Privacy Policy

Effective Date: February 14, 2026
Last Updated: March 10, 2026

Your privacy matters to us. ExecEats Inc. does not sell user data and complies with applicable US privacy laws, including the California Consumer Privacy Act (CCPA/CPRA) and the Washington My Health My Data Act.

1. Introduction

ExecEats Inc. (“we”, “us”, “our”) operates the ExecEats mobile application and website at www.execeatsapp.com (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our Service.

By accessing or using ExecEats, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

We collect the following types of information to provide and improve the Service:

Account Information

When you create an account, we collect your name, email address, and phone number. Authentication is handled through Apple, Google, or Microsoft Single Sign-On (SSO) providers. We do not store passwords.

Company Email (for access verification)

If you choose to verify a company email address to unlock full platform access, we collect and verify that email address. We use the email domain solely to determine your account access tier and do not share it with third parties.

Order Information

We collect delivery addresses, order history, event names, attendee counts, and dietary preferences you provide when placing and managing orders through the platform.

Dietary and Allergen Preferences

We collect dietary requirements (e.g., vegan, halal, kosher) and allergen information you provide for order customization. This information is collected solely for order fulfillment and is not used for health-related profiling, advertising, or shared with health-related third parties. Under the Washington My Health My Data Act, dietary information may be considered consumer health data and is treated with appropriate care.

Payment Information

Payment processing is handled securely through Stripe. We do not store your credit card numbers or full payment details on our servers. Stripe may collect information necessary to process your transactions in accordance with their privacy policy.

AI Interaction Data

If you use our AI Meal Planner feature, we collect the conversation messages you send and the responses generated. This data is processed by our AI service provider (Anthropic) to generate menu and event suggestions. Conversations are not used to train AI models and are retained only for the duration of your planning session.

Voting and Suggestion Data

If you submit cuisine requests or menu item suggestions, or vote on suggestions from other users, we collect that information to help improve vendor offerings on the platform.

Usage Data

We collect information about how you interact with the Service, including features used, pages visited, and actions taken. This data helps us improve the platform and user experience.

Device Information

We may collect device type, operating system version, unique device identifiers, and push notification tokens to deliver notifications and ensure compatibility with your device.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • To provide, operate, and maintain the ExecEats Service
  • To process orders and facilitate delivery coordination between Executive Assistants and vendors
  • To share order details (delivery address, items ordered, dietary requirements, and event details) with the catering vendor fulfilling your order, solely for order preparation and delivery
  • To send order status notifications via push notifications, email, or WhatsApp — based on your communication preferences
  • To verify your company email and determine your account access tier
  • To communicate important service updates, security alerts, and administrative messages
  • To improve our platform, develop new features, and enhance the overall user experience
  • To detect and prevent fraud, abuse, and security incidents

We do not use your information for third-party advertising or cross-app tracking.

4. Data Sharing with Vendors

When you place an order, we share the following information with the catering vendor fulfilling your order: delivery address, items ordered, portion sizes, dietary requirements, special instructions, event name, and delivery schedule. This information is shared solely for order preparation and delivery. Vendors are contractually prohibited from using your personal information for any other purpose.

5. Third-Party Services

We use the following third-party services to operate the Service. Each service processes data in accordance with its own privacy policy:

We do not share your personal information with any third parties for marketing or advertising purposes.

6. Cookies and Tracking

The ExecEats website may use essential cookies for functionality such as session management. We do not use third-party advertising cookies, tracking pixels, or behavioral advertising technologies.

The ExecEats iOS application does not track users across other companies' apps or websites as defined by Apple's App Tracking Transparency framework. We do not participate in advertising networks or share device identifiers with advertisers.

7. Data Security

We take the security of your personal information seriously and implement industry-standard measures to protect it:

  • All data is encrypted in transit using TLS and at rest using AES-256 encryption
  • Row-level security (RLS) is enforced on all database tables to ensure users can only access their own data
  • Authentication is handled through trusted SSO providers (Apple, Google, Microsoft) — we do not store passwords
  • Payment data is handled entirely by Stripe and never touches our servers
  • We do not sell, trade, or otherwise transfer your personal information to third parties for marketing purposes

While we strive to use commercially acceptable means to protect your personal information, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security.

8. Data Retention

We retain your personal information as follows:

  • Account data: Retained while your account remains active. Deleted within 30 days of a deletion request.
  • Order history: Retained for 3 years for business record-keeping, tax compliance, and to provide you with historical order information.
  • Payment records: Retained by Stripe in accordance with their data retention policy and applicable financial regulations.
  • Push notification tokens: Automatically removed when expired or when you uninstall the application.
  • In-app notifications: Automatically purged after 90 days.
  • Usage data: Retained in anonymized or aggregated form for up to 2 years for analytics and service improvement.

You may request deletion of your account and all associated personal data at any time. You can initiate account deletion directly from your profile settings in the app, or by contacting us. A 30-day grace period applies, during which you can sign back in to cancel the deletion. You can also export a copy of all your personal data as a JSON archive from your profile settings before deletion.

9. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access — Request a copy of the personal data we hold about you
  • Correction — Request that we correct any inaccurate or incomplete data
  • Deletion — Request that we delete your personal data, subject to legal retention requirements
  • Portability — Request a copy of your data in a structured, machine-readable format. You can also export your data directly from your profile settings in the app.
  • Opt-out — Opt out of non-essential communications at any time through your account settings or by contacting us

To exercise any of these rights, please contact us at privacy@execeatsapp.com. We will respond to your request within 30 days.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following additional rights under the California Consumer Privacy Act and the California Privacy Rights Act:

  • Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request that we delete your personal information, subject to certain exceptions.
  • Right to Opt-Out of Sale: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA/CPRA rights.

To exercise these rights, contact us at privacy@execeatsapp.com or write to us at the address below.

11. Children's Privacy

The ExecEats Service is designed for business professionals and is not directed at children under the age of 13 (or 16 in applicable jurisdictions). We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without appropriate parental consent, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@execeatsapp.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make significant changes, we will notify you through the Service or via email.

We encourage you to review this page periodically for the latest information on our privacy practices. Your continued use of the Service after any changes constitutes your acceptance of the updated policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: