Privacy Policy

1. Introduction

MedPlate, Inc. ("MedPlate," "we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information about you when you use our Platform. Please read this policy carefully. If you do not agree with its terms, please do not use the Platform.

2. Information We Collect

2.1 Information You Provide

When you register and use MedPlate, we collect:

• Identity data: Full name, job title, and company name.
• Contact data: Email address, phone number, and territory or city.
• Account credentials: Password (stored in hashed form; we never store plaintext passwords).
• Payment information: Credit or debit card details, collected and stored securely by our payment processor, Stripe, Inc. MedPlate does not store full card numbers.
• Booking data: Event details, guest counts, dietary requirements, AV needs, and any other information submitted during the booking process.
• Communications: Messages sent to MedPlate support or generated through the Platform.

2.2 Information Collected Automatically

When you use the Platform, we automatically collect:

• Device identifiers, IP address, browser type and version, and operating system.
• Usage data including pages visited, features accessed, and time spent on the Platform.
• Cookies and similar tracking technologies to maintain session state and analyze usage patterns.

3. How We Use Your Information

We use collected information to:

• Process bookings: Create, manage, confirm, and complete dining reservations and associated payments.
• Send notifications: Deliver booking confirmations, reminders, and status updates via email and SMS (via Twilio).
• Generate compliance receipts: Produce itemized receipts and booking summaries to assist Reps with Sunshine Act and Open Payments reporting.
• Operate and improve the Platform: Analyze usage, diagnose technical issues, and develop new features.
• Enforce our Terms of Service: Detect and prevent fraud, abuse, and violations of our policies.
• Communicate with you: Respond to support requests, provide service announcements, and send Platform-related updates.
• Comply with legal obligations: Respond to lawful requests from government authorities and comply with applicable law.

4. How We Share Your Information

MedPlate does not sell your personal information. We share data only as follows:

4.1 Restaurants

When a Rep's booking is confirmed, we share the Rep's name, phone number, company name, and booking details with the Restaurant. This information is provided solely to enable the Restaurant to prepare for and fulfill the booking. Restaurants are required to treat this information as confidential and may not use it for marketing or any purpose unrelated to the confirmed booking.

4.2 Stripe (Payment Processing)

Payment information is transmitted directly to and processed by Stripe, Inc., our third-party payment processor. Stripe's collection and use of your payment data is governed by Stripe's Privacy Policy, available at stripe.com/privacy. We share only the information necessary to process transactions and prevent fraud.

4.3 Twilio (SMS Notifications)

We use Twilio, Inc. to deliver SMS notifications related to your bookings, including confirmation messages, reminders, and status updates. Your phone number is shared with Twilio for this purpose. Twilio's use of your data is governed by their Privacy Policy at twilio.com/en-us/legal/privacy.

4.4 Legal and Safety

We may disclose your information if we believe disclosure is reasonably necessary to comply with applicable law, respond to legal process, protect the rights or safety of MedPlate, our users, or the public, or enforce our Terms of Service.

5. Data Retention

We retain your personal data for as long as your account is active or as needed to provide services. Specifically:

• Account data is retained for the life of your account and for up to 7 years following account closure to satisfy legal, tax, and compliance obligations.
• Booking records and receipts are retained for a minimum of 7 years to support Sunshine Act compliance and potential audit requirements.
• Payment transaction records are retained as required by Stripe and applicable financial regulations.
• Automatically collected usage data is generally retained for no more than 24 months.

6. Security

We implement industry-standard technical and organizational measures to protect your personal data against unauthorized access, disclosure, alteration, and destruction. These measures include encryption in transit (TLS) and at rest, access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

7. Your Rights and Choices

Depending on your location, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate or incomplete data.
• Request deletion of your data, subject to our legal retention obligations.
• Opt out of non-essential communications such as marketing emails.
• Lodge a complaint with the applicable data protection authority.

To exercise any of these rights, contact us at privacy@medplate.com. We will respond to all requests within 30 days.

8. Cookies

We use essential cookies required to operate the Platform (e.g., authentication session cookies). We may also use analytics cookies to understand how users interact with the Platform. You may disable cookies through your browser settings, but doing so may affect your ability to use certain features of the Platform.

9. Children's Privacy

The Platform is intended for use by business professionals and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us and we will promptly delete it.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Platform and updating the "Last updated" date. Continued use of the Platform after the effective date of changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: