Privacy & Cookie Policy

Effective May 29, 2026

MOREPLAN LLC PRIVACY AND COOKIE POLICY

EXECUTIVE SUMMARY

Moreplan LLC ("Moreplan," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal data when you use our services (the "Subscription Service" or "Service"), visit our websites (including moreplan.ai and related sites), or otherwise interact with us.

Key Points:

  • We act as a Controller (meaning the entity that determines the purposes and means of processing Personal Data) when you provide Personal Data directly to us (e.g., when creating an account)
  • We act as a Processor (or "service provider") when our customers use our Service to process their end users' data
  • We implement robust security measures to protect your data
  • You have specific rights regarding your personal data, which vary by jurisdiction
  • We may transfer data internationally with appropriate safeguards in place
  • We use cookies and similar technologies; your rights and choices, and full details of our cookie practices including our Cookie Policy, are set out in Section 7 of this Policy
  • We do not sell your personal data for monetary or other valuable consideration as defined under applicable privacy laws
  • We maintain comprehensive records of our personal data processing activities as part of our privacy governance program
  • In the event of a data breach, we will notify affected individuals and relevant authorities in compliance with applicable U.S. state breach notification laws
  • We conduct regular privacy training for all employees with access to personal data

For detailed information, please read the full policy below. If you have questions, please contact us at privacy@moreplan.ai.

TABLE OF CONTENTS

  • DATA CONTROLLER VS. PROCESSOR ROLES
  • WHAT INFORMATION WE COLLECT AND PROCESS
  • HOW WE USE PERSONAL DATA
  • HOW WE SHARE PERSONAL DATA
  • HOW WE STORE AND SECURE PERSONAL DATA
  • DATA SECURITY
  • COOKIES AND SIMILAR TECHNOLOGIES (INCLUDING COOKIE POLICY)
  • YOUR PRIVACY RIGHTS AND CHOICES
  • STATE-SPECIFIC PRIVACY RIGHTS
  • CHILDREN'S PRIVACY
  • THIRD-PARTY WEBSITES AND SERVICES
  • GOOGLE PRODUCT INTEGRATIONS
  • CHANGES TO THIS PRIVACY POLICY
  • ACCESSIBILITY
  • DATA PROTECTION GOVERNANCE
  • DISPUTE RESOLUTION AND GOVERNING LAW
  • CONTACT US

1. DATA CONTROLLER VS. PROCESSOR ROLES

Moreplan acts in different roles depending on the context in which personal data is processed:

1.1. Business Role: Moreplan acts as a business under applicable U.S. state privacy laws when you provide personal data directly to us – for example, by creating an account, subscribing to our Service, visiting our websites, contacting sales or support, or attending a Moreplan event or webinar. In these cases, we determine the purposes and means of processing your personal data. We use this information to provide and administer our services, communicate with you, improve and promote our offerings, and for other legitimate business purposes as described in this Policy.

1.2. Service Provider Role: Moreplan acts as a service provider under applicable U.S. state privacy laws on behalf of our customers when they use our Service to store, manage, or process personal data about their contacts, leads, or end users in connection with their own business activities. In this context, the customer is the business and Moreplan processes such Customer Data only on the customer's instructions and in accordance with our Customer Terms of Service (available at https://moreplan.ai/toc). Our customers are responsible for providing any necessary notices and obtaining any required consents from individuals before submitting their personal data to the Service.

For purposes of this Privacy Policy, "Personal Data" (or "personal information") means any information that relates to an identified or identifiable individual. This may include, but is not limited to, name, email address, postal address, phone number, and online identifiers.

2. WHAT INFORMATION WE COLLECT AND PROCESS

We collect various types of information from and about you depending on how you interact with us and our Service:

Moreplan is committed to the principle of data minimization. We collect and process only the Personal Data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. We do not collect Personal Data on a speculative basis for potential future use. We regularly review the categories of data we collect to ensure they remain necessary and proportionate to the stated purposes.

2.1 Information You Provide to Moreplan

We collect Personal Data that you voluntarily provide to us when interacting with Moreplan websites or using our Service:

2.1.1. Website Visitors and Contact Requests

  • Name, work email address, phone number
  • Job title, company name, industry
  • Mailing address or other contact details
  • Information provided in forms (demo requests, content downloads, support inquiries)
  • Marketing preferences and communication history

2.1.2. Account Registration and User Information

  • Name, email address, username, password
  • Contact details and profile information
  • Company information and business details
  • User roles and permissions
  • Authentication credentials

2.1.3. Payment and Billing Information

  • Billing name and address
  • Payment method details (e.g., last four digits of credit card, payment card type)
  • Financial account information (handled securely by our payment processors)
  • Billing history and subscription details
  • Tax information where required

2.1.4. Communications and Support

  • Email correspondence and chat transcripts
  • Support tickets and issue descriptions
  • Call recordings (with your express verbal or written consent)
  • Feedback and survey responses
  • Testimonials and reviews (with your consent)

2.2 Information We Process on Behalf of Customers

Customers use the Service to plan and manage daily restaurant operations, including the assignment of workers to floor plan sections and the matching of workers to specific guest reservations. Customer determines what data to upload or otherwise input, and Moreplan processes that data on Customer’s behalf in accordance with Customer’s instructions and the Terms of Service. Customer Data typically includes the following categories of Personal Data relating to Customer’s workers and to Customer’s guests:

  • Worker identification and contact information (for example, name, employee or payroll identifier, work email, and phone number)
  • Worker role and shift data (for example, position such as server, back server, runner, host, bartender, or manager; shift start and end times; and cut history, including whether a cut was initiated by the employee or by the employer)
  • Worker performance tier ratings assigned by Customer (for example, Tier 1, Tier 2, or Tier 3), free-text notes recorded by Customer about the worker (which may include traits Customer uses to match workers to guest needs, such as language ability), and the worker’s section and table assignment history retained for the purpose of measuring equitable rotation across shifts (the “fairness ledger”)
  • Guest and reservation data, typically imported from Customer’s reservation system (such as SevenRooms or OpenTable), including guest name, party size, reservation date and time, assigned table, contact information when provided by the reservation source, VIP designation, Customer-applied tags (for example, “Anniversary,” “Celebration,” or “Repeat Guest”), and free-text reservation notes (which may be processed by AI Features to identify guest preferences and match guests to appropriate workers, as further described in Section 3.7)
  • Operations data, including floor plan configurations, table properties and combinations, generated and manually adjusted server-to-section assignments, cover counts and walk-in projections, Customer-defined staffing par thresholds, and fairness scoring metrics derived from assignment history (collectively retained as a date-stamped historical record for the purpose of supporting Customer’s recordkeeping and legal-defensibility needs)
  • Any other information customers choose to include

