Privacy Policy

SousLab provides restaurant menu data, restaurant metadata, chain-level aggregation, API access, bulk data snapshots, and related data services.

For privacy questions, contact hello@sendside.xyz.

We collect information you provide directly, information generated through your use of the Service, and limited information from service providers that help us operate SousLab.

Account information

When you create an account, we may collect:

• Email address.
• Password hash.
• Account ID.
• Authentication information.
• API key hashes.
• Plan, quota, and subscription status.
• Customer or organization name, if provided.

We do not store plaintext passwords or plaintext API keys after creation.

Billing information

For paid customers, billing is handled by Stripe. We may store:

• Stripe customer ID.
• Stripe subscription ID.
• Plan type.
• Subscription status.
• Billing email.
• Payment status.
• Invoice or transaction metadata.

We do not store full credit card numbers, CVV codes, or complete payment card details on our servers.

API usage information

When you use the API, we may log:

• Timestamp.
• Endpoint path.
• HTTP method.
• Status code.
• Latency.
• Response size.
• Customer ID or account ID.
• Request ID.
• Quota usage.
• Rate-limit events.
• Error events.

According to our current data handling approach, we do not log API request bodies or response bodies in standard gateway logs.

Website and dashboard information

When you visit the website or use the dashboard, we may collect:

• IP address.
• Browser type.
• Device information.
• Pages viewed.
• Referring pages.
• Approximate location derived from IP address.
• Session events.
• Authentication and security events.
• Error and performance data.

Communications

If you contact us, we may collect:

• Name.
• Email address.
• Company name.
• Message content.
• Support requests.
• Sales inquiries.
• Contract or procurement details.

We use collected information to:

• Provide, operate, and maintain the Service.
• Authenticate users and secure accounts.
• Generate, validate, and manage API keys.
• Track usage, quotas, rate limits, and billing status.
• Process subscriptions and payments.
• Provide customer support.
• Monitor uptime, performance, abuse, fraud, and security.
• Debug errors and improve reliability.
• Communicate with you about your account, subscription, product updates, or support requests.
• Enforce our Terms of Service.
• Comply with legal obligations.
• Improve the Service, documentation, datasets, and user experience.

We do not sell your personal information.

We do not share your personal information for third-party advertising.

We may share information with service providers that help us operate SousLab, including providers for:

• Hosting and infrastructure.
• Authentication and database services.
• Payment processing.
• Email delivery.
• Monitoring and error tracking.
• Logging and analytics.
• Customer support and communication.

Current service providers may include Supabase, Stripe, Vercel, Resend, Sentry, and PrettyInsights.

These providers process information only as needed to provide services to SousLab, subject to their own terms and privacy commitments.

We may also share information:

• If required by law, subpoena, court order, legal process, or government request.
• To protect the rights, safety, property, or security of SousLab, our users, partners, or others.
• To investigate fraud, abuse, security incidents, or Terms violations.
• In connection with a merger, acquisition, financing, restructuring, asset sale, or similar business transaction.
• With your consent or at your direction.

SousLab may retain standard API gateway logs for up to 90 days, unless a different retention period is required for security, legal, operational, or enterprise contract reasons.

Logs may include metadata about API requests, but standard logs do not include request or response bodies.

We may retain certain records longer where necessary for:

• Billing.
• Tax compliance.
• Security investigations.
• Fraud prevention.
• Legal obligations.
• Dispute resolution.
• Enterprise contract requirements.
• Backup and disaster recovery.

SousLab may use cookies, local storage, session storage, and similar technologies to:

• Keep you signed in.
• Manage sessions.
• Remember preferences.
• Secure accounts.
• Analyze site performance.
• Understand product usage.
• Prevent abuse.

You can control cookies through your browser settings. Disabling cookies may affect login, dashboard functionality, or other parts of the Service.

We use reasonable technical and organizational measures to protect information, including:

• Password hashing.
• API key hashing.
• Access controls.
• Infrastructure monitoring.
• Secure payment processing through Stripe.
• Logging and error monitoring.
• Limited access to operational systems.

No method of transmission or storage is 100% secure. We cannot guarantee absolute security.

You are responsible for keeping your account credentials and API keys secure.

SousLab’s core dataset may include restaurant names, addresses, menus, prices, cuisine categories, item names, chain affiliations, and related commercial information.

This information generally relates to businesses, not private individuals. However, if business data includes personal information, we process it only as needed to provide and improve the Service and comply with applicable laws.

SousLab may process information in the United States or other countries where we or our service providers operate.

By using the Service, you understand that your information may be transferred to and processed in countries that may have different data protection laws than your country of residence.

Depending on where you live, you may have rights to:

• Access personal information we hold about you.
• Correct inaccurate information.
• Request deletion of personal information.
• Object to or restrict certain processing.
• Request a copy of your information.
• Withdraw consent where processing is based on consent.
• Appeal a denied privacy request, where applicable.

To make a request, contact hello@sendside.xyz.

We may need to verify your identity before completing your request.

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act may provide additional rights.

SousLab does not sell personal information and does not share personal information for cross-context behavioral advertising.

Categories of personal information we may collect include:

• Identifiers, such as email address, account ID, IP address, and customer ID.
• Commercial information, such as subscription plan and billing status.
• Internet or network activity, such as API usage, endpoint access, and website interactions.
• Approximate geolocation derived from IP address.
• Professional or company information, if you provide it.
• Inferences related to product usage, plan fit, or support needs.

We use this information for the business purposes described in this Privacy Policy.

California residents may contact us at hello@sendside.xyz to exercise their rights.

SousLab is not intended for children under 13, and we do not knowingly collect personal information from children.

If you believe a child has provided personal information to us, contact us and we will take appropriate steps to delete it.

We may send you transactional emails related to your account, billing, API usage, security, support, or Service changes.

We may also send product or marketing emails if permitted by law. You may unsubscribe from marketing emails, but you may still receive transactional or account-related messages.

You may request account deletion by contacting hello@sendside.xyz.

We may retain certain information where necessary to comply with legal obligations, resolve disputes, prevent abuse, enforce agreements, maintain security, or keep required business records.

We may update this Privacy Policy from time to time. If changes are material, we may notify you through the website, dashboard, email, or other reasonable means.

Your continued use of the Service after the updated Privacy Policy becomes effective means you accept the revised policy.

For privacy questions or requests, contact hello@sendside.xyz.