Skip to content
Order June

Privacy Policy

Effective 2026-04-20 · Order June is a product of Meria LLC (Delaware).

This policy describes what we collect when you and your customers use Order June, why we collect it, how long we keep it, and the choices available to you. Terms used here carry the meaning given in the Terms of Service.

Who the data is about

  • Merchant team members — your name, work email, role in the workspace. Authenticated via Supabase Auth.
  • Merchant configuration — menu, modifiers, tip settings, kiosk display names, shift profiles, webhook URLs.
  • Customers of the merchant — when tickets capture phone or email, these are stored against an opaque merchant-scoped customer record so the merchant can recognize returning customers on their own kiosks. These records are never surfaced to other merchants.
  • Operational telemetry — kiosk heartbeats, screen names, reader connection state, battery level, app version, anonymized performance traces via Sentry (with PII scrubbed per configuration), aggregate analytics via Plausible (no cookies, no cross-site tracking).

Why we process it

To operate the Service: authenticate admins, sync menu from Square, render kiosks, print kitchen tickets, route orders to the right prep station, run AI surfaces you opt into (copy generation, rewrite-in-my-voice, catalog advisor), deliver outbound webhooks, and honor subscription billing with Stripe.

Processors we rely on

  • Supabase (database + auth + storage + realtime)
  • Square (payments, catalog source of truth)
  • Stripe (subscription billing)
  • Anthropic (AI text surfaces you opt into)
  • OpenAI / Recraft (AI image generation for menu photos)
  • Sentry (error monitoring; PII scrubbed before send)
  • Plausible (cookie-free aggregate analytics)
  • Vercel (marketing site + admin hosting)

How long we keep it

Kiosk health snapshots roll off after 7 days. Order records are retained while your merchant subscription is active. Admin audit logs are retained for 2 years. On account cancellation we delete merchant data within 30 days unless retention is required by law (e.g., tax records).

Your choices

  • Access — owners can export every record tied to their merchant from the admin.
  • Delete — email privacy@orderjune.com to request workspace deletion. We honor confirmed requests within 30 days.
  • Sub-processor log — material changes to the list above are posted to the Terms changelog with at least 14 days notice before they take effect.

Security

Row-level security enforces tenant isolation on every database table. OAuth tokens are stored encrypted in Supabase Vault. Webhook signing secrets are service-role-only reads. All transport is TLS 1.2+.

Contact

Privacy questions go to privacy@orderjune.com. Data subject requests from EU/UK residents are handled via the same address.