We refer to this as "Customer Data." Moreplan processes Customer Data solely on behalf of the customer according to their documented instructions. We generally have no direct relationship with the individuals whose Personal Data is contained in Customer Data. While the customer is primarily responsible for ensuring lawful collection and processing, providing appropriate notices, and handling data subject requests, including any notices or consents required of Customer’s workers and guests under applicable employment, biometric, and consumer privacy laws before submitting their Personal Data to the Service, Moreplan will cooperate with and assist customers in fulfilling these obligations as required by applicable law and our contractual commitments.

2.3 Information We Collect When You Use the Service

When you interact with the Moreplan Service, we automatically collect certain information:

2.3.1. Usage Data

  • Features and modules accessed
  • Pages or screens visited
  • Time, date, and duration of interactions
  • Actions taken (e.g., creating proposals, updating records)
  • Frequency and patterns of use
  • Performance metrics and analytics

2.3.2. Device and Log Data

  • Internet Protocol (IP) address
  • Browser type, version, and language
  • Device type, operating system, and device identifiers
  • Screen resolution and settings
  • Geographic location (country, region, city)
  • Internet service provider
  • Entry/exit pages and referral URLs
  • Search terms used to reach our site
  • Error logs and crash reports

2.3.3. Mobile Application Data (if applicable)

  • Mobile device identifiers
  • Device model and manufacturer
  • Operating system type and version
  • App version and update information
  • Mobile network information
  • Device permissions and settings

2.3.4. Third-Party Integration Data

  • Information from connected third-party services (with your authorization)
  • API access and usage statistics
  • Connection status and syncing information
  • Authentication tokens (securely stored)
  • Integration configuration settings

2.4 Information We Collect from Other Sources

We may obtain information about you from other sources to supplement the information you provide:

2.4.1. Partners and Resellers

  • Contact information from referral partners
  • Business details from authorized resellers
  • Account information from implementation partners
  • Integration data from technology partners

2.4.2. Public Sources

  • Professional information from company websites
  • Business contact details from professional directories
  • Public profiles on LinkedIn or similar platforms
  • Industry information and affiliations
  • Public company information

2.4.3. Third-Party Services

  • Updated contact information from data providers
  • Market research and business intelligence
  • Advertising and marketing analytics
  • Event registration information

2.5 Sensitive or Incidental Personal Data Submitted Through Free-Text Fields

In the course of providing the Service, Moreplan may incidentally process information that constitutes “sensitive personal data” under applicable U.S. state privacy laws (including Tex. Bus. & Com. Code § 541.001(29)) when such information appears in free-text fields imported from Customer’s reservation systems, in Customer-maintained notes about workers, or in other free-text inputs to the Service. For example, a guest may include in a reservation note a dietary restriction that implies religious affiliation or a health condition, an accessibility need that implies a physical condition, or a language preference that implies national origin. Moreplan does not solicit, derive inferences from, or use this information for any purpose other than to provide the Service in accordance with Customer’s instructions, and does not use this information for advertising, profiling that produces legal or similarly significant effects, or any purpose beyond providing the Service. Customer is responsible for instructing its workers and guests not to submit sensitive information that is not necessary for service delivery, and for obtaining any consent required by applicable law (including Tex. Bus. & Com. Code § 541.101(b)(2) where applicable) before submitting sensitive information to the Service.

3. HOW WE USE PERSONAL DATA

We use the Personal Data we collect for the following purposes:

3.1. To Provide and Manage the Service

  • Create and maintain your account
  • Authenticate users and secure access
  • Provide the features and functions you request
  • Process payments and manage subscriptions
  • Provide customer support and troubleshooting
  • Facilitate communication between users
  • Maintain service records and documentation

3.2. To Improve and Develop Our Products

  • Analyze usage patterns and feature adoption
  • Identify and resolve technical issues
  • Develop new features and enhancements
  • Conduct research and product development
  • Test and optimize performance
  • Gather feedback and measure satisfaction

3.3. To Communicate With You

  • Send service-related notices and updates
  • Provide essential account information
  • Respond to your inquiries and requests
  • Deliver support and technical assistance
  • Send confirmation emails and notifications
  • Share product tips and best practices

3.4. For Marketing and Promotional Purposes (with your consent where required)

  • Send newsletters and content updates
  • Provide information about products and features
  • Invite you to events and webinars
  • Deliver promotional offers and incentives
  • Conduct surveys and gather feedback
  • Create custom audiences for advertising

3.5. To Maintain Security and Prevent Fraud

  • Verify identity and authenticate access
  • Monitor for suspicious or unauthorized activity
  • Detect and prevent security breaches
  • Protect against fraud and abuse
  • Enforce our Terms of Service and policies
  • Maintain audit logs and security records

3.6. To Comply With Legal Obligations

  • Meet regulatory requirements
  • Respond to legal requests and proceedings
  • Establish, exercise, or defend legal claims
  • Maintain required business records
  • Conduct audits and investigations
  • Enforce our agreements and policies

3.7. Artificial Intelligence and Machine Learning

Moreplan may use artificial intelligence (AI) and machine learning (ML) technologies in certain aspects of our Service (referred to in this Policy and our Terms of Service as “AI Features”):

