, WhatsApp Business API, Instagram Messaging API, or similar platforms for AI Chat Agent conversations.
  • Analytics & Advertising – Google Analytics 4 for aggregate traffic analysis, Meta (Facebook) Pixel, Google Ads, and similar advertising platforms for measurement services, marketing attribution, conversion tracking, and targeted advertising. These platforms may use cookies and tracking technologies to collect information about your browsing activity.
  • Clients – when you (as an End User) place an order, accept a delivery job, or use restaurant staff features, we share relevant data with the Client restaurant you're interacting with.
  • Resellers – we share Client payment history (including payment amounts, dates, and totals) with resellers for their referred Clients only, for commission calculation and reporting purposes.
  • Government authorities when legally required.

When we process End User data on behalf of a Client, we act as that Client's service provider (or similar role under state privacy laws). We use the data only to deliver, secure, and improve the Services or as required by law, and we do not sell or share it for cross-context behavioural advertising.

5 · Communications (SMS & Email)

Transactional. Order status, receipts, security alerts. Mandatory for service.

Marketing. Sent only with explicit consent (opt‑in checkbox, double‑opt‑in email, or texting JOIN). Reply STOP or use the unsubscribe link to opt out. Message & data rates may apply. We do not share your contact info with third‑party marketers. SMS opt-in data and consent information will not be shared with any third parties for advertising, marketing, or promotional purposes.

6 · Security

We use TLS encryption, bcrypt‑hashed passwords, least‑privilege access, and regular audits. No method is 100 % secure, but we work hard to protect your data.

7 · Data Retention

We retain Personal Data for as long as necessary to provide the Services, comply with legal obligations (such as tax and accounting requirements), resolve disputes, and enforce our agreements. When you request deletion of your Personal Data, we will delete it unless we are required to retain it by law or have a legitimate business need (such as an ongoing dispute or investigation). Specific retention periods for different data categories are available upon request by contacting [email protected].

8 · Your Rights

Your privacy rights depend on where you live. We respond to all legitimate requests, regardless of residency, to the extent required by law.

8.1 All Users

  • Access & Portability. Ask for a copy of the Personal Data we hold about you.
  • Correction. Request that we update inaccurate information.
  • Deletion. Ask us to delete Personal Data, subject to legal or contractual exceptions.
  • Objection & Restriction. Object to certain processing or opt out of marketing communications at any time.

8.2 California (CPRA) and Other U.S. State Rights

Residents of California, Colorado, Connecticut, Utah, and Virginia also have the following rights when those laws apply:

  • Right to Know. Receive details about the categories of Personal Data we collect, the sources, purposes, and who we disclose it to (see Section 2.6).
  • Right to Opt Out of Sale or Sharing. We do not sell or share Personal Data for cross-context behavioural advertising. If this changes, we will update this policy and provide a "Do Not Sell or Share" link.
  • Right to Correct Inaccuracies. Request that we fix incomplete or incorrect Personal Data.
  • Right to Delete. Ask us to delete Personal Data we collected from you, subject to the exemptions outlined by law.
  • Right to Limit Use of Sensitive Personal Information. We do not use or disclose sensitive Personal Data (such as precise location or biometric identifiers) for purposes requiring a limit request.
  • Right to Non-Discrimination. We will not deny services, charge different prices, or provide a different quality of service because you exercised a privacy right.
  • Right to Appeal (CO/CT/VA). If we deny your request, you may appeal by replying to our decision email. We will review and respond within 45 days.

8.3 Making a Request

Email [email protected] or call +1 (518) 940-4575 with your request. Please describe the right you wish to exercise and provide enough detail so we can locate your record. We verify your identity using account credentials, device verification, or other reasonable methods. Authorised agents may submit a request on your behalf if they provide written permission and we can verify your identity directly.

We aim to respond within 30 days (45 days for complex requests). If we need more time, we will explain why and when you can expect a response.

9 · Children's Privacy

Our Services aren't directed to children under 13. We don't knowingly collect data from them. If we discover such data, we delete it.

10 · Changes to This Policy

We may update this policy. We'll post the new version here and, if the changes are significant, notify you by email or in‑app alert.

11 · Contact

Questions about this policy or your privacy rights? Email [email protected] or call +1 (518) 940-4575.
AI Bunny Inc · 8 The Green STE B, Dover, DE 19901, United States