Privacy Policy

1. Information We Collect

To power your restaurant's social presence, we collect:

• Account Data: Name, email, and authentication credentials.
• Restaurant Intelligence: Operating hours, menu items, location data, and "Brand Voice" preferences used to calibrate our AI.
• Media Assets: Photos of your food or menus that you upload for AI processing and social distribution.
• Social Connectivity: If you link your social media accounts (Instagram, TikTok, Facebook, etc.), we securely store encrypted OAuth tokens and basic profile information to enable automated posting and engagement tracking.
• Billing Information: Payment processing is handled securely by Polar. We do not store your credit card details on TwoTop servers.

2. The AI Pipeline & Data Usage

We use your information to operate the "TwoTop OS," specifically:

• Computer Vision: We use Google Gemini Vision models to analyze your uploaded menus and food photos to generate accurate descriptions and hashtags.
• Generative Intelligence: Your brand voice data is used to "fine-tune" the captions and images our AI generates, ensuring they remain unique to your restaurant.
• Automated Scheduling: Our background workers use your data to execute posts at the "optimal windows" identified for your specific audience.
• Performance Analytics: We aggregate engagement data from your social platforms to show you what's working, helping you make better business decisions.

3. Secure Information Sharing

We do not sell your personal or restaurant data. Information is only shared with:

• AI Infrastructure: Disconnected media segments are sent to Google Gemini for processing (captions/image generation) under strict enterprise privacy terms.
• Social Platforms: Content is transmitted to the social networks you explicitly authorize (Meta, TikTok, etc.) to fulfill your posting schedule.
• Regulatory Compliance: We may share info if required by law or to protect against fraud or security threats.

4. "Tenant-First" Security

We treat your restaurant's data as a private instance:

• Row-Level Security (RLS): Our database architecture ensures that your restaurant's data is strictly isolated; no other user can access your media or brand voice.
• Token Encryption: All social media access tokens are encrypted at rest using industry-standard AES-256 encryption.
• Infrastructure: Our media is stored across Cloudflare R R2 and Supabase Storage, utilizing advanced DDoS protection and secure access layers.

5. Your Control & Data Portability

You are always in the driver's seat:

• Permissions: You can revoke social media access or disconnect platforms at any time via your Settings.
• Purge Policy: If you choose to delete your account, we will purge your social tokens, brand voice data, and stored media from our active databases.
• Access: You can update your business profile or export your post history directly through the TwoTop Dashboard.

6. Contact Us

For any queries or concerns regarding this Privacy Policy or our practices, please contact us at hello@digitalmacaroni.io or by mail at our headquarters:

Digital Macaroni
30 N Gould St Ste N
Sheridan, WY 82801, USA