  • How We Use AI/ML: Moreplan uses AI/ML technologies within the Service to: (i) generate suggested server-to-section assignments based on factors selected by Customer (such as reservation volume by time block, worker performance tier ratings, worker shift start times, and prior assignment history); (ii) parse free-text reservation notes imported from Customer’s reservation system in order to identify guest preferences (such as occasion, dietary restrictions, accessibility needs, or language preference) and to suggest worker matches to specific guests; (iii) parse uploaded floor plan documents and images to identify table objects and their properties; and (iv) compute fairness metrics reflecting the distribution of assignments across workers over time.
  • Types of Data Used: These systems are trained and operated using:
  • Anonymized and aggregated usage patterns
  • Non-personal technical data
  • User interactions with features (with consent where required)
  • In some cases, Customer Data when explicitly configured by the Customer
  • AI Service Providers: To deliver the AI Features described above, Moreplan relies on third-party service providers, including, at minimum, large language model (LLM) providers, embedding providers, image OCR providers (used to parse uploaded floor plan documents), vector storage providers, and the hosting infrastructure providers underlying the foregoing. These providers process Customer Data on Moreplan’s behalf under written agreements that restrict their use of such data to providing services to Moreplan, prohibit their use of identifiable Customer Data to train general-purpose AI models that benefit other customers, and require appropriate security measures. Moreplan will notify Customer of any material change to the categories of AI service providers it uses.
  • Opt-Out Rights: Where AI/ML features process your Personal Data for purposes beyond basic service provision:
  • You will receive clear notice before such processing occurs
  • You can opt out via your account settings or by contacting us
  • Opting out will not affect core functionality of the Service
  • Algorithmic Decision-Making: We do not make fully automated decisions with legal or similarly significant effects without human oversight. Any automated decision-making is subject to appropriate safeguards, including human review, testing for bias, explanation of logic used, and the right to contest the outcome.

Certain AI Features described above involve “profiling” within the meaning of applicable U.S. state privacy laws, including the Texas Data Privacy and Security Act (Tex. Bus. & Com. Code § 541.001(23)). Specifically, the Service generates suggested worker-to-section assignments and computes fairness scores using inputs that include Customer’s performance tier ratings and worker shift data. These suggestions are produced to assist Customer’s manager in creating a daily floor plan; the manager retains full authority to accept, modify, or override any suggestion before the floor plan is finalized, and no employment decision is made solely on the basis of Moreplan’s output. Where a worker or other affected individual wishes to exercise rights to opt out of profiling under applicable law, that request should be directed to the Customer that controls the underlying data; Customers may contact privacy@moreplan.ai for assistance responding to such requests.

  • Model Ownership: Any AI models developed using our data are owned by Moreplan. This ownership does not affect your Personal Data rights, which remain fully protected under applicable privacy laws. Any Personal Data used in model training will be processed in accordance with our Terms of Service and applicable privacy regulations.

4. HOW WE SHARE PERSONAL DATA

We do not sell your Personal Data to third parties for monetary consideration. However, we may share your Personal Data in the following circumstances:

4.1. Service Providers

We share data with trusted third-party service providers who perform services on our behalf, such as:

  • Cloud hosting and infrastructure providers
  • Payment processors and billing services
  • Email delivery and communication platforms
  • Customer support and help desk tools
  • Analytics and performance monitoring
  • Marketing automation platforms
  • Security and fraud prevention services
  • Artificial intelligence service providers, including large language model (LLM) providers, embedding providers, image OCR providers (used to parse uploaded floor plan documents), vector storage providers, and the hosting infrastructure providers underlying the foregoing, as further described in Section 3.7
  • Reservation system and workforce management platform integrations that Customer enables (such as SevenRooms, OpenTable, Harri, 7Shifts, or HotSchedules), through which Moreplan receives the guest and worker data Customer instructs it to import

These providers are contractually obligated to use Personal Data only for the purposes of providing services to us and to maintain appropriate security measures.

4.2. Business Partners

We may share limited information with our business partners:

  • Referral partners (when you came through their referral)
  • Resellers or channel partners that support your account
  • Integration partners when you enable their services
  • Implementation consultants with your permission
  • Co-marketing partners (with your consent)

Partner sharing is limited to what is necessary for the specific business relationship.

4.3. With Your Consent

We may share Personal Data with third parties when you explicitly consent to such sharing, such as:

  • When you choose to enable third-party integrations
  • When you participate in testimonials or case studies
  • When you elect to share information publicly
  • When you direct us to share your information

4.4. Corporate Transactions

If Moreplan is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of company assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your Personal Data through our website or by direct communication.

4.5. Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court order, government request). We may also disclose information if we believe in good faith that disclosure is necessary to:

  • Comply with legal obligations
  • Protect and defend our rights or property
  • Prevent or investigate possible wrongdoing
  • Protect the personal safety of users or the public
  • Protect against legal liability

4.6. Aggregated or De-identified Data

We may share aggregated or de-identified information, which cannot reasonably be used to identify you, with third parties for research, marketing, analytics and other purposes, provided such information does not identify you.

5. HOW WE STORE AND SECURE PERSONAL DATA

Moreplan is headquartered in the United States and stores and processes all Personal Data on servers located within the United States. By using our Service, you understand that your Personal Data will be stored and processed in the United States. Customers with specific contractual data storage requirements should contact us at privacy@moreplan.ai to discuss available options.

6. DATA SECURITY

6.1. Data Security Implementation

Moreplan implements and maintains appropriate technical and organizational security measures designed to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction. These measures include:

  • Encryption of data in transit using TLS 1.2+ protocols
  • Encryption of sensitive data at rest using AES-256 encryption
  • Network security controls including firewalls and intrusion detection
  • Multi-factor authentication for administrative access
  • Regular security assessments and penetration testing
  • Access controls based on the principle of least privilege
  • Regular security awareness training for personnel
  • Physical security measures for our facilities and equipment
  • System monitoring and logging of access and activities
  • Incident response procedures and recovery capabilities
  • Privacy by design in system development
  • Regular backups with secure storage
  • Vendor security assessments for third-party providers

Relevant Moreplan employees undergo mandatory privacy and security training upon hiring and at least annually thereafter. This training covers data protection laws, secure handling of personal data, recognizing and reporting security incidents, and our internal privacy policies and procedures.

While we implement industry-standard safeguards and regularly update our security measures, no security system is impenetrable. We implement reasonable technical and organizational measures to protect your data, but the transmission of information via the internet carries inherent risks. Any transmission is at your own risk, though we maintain cyber liability insurance and incident response procedures to address potential security incidents.

