Privacy Policy

Effective date: April 4, 2026 · Last updated: April 4, 2026

1. Introduction

OutpostIQ (“we,” “us,” or “our”) respects your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal information when you use our website at www.outpostiq.com and our SaaS application (collectively, “the Service”).

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

2.1 Information you provide directly

  • Account information: Name, email address, and password when you create an account
  • Payment information: Credit card and billing details (processed and stored securely by Stripe — we do not store your full card number)
  • Business data: Financial figures, restaurant operating data, recipes, cost information, and other data you input into the modeling tools
  • Communications: Emails, support requests, and other messages you send to us
  • Waitlist information: Email address when you join our waitlist

2.2 Information collected automatically

  • Usage data: Pages visited, features used, time spent on the Service, and interaction patterns
  • Device information: Browser type, operating system, device type, and screen resolution
  • Log data: IP address, access times, referring URLs, and error logs
  • Cookies: Session cookies for authentication and analytics cookies for improving the Service (see Section 7)

2.3 Information from third parties

  • Google OAuth: If you sign in with Google, we receive your name, email address, and profile picture from Google
  • Stripe: Payment confirmation and subscription status
  • Analytics providers: Aggregated usage data from Vercel Analytics

3. How We Use Your Information

We use your information for the following purposes:

  • Provide the Service: Process your data, generate financial models, store your scenarios, and deliver the core functionality
  • Account management: Create and manage your account, process payments, and handle subscription changes
  • Communications: Send transactional emails (account confirmations, password resets, billing receipts), and with your consent, marketing emails about new features and updates
  • Improve the Service: Analyze usage patterns to improve features, fix bugs, and optimize performance
  • Security: Detect and prevent fraud, abuse, and security threats
  • Legal compliance: Comply with applicable laws, regulations, and legal processes

4. How We Share Your Information

We do not sell your personal information. We only share your information in the following limited circumstances:

  • Service providers: We share data with trusted third-party providers who help us operate the Service, including Stripe (payments), Vercel (hosting and analytics), Neon (database hosting), Google (authentication), and Resend (transactional email). These providers are contractually obligated to protect your data.
  • Legal requirements: We may disclose your information if required by law, subpoena, court order, or governmental request
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you of any such change.
  • With your consent: We may share your information for other purposes with your explicit consent

5. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS/SSL) for all data transmitted between your browser and our servers
  • Encryption at rest for stored data
  • Secure authentication with hashed passwords and OAuth 2.0
  • Regular security reviews and monitoring
  • Access controls limiting employee access to personal data

While we take reasonable steps to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. If you delete your account, we will delete or anonymize your personal data within 30 days, except where we are required to retain it for legal, tax, or audit purposes.

Waitlist email addresses are retained until the subscriber unsubscribes or requests deletion.

7. Cookies and Tracking

We use the following types of cookies:

  • Essential cookies: Required for authentication and core functionality. These cannot be disabled.
  • Analytics cookies: Used by Vercel Analytics to understand how visitors use the Service. These collect aggregated, anonymized data.

We do not use advertising cookies or tracking pixels. We do not participate in cross-site tracking or sell data to advertisers.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Request a machine-readable copy of your data
  • Opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in each email
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time

To exercise any of these rights, contact us at privacy@outpostiq.com. We will respond to requests within 30 days.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information
  • Right to opt out of the sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

10. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your data will be transferred to and processed in the United States. By using the Service, you consent to this transfer.

11. Children's Privacy

The Service is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we may also notify you by email.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

Email: privacy@outpostiq.com
Website: www.outpostiq.com