OrderFriendly — Privacy Policy (Clover Edition)

This Privacy Policy describes how Driven Software Solutions, LLC ("Driven", "we", "us", or "our") collects, uses, stores, and shares information when you use OrderFriendly (the "Service") through the Clover App Market. It applies specifically to merchants who install OrderFriendly via Clover and to the end-customers who place orders through an OrderFriendly storefront powered by a Clover merchant account.

If you use OrderFriendly directly (not via Clover), our general Privacy Policy at https://orderfriendly.com/privacy applies instead.

1. Information we collect

1.1 Information from your Clover account

When you install OrderFriendly from the Clover App Market and authorize the integration, Clover provides us with access to the following data via the Clover REST API, scoped to permissions you approve at install time:

• Merchant profile: business name, address, currency, time zone, default service charge, tax rates, logo
• Inventory: items, categories, modifier groups, modifiers, item images, prices, stock counts (if maintained in Clover), labels
• Orders: order line items, modifiers, totals, taxes, discounts, fulfillment status, order metadata
• Payments: payment IDs, amounts, tender types, refund history, settlement status. We do not receive raw payment card numbers — Clover Hosted Checkout handles card data inside Clover's PCI-compliant environment.
• Customers: names, emails, phone numbers, addresses, customer notes, loyalty status (if maintained in Clover)
• Employees: employee IDs, names, emails, role, PIN (hashed; used only to verify staff actions within OrderFriendly)
• App billing state: your OrderFriendly subscription tier, trial status, install/uninstall events

1.2 Information from your end-customers

When a customer places an order through an OrderFriendly storefront, we collect:

• Name, email address, phone number
• Delivery address (if delivery is selected)
• Order contents and customization choices
• Payment confirmation reference from Clover (we never see the card number)
• Device and browser information (user agent, IP address, screen resolution) for fraud prevention and analytics
• Cookies and similar technologies for session management and cart persistence

1.3 Information you provide directly

When you use the OrderFriendly merchant dashboard, you may provide:

• Account preferences (storefront theme, branding, language, currency display)
• Custom content (storefront copy, product descriptions, images you upload, blog posts)
• Support tickets and feedback
• Configuration choices (custom domain, third-party integrations you enable)

1.4 Information collected automatically

When you or your customers use the Service, we automatically collect:

• Usage data (pages viewed, features used, time spent, click paths)
• Performance and error logs
• Aggregated and anonymized analytics

2. How we use information

We use the information we collect to:

• Operate the Service: import your Clover catalog into your OrderFriendly storefront, sync orders back to Clover, process customer payments via Clover, send order confirmations
• Maintain your subscription: honor your Clover-billed subscription tier and gate features accordingly
• Improve the Service: identify bugs, performance issues, and opportunities to improve the merchant and customer experience
• Customer support: respond to your support requests and troubleshoot integration issues with Clover
• Security and fraud prevention: detect and prevent fraudulent orders, abuse, and unauthorized access
• Legal compliance: comply with applicable laws, respond to lawful requests from public authorities, enforce our Terms of Service

We do not sell your information or your end-customers' information to third parties.

We do not use end-customer information for marketing to those customers on behalf of other merchants. Each merchant's customer list belongs to that merchant.

3. How we share information

We share information only as described below:

• With Clover: order placements and payment processing flow through Clover's APIs. Clover's handling of that data is governed by Clover's privacy policy at https://www.clover.com/privacy-policy.
• With service providers we contract with for hosting, email delivery, analytics, and customer support. These providers are bound by written agreements to use information only to provide services to us. Current key providers: Hostinger (hosting), Cloudflare (DNS and CDN), Postmark or AWS SES (transactional email).
• With the merchant who owns the storefront: end-customer order data is visible to the merchant whose storefront the customer ordered from. This is inherent to fulfilling an order.
• For legal reasons: when required by law, regulation, valid legal process, or to protect the rights, property, or safety of Driven, our users, or others.
• In a business transfer: if Driven is acquired or merges with another company, your information may transfer as part of that transaction. We will notify you before any transfer becomes effective.

We do not share end-customer information across merchants.

4. How we store and protect information

• Storage location: Driven Software Solutions servers physically located in the United States (Hostinger VPS, US-East region).
• Encryption in transit: all data exchanged with Clover, your customers, and you uses TLS 1.2 or higher.
• Encryption at rest: OAuth tokens, payment references, and sensitive merchant configuration are encrypted at rest using AES-256.
• Access controls: production data access is restricted to authorized Driven staff under a need-to-know basis, with audit logging.
• Security testing: we conduct internal security reviews of new features and remediate identified issues on a priority basis.

No method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

5. Your rights and choices

5.1 Merchant rights

As a Clover merchant using OrderFriendly, you have the right to:

• Access: request a copy of the information we hold about your account and operations
• Correct: update inaccurate information, either through the merchant dashboard or by contacting us
• Delete: uninstall OrderFriendly from Clover. We will delete your data on the timeline described in §6.
• Export: request an export of your storefront content, customer list, and order history in machine-readable format
• Restrict processing: request that we stop processing your data for specific purposes (note: this may prevent the Service from functioning)

To exercise these rights, contact us at privacy@orderfriendly.com. We respond within 30 days.

5.2 End-customer rights

End-customers of merchants using OrderFriendly should direct privacy requests to the merchant in the first instance, because the merchant is the controller of the customer's order data. If the merchant cannot resolve the request, we will assist as a processor.

End-customers in California (CCPA), the EU (GDPR), or other jurisdictions with applicable privacy laws have rights specific to those jurisdictions. We honor those rights to the extent applicable.

5.3 Cookies

You can configure your browser to refuse cookies or to indicate when a cookie is being sent. Some parts of the OrderFriendly storefront may not function correctly without cookies (notably, cart persistence).

6. Data retention

We retain information as long as your account is active and as needed to provide the Service.

When you uninstall OrderFriendly from Clover:

• Within 24 hours: we mark your account as inactive and disable all sync with Clover
• Within 90 days: we delete or anonymize your account data, including imported items, customer records, order history, and configuration. Backups containing your data are overwritten within an additional 35 days on rolling rotation.
• Indefinitely: we may retain aggregated and anonymized usage statistics that cannot reasonably be associated with you.

If applicable law requires us to retain certain records (e.g., financial transaction records for tax purposes), we retain those records for the legally required period and then delete them.

7. International data transfers

OrderFriendly currently serves merchants in the United States only. We do not knowingly serve merchants or accept end-customer data from outside the United States via the Clover integration. If we expand to additional regions, we will update this policy with applicable cross-border transfer disclosures.

8. Children's privacy

OrderFriendly is intended for businesses and adult consumers. We do not knowingly collect information from children under 13 (or under 16 in jurisdictions where that is the applicable age). If we learn that we have collected information from a child without verified parental consent, we will delete it promptly.

9. Third-party links and services

Your OrderFriendly storefront may link to third-party websites and services (e.g., your social media pages, third-party delivery providers you enable). We are not responsible for the privacy practices of those third parties. We encourage you to review their privacy policies.

10. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top of this policy
• Notify Clover merchants via email at the address associated with their OrderFriendly account
• For significant changes affecting end-customer data, notify merchants at least 30 days before the changes take effect, so they can in turn notify their customers

Continued use of the Service after a change indicates acceptance of the updated policy.

11. Contact us

Privacy questions, requests, or complaints:

Email: privacy@orderfriendly.com Support: https://orderfriendly.com/support Mailing address: Lilburn, GA 30047, United States

If you are not satisfied with our response, you may have the right to lodge a complaint with a data protection authority in your jurisdiction.