6.2. Data Retention

We retain Personal Data for as long as necessary to provide the services you have requested, comply with our legal obligations, resolve disputes, and enforce our agreements:

  • Account Data: We keep your account information for as long as your account is active, plus a defined period after account closure to comply with legal requirements and handle any post-termination matters.
  • Customer Data: We retain Customer Data according to our agreement with the customer and delete or return it as specified in our Terms of Service. Specific sub-categories of Customer Data (such as worker data, guest and reservation data, operations data, and worker assignment history maintained as a fairness ledger) may have different default or Customer-instructed retention periods; see the retention table below.
  • Marketing Data: We retain marketing information until you opt-out or request deletion, after which we may maintain minimal records to honor your preferences.
  • Usage Data: We retain usage data for a limited period (typically 12-24 months) to support security, troubleshooting, and service improvement.
  • Legal Requirements: We may retain certain data for longer periods if required by law, for tax purposes, accounting, or to comply with other legal obligations.

Specific retention periods for different data categories are listed in the table below:

Data CategoryTypical Retention PeriodRetention Basis
Account InformationDuration of account + 7 yearsLegal obligation, contract performance
Payment RecordsDuration of account + 7 yearsTax and accounting requirements
Customer DataPer customer agreementCustomer instruction, contract terms
Usage Logs12-24 monthsSecurity, service improvement
Marketing DataUntil opt-out + 3 yearsBusiness purpose, consent
Communication RecordsDuration of relationship + 2 yearsSupport, legal protection
Website Logs90 daysSecurity, performance analysis
Biometric Data (if any)Duration of specific purpose + 3 yearsExplicit consent, specific purpose
Worker Assignment History & Fairness LedgerDuration of Customer relationship + 1 year (or longer if directed by Customer for legal-defensibility purposes)Customer instruction; rotation fairness documentation

When Personal Data is no longer needed, we will securely delete or anonymize it in accordance with our data retention policies, unless retention is required by applicable law or legitimate business purposes.

6.3. Data Breach Notification

In the event of a confirmed breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, Personal Data, we will:

  • Notification Timeline: Notify affected individuals and relevant authorities as required by applicable U.S. state breach notification laws, no later than seventy-two (72) hours after becoming aware of a breach. For Texas residents, notification will be made without unreasonable delay and no later than sixty (60) days after the date on which we determine that the breach occurred, in accordance with Tex. Bus. & Com. Code § 521.053, except as necessary to determine the scope of the breach and restore reasonable integrity of the data system, or as delayed at the request of a law enforcement agency. If the breach affects 250 or more Texas residents, we will also notify the Texas Attorney General no later than the time individual notifications are sent, using the electronic reporting portal maintained by the Attorney General’s office. For residents of other states, we will comply with the notification timelines required by each applicable state’s breach notification statute, provided that in no event will notification be made later than seventy-two (72) hours after we become aware of the breach where required by applicable law or our contractual commitments.
  • Notification Content: Our notification will include at minimum:
  • The nature of the breach
  • Categories and approximate number of individuals affected
  • Categories and approximate number of data records concerned
  • Name and contact details of our privacy contact point
  • Description of likely consequences of the breach
  • Description of measures taken or proposed to address the breach
  • Recommendations for affected individuals to mitigate potential adverse effects
  • Ongoing Assessment: We maintain an internal breach response team that assesses the severity of any data incident according to a formal risk assessment methodology.
  • Documentation: We document all breaches of Personal Data, including the facts relating to the breach, its effects, and the remedial action taken, regardless of whether notification was required.
  • Post-Incident Review: Following any data security incident, we conduct a thorough review to identify root causes and implement preventative measures.

7. COOKIES AND SIMILAR TECHNOLOGIES

7.1. Cookies and Tracking Technologies

Moreplan uses cookies and similar tracking technologies (such as web beacons, pixels, and device identifiers) to automatically collect certain information when you visit our websites or use our Service. This Section 7 constitutes our Cookie Policy and provides complete information about these technologies, how we use them, and your choices regarding them. If you have questions about our use of cookies, please contact us at privacy@moreplan.ai.

7.2. Types of Cookies We Use

We classify cookies into the following categories:

  • Strictly Necessary Cookies: Essential for the basic functionality of our websites and services
  • Functional Cookies: Remember your preferences and settings to enhance your experience
  • Performance/Analytics Cookies: Help us understand how visitors interact with our site
  • Targeting/Advertising Cookies: Used to deliver relevant ads and track campaign effectiveness

7.3. Your Cookie Choices

You have the right to decide whether to accept or reject cookies (except Strictly Necessary cookies). You can exercise your cookie preferences through:

  • Our cookie consent banner when you first visit our site
  • Our cookie preference center accessible via the footer of our website
  • Your browser settings (to control cookies at the browser level)
  • Industry opt-out pages for interest-based advertising

7.4. Third-Party Identifiers

In addition to cookies, various third parties may place and read identifiers on your device for advertising, analytics, and functionality purposes:

  • Advertising IDs: Mobile devices use advertising identifiers (Apple's IDFA, Google's Advertising ID) that allow apps and advertisers to track user activity for advertising purposes while providing user control.
  • Pixel Tags: Transparent images embedded in web pages or emails that collect information about your device, browsing activity, and email engagement. We use pixels from services like Google Analytics, Facebook, and LinkedIn.
  • Local Storage: HTML5 local storage allows websites to store larger amounts of data on your device than cookies. We use local storage for improving site performance and user experience.
  • Device Fingerprinting: Your device's unique combination of settings, installed fonts, plugins, and other technical characteristics can create a "fingerprint" that might be used for identification across websites.
  • Cross-Site Tracking: Some third parties may attempt to recognize you across different websites or services using various identifiers or combinations of identifiers.

For each type of identifier, you have specific opt-out options:

  • For mobile advertising IDs, use your device privacy settings (iOS: Settings > Privacy > Tracking; Android: Settings > Privacy > Ads)
  • For third-party pixel tracking, use browser privacy settings and ad blockers
  • For local storage, clear your browser's cache and local storage
  • For device fingerprinting, consider using privacy-focused browsers and extensions

We honor Global Privacy Control ("GPC") signals from browsers and extensions that support this feature.

