Privacy Policy

Effective 06-01-2026

This Privacy Policy describes how Order Local, LLC ("Order Local," "we," "us," or "our") collects, uses, and shares information when you use our website, our pre-order and pickup platform, and related services (collectively, the "Service"). By using the Service, you agree to the practices described in this Policy.

1. Who We Are

Order Local is a software platform that lets small businesses ("Vendors") — including bakers, makers, growers, and other producers — sell pre-orders for pickup. When a customer ("Customer") places an order on a Vendor's storefront, the Customer is purchasing from the Vendor; Order Local provides the technology that makes the transaction possible.

For most Customer information, Order Local acts as a "data processor" on behalf of the Vendor (who is the "data controller"). For information collected directly from Vendors when they sign up and use the Service, Order Local is the data controller.

2. Information We Collect

From Vendors

• Account information: name, email address, business name, business address, phone number, and password (stored as a one-way hash).
• Authentication data: if you sign in with Google, we receive your name, email, and profile photo from Google. We do not receive your Google password.
• Business details: your catalog (product names, descriptions, photos, prices), pickup locations and windows, brand assets (logo, colors), and similar storefront content you upload.
• Stripe Connect information: when you connect your Stripe account, we receive identifiers and account status from Stripe so we can route payments to you. We do not store your bank account or tax ID numbers — those live with Stripe.
• Subscription billing: if you're on a paid plan, our payment processor (Stripe) handles your payment method. We store your subscription tier and billing status, not your card number.

From Customers

• Order information: name, email address, phone number, items ordered, modifier selections, pickup window, order notes, and order total.
• Payment information: payment is processed by Stripe directly. We receive a tokenized reference and the last four digits of the card, never the full card number.
• Communications: if you reply to an order confirmation email or SMS, we receive your reply.

Automatically

• Device and usage data: IP address, browser type, operating system, referring URL, pages viewed, and timestamps.
• Cookies and similar technologies: see Section 8 below.

3. How We Use Information

We use information to:

• operate and improve the Service;
• process and fulfill orders, including sending order confirmations, pickup reminders, and status updates;
• process subscription payments and Vendor payouts via Stripe;
• communicate with you about your account, including security and policy updates;
• provide customer support;
• monitor for fraud, abuse, and violations of our Terms of Service;
• comply with legal obligations.

4. Legal Bases for Processing

For Customers and Vendors located in jurisdictions that require a legal basis for processing personal data (such as the European Economic Area and the United Kingdom), we rely on the following bases:

• Contract: processing necessary to provide the Service you've requested.
• Legitimate interests: operating, improving, and securing the Service.
• Consent: for optional marketing communications (where applicable).
• Legal obligation: complying with applicable laws.

5. How We Share Information

We share information only as described below. We do not sell personal information.

With Vendors

When a Customer places an order, we share the order details with the Vendor whose storefront the Customer ordered from. The Vendor is responsible for handling that information in accordance with the Vendor's own privacy practices and applicable law.

With Service Providers (Sub-Processors)

We use the following service providers to operate the Service. Each is contractually required to protect information consistent with this Policy and applicable law:

• Stripe — payment processing and Vendor payouts.
• Vercel — application hosting.
• Resend — transactional email delivery.
• Twilio — SMS delivery for order notifications.
• Cloudflare R2 — image and file storage.
• Neon — database hosting.
• Google — Google Sign-In authentication, when used.

This list may change as we add or replace providers.

For Legal Reasons

We may disclose information if required by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect rights, property, or safety.

In a Business Transaction

If Order Local is involved in a merger, acquisition, or sale of assets, information may be transferred as part of that transaction. We will notify Vendors of any change in ownership or control of personal information.

6. Data Retention

We retain Vendor account information for as long as the account is active and for a reasonable period after closure for record-keeping, legal compliance, and dispute resolution. We retain Customer order information for as long as the associated Vendor account is active. Backups may persist for a short period after deletion.

Vendors can request deletion of inactive Customer records at any time by contacting us.

7. Your Rights and Choices

Depending on where you live, you may have rights regarding your personal information, including:

• Access a copy of the information we hold about you.
• Correct inaccurate information.
• Delete information, subject to legal retention requirements.
• Port your data to another service.
• Object to certain processing or withdraw consent.
• Opt out of certain marketing communications.

To exercise these rights, email us at hello@getorderlocal.com. For information you provided to a Vendor's storefront, please contact the Vendor directly; we will assist the Vendor in fulfilling valid requests.

8. Cookies and Tracking

We use cookies and similar technologies to keep you signed in, remember your preferences, and understand how the Service is used. You can control cookies through your browser settings; blocking some cookies may affect Service functionality.

We currently use essential cookies for authentication and session management, and limited analytics cookies to understand aggregate usage patterns. We do not use third-party advertising cookies.

9. Security

We use commercially reasonable technical and organizational measures to protect information, including encryption in transit (TLS), encryption at rest for sensitive fields, hashed passwords, and access controls. No system is perfectly secure; we cannot guarantee the security of information transmitted to or stored on the Service.

10. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If we learn we have collected such information, we will delete it. If you believe a child has provided us information, please contact us.

11. International Data Transfers

Order Local is based in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer.

12. Changes to This Policy

We may update this Policy from time to time. If we make material changes, we will notify Vendors by email and update the Effective Date at the top of this page. Continued use of the Service after a change indicates acceptance of the updated Policy.

13. Contact Us

If you have questions about this Policy or our privacy practices, contact us at hello@getorderlocal.com.