7.5. Cookie Inventory

The following describes the primary categories of cookies used on our websites and Service, along with their purpose and typical lifespan. Specific cookie names may change as we update our technologies and third-party services. Our cookie preference center (accessible via our website footer) provides a real-time list of all active cookies.

Strictly Necessary Cookies: Essential for the operation of our websites and Service and cannot be disabled in our systems. Examples include session authentication tokens, security cookies (e.g., CSRF protection tokens), load-balancing cookies, and cookies that store your cookie consent preferences. Provider: Moreplan. Typical lifespan: Session-based or up to 12 months.

Functional Cookies: Allow our websites and Service to remember choices you make - such as language preferences, saved settings, and accessibility options - to provide enhanced features and a more personalized experience. Provider: Moreplan and selected third parties. Typical lifespan: Up to 12 months.

Performance and Analytics Cookies: Collect information about how visitors use our websites and Service, including pages visited, time spent, and errors encountered. We use services such as Google Analytics and similar platforms to aggregate and analyze this data to improve our Service. Provider: Google Analytics and other analytics providers. Typical lifespan: Up to 24 months.

Targeting and Advertising Cookies: Used to deliver advertisements relevant to your interests and to measure the effectiveness of advertising campaigns. These cookies may be placed by third-party advertising platforms including Google Ads, Facebook (Meta), and LinkedIn. They may track your activity across websites and build a profile of your interests for advertising purposes. Provider: Google, Meta, LinkedIn, and other advertising partners. Typical lifespan: Up to 13 months.

7.6. Legal Basis for Using Cookies

We rely on the following legal bases for setting cookies: (a) Strictly Necessary Cookies are set on the basis of our legitimate interest in providing a functioning website and Service, or as strictly necessary to deliver a service you have requested - no consent is required for these cookies; (b) Functional, Performance/Analytics, and Targeting/Advertising Cookies are set on the basis of your consent, obtained through our cookie consent banner or preference center. Where required by applicable U.S. state law (including the CPRA), we treat the use of Targeting/Advertising Cookies as a form of "sharing" personal data for cross-context behavioral advertising, and you have the right to opt out as described in Sections 8.4 and 9 of this Policy.

7.7. Cookie Consent and Withdrawal of Consent

When you first visit our website, we present you with a cookie consent banner allowing you to accept or reject non-essential cookie categories. Your preferences are stored and respected for future visits. You may review and update your cookie preferences at any time by accessing the cookie preference center in the footer of our website.

You may withdraw your consent to non-essential cookies at any time by: (a) updating your selections in our cookie preference center; (b) clearing cookies and local storage through your browser settings (note that this will also delete cookies placed by third parties); or (c) contacting us at privacy@moreplan.ai. Withdrawal of consent will not affect the lawfulness of any cookie-based processing carried out prior to withdrawal. Please note that disabling certain cookies may affect the functionality or availability of features within our Service.

7.8. Cookie Retention Periods

Cookies are retained for varying periods depending on their type and purpose: (a) Session Cookies are temporary and are automatically deleted when you close your browser; (b) Persistent Cookies remain on your device until their expiry date or until you delete them manually. Strictly Necessary and Functional Cookies are typically retained for up to 12 months; Performance and Analytics Cookies for up to 24 months; and Targeting and Advertising Cookies for up to 13 months. You may delete cookies at any time through your browser settings, though doing so may affect your experience on our websites and Service.

7.9. Cross-Device Tracking

We and our third-party analytics and advertising partners may link information collected about your activity on our Service across different devices (for example, your desktop computer and mobile device) to provide a consistent and personalized experience. This may involve associating device identifiers or using your account login as a linking mechanism. You may opt out of cross-device tracking by adjusting your account privacy settings, updating your cookie preferences in our preference center, or contacting us at privacy@moreplan.ai.

7.10. Cookie Policy Updates

This Cookie Policy forms part of our Privacy and Cookie Policy and may be updated from time to time to reflect changes in the cookies and similar technologies we use, or for operational, legal, or regulatory reasons. Material changes will be communicated as described in Section 13 of this Privacy Policy. The "Last Updated" date at the top of this document reflects the most recent revision to both this Cookie Policy and the Privacy Policy as a whole.

8. YOUR PRIVACY RIGHTS AND CHOICES

Depending on the U.S. state in which you reside, you may have certain rights regarding your Personal Data under applicable U.S. federal and state privacy laws. We honor all data protection rights afforded to individuals under applicable U.S. law.

8.1. Access and Portability

You have the right to request:

  • Confirmation of whether we process your Personal Data
  • Access to your Personal Data
  • Information about how we process your data
  • A copy of your Personal Data in a structured, commonly used, and machine-readable format

For data portability requests, we will provide your data in a standard format (such as CSV, JSON, or XML) that can be imported into other systems.

8.2. Correction and Updating

You have the right to request correction of inaccurate Personal Data or completion of incomplete data. You can update certain information directly through your account settings or by contacting us.

8.3. Deletion and Restriction

You have the right to request:

  • Deletion of your Personal Data (subject to certain exceptions)
  • Restriction of processing while we verify or investigate your concerns
  • Withdrawal of your consent, where processing is based on consent

8.4. Objection and Automated Decisions

You have the right to:

  • Opt out of the sale, sharing, or use of Personal Data for targeted advertising or profiling, as permitted under applicable U.S. state law
  • Object to direct marketing at any time
  • Opt out of profiling in furtherance of decisions that produce legal or similarly significant effects, where such right is available under your state's applicable privacy law

8.5. How to Exercise Your Rights

To exercise any of these rights, please:

  • Email us at privacy@moreplan.ai
  • Write to us at the address in the Contact Us section
  • Use the specific rights management tools in your account

We will respond to legitimate requests as soon as practicable and in accordance with applicable law (typically within 30-45 days). We may request specific information to verify your identity before fulfilling your request. In some cases, we may have legal grounds to deny or limit the scope of your request, in which case we will explain our reasoning.

8.6. Unsubscribing from Communications

You can unsubscribe from our marketing communications at any time by:

  • Clicking the "unsubscribe" link in any marketing email
  • Adjusting your communication preferences in your account
  • Contacting us at privacy@moreplan.ai

Even if you opt out of marketing, you will still receive transactional communications related to your account and the Service.

8.7. Do Not Track

Some browsers have "Do Not Track" ("DNT") features. Because there is not yet a common understanding of how to interpret DNT signals, we do not currently respond to them. You can use other tools described in this policy to control data collection and use.

9. STATE-SPECIFIC PRIVACY RIGHTS

9.1. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with specific rights:

  • Right to Know: You can request disclosure of categories and specific pieces of Personal Information we have collected, the sources of collection, business purposes, and categories of third parties with whom we share the information.
  • Right to Delete: You can request deletion of your Personal Information, subject to certain exceptions.
  • Right to Correct: You can request correction of inaccurate Personal Information.
  • Right to Opt-Out of Sale/Sharing: While we do not sell Personal Information for monetary consideration, some of our advertising and analytics activities might be considered "sharing" under the CPRA. You can opt out of this sharing for cross-context behavioral advertising through our privacy preferences center by emailing privacy@moreplan.ai or as described in Section 8.5. If you opt out, there is the possibility that you will also no longer be eligible to use one or more of our Services.
  • Right to Limit Use of Sensitive Personal Information: You can direct us to limit the use of sensitive personal information to what is necessary for the service.
  • Opt-In Process for Sensitive Personal Information: Before collecting or processing any sensitive personal information beyond what is strictly necessary to provide the Service, we will present you with a clear and conspicuous opt-in consent request. Such request will identify: (a) the specific categories of sensitive information to be collected or processed; (b) the purpose for which it will be used; and (c) the applicable retention period. You may withdraw your consent at any time by contacting us at privacy@moreplan.ai or through your account settings. Withdrawal of consent will not affect the lawfulness of any processing carried out prior to withdrawal.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

For information on categories of Personal Information we collect and disclose, see Sections 2 and 4. To exercise your rights, see Section 8.5 or email privacy@moreplan.ai with "California Privacy Rights" in the subject line.

9.2. Virginia, Colorado, Connecticut, and Utah Residents

Residents of Virginia (Virginia Consumer Data Protection Act or "VCDPA"), Colorado (Colorado Privacy Act or "CPA"), Connecticut (Connecticut Data Privacy Act or "CTDPA"), and Utah (Utah Consumer Privacy Act or "UCPA") have similar rights regarding:

  • Confirmation and access
  • Correction
  • Deletion
  • Data portability
  • Opting out of targeted advertising, sales, and profiling
  • Non-discrimination

Each state has specific requirements and timelines for responding to requests. Please contact us at privacy@moreplan.ai to exercise your rights under these laws.

9.2A. Opt-Out of Targeted Advertising, Sale, and Profiling — Virginia, Colorado, Connecticut, and Utah

In addition to the rights listed in Section 8.4, residents of Virginia, Colorado, Connecticut, and Utah have the specific right to opt out of: (a) the sale of their Personal Data to third parties; (b) the processing of their Personal Data for purposes of targeted advertising; and (c) profiling in furtherance of decisions that produce legal or similarly significant effects on the consumer.

To exercise your opt-out rights under any of these state laws, please contact us at privacy@moreplan.ai with the subject line "[State] Opt-Out Request" or use our privacy preferences center by emailing privacy@moreplan.ai. We will process your request within the timeframe required by applicable law. If we deny your request, you have the right to appeal our decision by contacting privacy@moreplan.ai, and we will respond to your appeal within the legally required timeframe for your state.

9.3. Nevada Residents

Nevada residents have the right to opt out of the sale of their Personal Information. However, we do not sell Personal Information as defined under Nevada law (NRS 603A). If you have questions, please contact privacy@moreplan.ai.

9.3A. Texas Residents (TDPSA)

If you are a Texas resident, the Texas Data Privacy and Security Act ("TDPSA"), Tex. Bus. & Com. Code Ch. 541, effective July 1, 2024, provides you with the following rights:

Right to Confirm and Access: You have the right to confirm whether we are processing your personal data and to access the personal data we hold about you, including the categories of personal data processed, the purposes for which it is processed, and the categories of third parties with whom we share it, pursuant to Tex. Bus. & Com. Code § 541.051(1)-(2).

Right to Correct: You have the right to request correction of inaccurate personal data we maintain about you, pursuant to Tex. Bus. & Com. Code § 541.051(4).

Right to Delete: You have the right to request deletion of personal data you have provided to us or that we have obtained about you, subject to certain exceptions, pursuant to Tex. Bus. & Com. Code § 541.051(3).

Right to Data Portability: You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format, pursuant to Tex. Bus. & Com. Code § 541.051(6).

Right to Opt Out: You have the right to opt out of (a) the sale of your personal data; (b) the processing of your personal data for purposes of targeted advertising; and (c) profiling in furtherance of decisions that produce legal or similarly significant effects concerning you, pursuant to Tex. Bus. & Com. Code § 541.051(5). To exercise this right, contact us at privacy@moreplan.ai with the subject line "Texas Opt-Out Request" or use our privacy preferences center by emailing privacy@moreplan.ai.

Profiling Activities of Moreplan: Section 3.7 of this Policy describes the AI Features used in providing the Service that may constitute profiling under TDPSA, including AI-generated suggested worker-to-section assignments and the computation of fairness scoring metrics. Where your Personal Data was submitted to the Service by a Moreplan Customer (for example, by a restaurant operator that has uploaded reservation data or employed you), please direct any profiling opt-out request to that Customer, which is the entity that determines the purposes and means of processing such data. Moreplan will receive and assist with such requests on the Customer’s behalf upon the Customer’s written instruction.

Sensitive Data: We do not process sensitive personal data (as defined under Tex. Bus. & Com. Code § 541.001(29), including racial or ethnic origin, religious beliefs, mental or physical health conditions, citizenship or immigration status, genetic or biometric data, and precise geolocation data) without first obtaining your affirmative consent, pursuant to Tex. Bus. & Com. Code § 541.101(b)(2). In the course of providing the Service, Moreplan may incidentally process information that constitutes sensitive personal data under applicable U.S. state privacy laws (including Tex. Bus. & Com. Code § 541.001(29)). Moreplan does not solicit, derive inferences from, or use this information for any purpose other than to provide the Service in accordance with Customer’s instructions, and does not use this information for advertising, profiling that produces legal or similarly significant effects, or any purpose beyond providing the Service. Customer is responsible for instructing its workers and guests not to submit sensitive information that is not necessary for service delivery, and for obtaining any consent required by applicable law (including Tex. Bus. & Com. Code § 541.101(b)(2) where applicable) before submitting sensitive information to the Service. By agreeing to this Privacy Policy, you are providing affirmative consent that Moreplan may incidentally process sensitive personal data as required to deliver the Service in accordance with the data privacy measures described herein.

Right to Non-Discrimination: We will not discriminate against you for exercising your TDPSA rights, including by denying goods or services, charging different prices, or providing a different level of quality, pursuant to Tex. Bus. & Com. Code § 541.101(b)(1).

Response Timeline and Appeals: We will respond to verified TDPSA requests without undue delay and no later than forty-five (45) days after receipt. We may extend this period by an additional forty-five (45) days where reasonably necessary, provided we notify you within the initial 45-day period. If we decline to act on your request, we will inform you of our reasons and your right to appeal. You may appeal any denial by contacting privacy@moreplan.ai with the subject line "TDPSA Appeal." If your appeal is denied, you may submit a complaint to the Texas Attorney General pursuant to Tex. Bus. & Com. Code § 541.052(d). To exercise any of the above rights, see Section 8.5 or email privacy@moreplan.ai with "Texas Privacy Rights" in the subject line.

9.4. Biometric Information Privacy

Certain jurisdictions have enacted specific laws governing the collection, use, storage, and disposal of biometric information, including the Illinois Biometric Information Privacy Act (BIPA), the Texas Capture or Use of Biometric Identifier Act (CUBI), Tex. Bus. & Com. Code 503.001, and Washington's biometric privacy provisions.

9.4.1. Our Collection and Use of Biometric Information

Moreplan does not currently collect or process biometric information, but may do so in limited circumstances. If such circumstances arise, we will update this Privacy Policy accordingly.

9.4.2. Notice and Consent

Before collecting or processing any biometric information, we will:

  • Provide clear, specific written notice explaining:
  • That biometric information is being collected or stored
  • The specific purpose and length of time for which the information will be collected, stored, and used
  • Obtain a written release or express consent from the affected individual

9.4.3. Data Security and Retention

For any biometric information we collect, we:

  • Protect it using the same security standards we apply to other sensitive Personal Data
  • Store, transmit, and protect it using reasonable security measures that are the same as or exceed industry standards
  • Will destroy biometric information when the initial purpose for collecting it has been satisfied or expires, or within the period required by applicable law, whichever is sooner. For Texas residents, biometric information will be destroyed no later than one (1) year after the date the purpose for collecting it expires, in accordance with Tex. Bus. & Com. Code 503.001(c)(3). For other jurisdictions, destruction will occur within 3 years of the individual's last interaction with us or upon satisfaction of the initial purpose, whichever occurs first, unless a longer retention period is required by law or ongoing litigation.

9.4.4. No Sale or Profit

We will not sell, lease, trade, or otherwise profit from an individual's biometric information.

9.4.5. Customer Obligations

If you are a customer using our Services to collect or process biometric information of your own end users, you are responsible for complying with all applicable biometric privacy laws, including providing appropriate notices, obtaining consent, and implementing required security measures.

10. CHILDREN'S PRIVACY

10.1. Age Restrictions

Moreplan's websites and services are not intended for, nor directed to, children under the age of 13. We do not knowingly collect personal information from children under 13 years old. If we learn we have collected Personal Data from a child under 13 without verified parental consent, we will promptly delete that information. If you believe we might have any information from or about a child under 13, please contact us at privacy@moreplan.ai.

10.2. Children's Data in the Subscription Service

Our customers might use Moreplan to manage information about their own clients or contacts, which could potentially include individuals under the age of 16. In such cases:

  • The customer is responsible for ensuring they have obtained appropriate parental consent
  • The customer must comply with all applicable child privacy laws (such as COPPA)
  • Such data is handled solely as Customer Data according to our agreements
  • We recommend customers not include children's personal information unless absolutely necessary

10.3. Moreplan's Direct COPPA Compliance Obligations

To the extent Moreplan operates as an "operator" under the Children's Online Privacy Protection Act (COPPA), 15 U.S.C. § 6501 et seq., we maintain the following practices in our direct operations:

(a) We do not knowingly collect, use, or disclose personal information from children under the age of 13 without verifiable parental consent;

(b) If we discover that we have inadvertently collected personal information from a child under 13 without verifiable parental consent, we will delete such information promptly;

(c) Parents and legal guardians who believe their child has provided personal information to Moreplan without consent may contact us at privacy@moreplan.ai to request review, correction, or deletion of that information;

(d) We do not condition a child's participation in any activity or access to any content on the disclosure of more personal information than is reasonably necessary for that activity or content; and

(e) We do not use persistent identifiers to track children across third-party websites or online services for targeted advertising purposes.

11. THIRD-PARTY WEBSITES AND SERVICES

Our websites and communications may contain links to third-party websites, plug-ins, or services that are not owned or controlled by Moreplan. When you click on those links, you may be sending information to a third party whose privacy practices we do not control. This Privacy Policy does not cover the information practices of third-party websites or services linked to or integrated with our Service.

We encourage you to review the privacy policies of any third-party site you visit or service you use. We are not responsible for the privacy practices or content of such third parties.

12. GOOGLE PRODUCT INTEGRATIONS

Moreplan offers certain integrations with Google products to enhance the functionality of our Service. If you choose to use these integrations, you will be asked to grant Moreplan access to specific data from your Google account.

12.1. Google reCAPTCHA

We use Google reCAPTCHA to prevent spam and abuse. This service collects hardware and software information and sends it to Google for analysis. Google's use of this information is governed by Google's Privacy Policy.

12.2. Compliance with Google API Services User Data Policy

Our use of information received from Google APIs adheres to Google's API Services User Data Policy, including the Limited Use requirements. We only use such data to provide or improve features you explicitly request, and we do not use this data for advertising or other unrelated purposes.

13. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. If we make material changes, we will notify you by:

  • Posting the updated policy on our website with an updated "Last Updated" date
  • Sending an email to the primary email address associated with your account
  • Displaying a notice through the Service interface

For material changes to how we handle Personal Data, we will provide reasonable advance notice before the changes take effect, which will typically be at least 30 days unless a shorter notice period is required by law or regulatory requirements.

Your continued use of the Service after the effective date of any changes constitutes your acceptance of the revised Privacy Policy. If you do not agree with the changes, you should discontinue your use of the Service and contact us to close your account.

We maintain an archive of previous versions of this Privacy Policy, which may be requested by contacting privacy@moreplan.ai.

We encourage you to review this Privacy Policy periodically to stay informed about our privacy practices.

14. ACCESSIBILITY

14.1. Accessible Format

We are committed to ensuring that our Privacy Policy and privacy-related communications are accessible to all individuals, including those with disabilities. This Privacy Policy is designed to be compatible with screen readers and other assistive technologies.

14.2. Alternative Formats

Upon request, we will provide this Privacy Policy and privacy-related communications in alternative formats, such as:

  • Large print
  • Braille
  • Audio recording
  • HTML or other machine-readable formats
  • Simplified language versions

14.3. Accessibility Assistance

If you need assistance accessing or understanding our Privacy Policy or exercising your privacy rights due to a disability, we can provide:

  • Direct telephone support
  • Guided assistance through forms and procedures
  • Extended time if needed to complete any verification processes
  • Alternative methods for identity verification if standard methods are not accessible

14.4. Web Content Accessibility Guidelines

Our digital privacy communications, including this Privacy Policy, are designed to conform with WCAG 2.1 Level AA standards.

To request accessibility assistance, please contact accessibility@moreplan.ai.

15. DATA PROTECTION GOVERNANCE

15.1. Data Protection Officer

Privacy Program OversightMoreplan has designated a Privacy Team responsible for overseeing our privacy program and ensuring compliance with applicable data protection laws. The Privacy Team's responsibilities include:

  • Monitoring compliance with applicable data protection laws and our internal policies
  • Advising on privacy risk assessments and data protection considerations
  • Cooperating with data protection authorities and regulators as required
  • Serving as the primary contact point for privacy inquiries from individuals and authorities
  • Leading our privacy by design and data minimization initiatives

You may contact our Privacy Team directly at privacy@moreplan.ai.

15.2. Records of Processing Activities

As part of our privacy governance program, we maintain comprehensive records of our personal data processing activities. These records document:

  • The purposes of processing
  • Categories of data subjects and personal data
  • Categories of recipients
  • International transfers and safeguards
  • Retention schedules
  • Technical and organizational security measures

These records are maintained in electronic format and are made available to supervisory authorities upon request.

15.3. Privacy Impact Assessments

We conduct Privacy Impact Assessments (PIAs) before implementing new technologies or processing activities that may pose significant risks to individuals' privacy. Our PIA process:

  • Identifies and assesses privacy risks
  • Implements measures to mitigate identified risks
  • Documents compliance considerations
  • Involves consultation with relevant stakeholders

15.4. Privacy by Design

We incorporate privacy protections into our system development processes by:

  • Considering privacy implications from the earliest stages of product development
  • Building privacy controls directly into our systems and processes
  • Setting privacy-protective default settings
  • Minimizing data collection to what is necessary
  • Implementing privacy-enhancing technologies

16. DISPUTE RESOLUTION AND GOVERNING LAW

16.1. Governing Law.

This Privacy Policy and any disputes, claims, or controversies arising out of or relating to it or our privacy practices shall be governed by and construed in accordance with the laws of the State of Texas, without regard to its conflict of laws provisions. To the extent applicable, federal law, including applicable federal privacy statutes and regulations, shall also govern.

16.2. Informal Resolution.

Before initiating any formal legal proceeding, we encourage you to contact us at privacy@moreplan.ai to attempt to resolve any privacy-related concern informally. We will make reasonable efforts to resolve your concern within thirty (30) days of receipt of a written description of the issue.

16.3. Arbitration.

Except as set forth in Section 16.4, any dispute, claim, or controversy arising out of or relating to this Privacy Policy or our privacy practices that cannot be resolved informally shall be resolved by binding individual arbitration administered by the American Arbitration Association ("AAA") under its then-current Commercial Arbitration Rules, available at www.adr.org. The AAA Supplementary Procedures for Consumer-Related Disputes shall not apply. The arbitration shall take place in Harris County, Texas, or remotely if agreed by the parties. The arbitrator's decision shall be final and binding, subject to limited judicial review as permitted by applicable law. TO THE FULLEST EXTENT PERMITTED BY LAW, EACH PARTY WAIVES THE RIGHT TO A JURY TRIAL AND THE RIGHT TO PARTICIPATE IN A CLASS ACTION, CLASS ARBITRATION, OR REPRESENTATIVE PROCEEDING.

16.4. Exceptions.

Notwithstanding Section 16.3, either party may seek injunctive or other equitable relief in a court of competent jurisdiction for claims involving: (a) intellectual property rights; (b) unauthorized access to or disclosure of Personal Data; or (c) any claim that cannot lawfully be subject to arbitration. Nothing in this Section 16 shall limit your right to file a complaint with a state attorney general's office or other applicable U.S. regulatory authority under applicable privacy law.

17. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Email: privacy@moreplan.ai

Mail: Moreplan LLC Attn: Privacy Team 4 Rutgers Place Houston, TX 77005 United States

Privacy Team: privacy@moreplan.ai

If you need this Privacy Policy in an alternative format due to a disability, please contact us and we will work with you to provide the information in a format that is accessible to you.

© 2026 Moreplan LLC. All rights reserved.