TTMS Food Privacy Policy

1. Introduction

This Privacy Policy (the "Privacy Policy") explains how ttmsfood.com ("TTMS Food," "we," "us," or "our") collects, uses, discloses, and otherwise processes personal information in connection with the websites, applications, and related services we offer (collectively, the "Services"). The Services include, for example: the Vault admin and restaurant workspace, partner tools where applicable, and consumer-facing online ordering experiences (such as digital menus and checkout flows) that restaurants make available to their customers. A business that uses our platform to take orders is referred to as a "Restaurant." End users who place orders or browse those experiences are referred to as "Restaurant clients" where helpful below.

"Personal information" or "personal data" means information that identifies or relates to an identifiable individual—for example, name, contact details, order details, or device identifiers. Details on categories we may process appear in Section 4.

We may update this Privacy Policy from time to time. The current version will always be posted on this site with a revised "Last updated" date. If we make a material change, we may also notify you through the Services (for example, a notice in the product or by email) where appropriate.

This Privacy Policy should be read together with our Terms of Use, which describe rules for using the Services.

2. Scope

This Privacy Policy applies to our processing of personal information when:

• Restaurant clients use consumer-facing ordering or menu experiences we host or operate for a Restaurant (for example, placing an order, entering delivery details, or paying where card checkout is offered);
• Restaurant holders and staff use Vault or related tools to configure menus, hours, delivery zones, taxes, payments, and operations;
• Partners or platform administrators use partner or super-admin features we provide, where applicable.

What this Privacy Policy does not cover. Restaurants and partners are independent businesses. When a Restaurant collects personal information directly from its customers—for example through its own policies, marketing messages, or offline collection—that Restaurant may act as a separate controller. Questions about how a specific Restaurant uses order or marketing data should be directed to that Restaurant. Where we process personal information strictly on behalf of a Restaurant under its instructions (processor scenarios), the Restaurant's agreement and instructions govern that relationship, and the Restaurant should provide appropriate notices to individuals.

3. Who is responsible for processing your personal information?

For the processing described in this Privacy Policy, the controller is ttmsfood.com, with principal contact address:

Email: info@ttmsfood.com (general inquiries) and privacy@ttmsfood.com (privacy inquiries).

4. Which categories of personal information do we process?

Depending on how you use the Services and your role, we may process the following categories of personal information:

• Contact and identity information — name, email address, phone number, postal or delivery address.
• Order and transaction information — items ordered, fulfillment type (pickup or delivery), scheduled order times, amounts, payment status, delivery coordinates when you or the Restaurant provide them for zone validation, and related records needed to operate ordering and reconciliation.
• Account and credentials — usernames, roles, restaurant affiliation, security tokens, and similar authentication data for Vault or partner accounts.
• Support content — information you include in support requests, chat transcripts, or feedback.
• Device and online identifiers — IP address, cookie or similar identifiers, session identifiers, browser type, operating system, language preferences, and diagnostic data.
• Usage information — pages or screens viewed, actions taken in the Services, approximate location derived from IP, and performance or error logs.
• Geolocation — where you or the Restaurant choose to provide precise coordinates (for example, for delivery or map features), we process that information as part of the ordering flow.

We generally collect personal information directly from you when you use the Services. Some features may not work if required information is not provided (for example, we cannot complete delivery checkout without a deliverable address and coordinates where our product requires them).

5. Why and how do we use your personal information?

We use personal information for purposes such as:

• Providing the Services — creating and managing accounts, authenticating users, displaying menus, validating carts, processing orders, coordinating fulfillment types, and generating receipts or order references.
• Payments — working with payment providers (such as Stripe) to initiate or record payments, prevent fraud, and support connected accounts where restaurants have enabled card payments.
• Delivery and maps — when address search or maps are enabled (for example, MapTiler-backed flows in the product), processing queries and coordinates you submit to validate delivery zones or show locations.
• Communications — responding to inquiries, sending service-related notices, and (where permitted) product updates.
• Security and integrity — monitoring for abuse, fraud, or unauthorized access; debugging; enforcing our terms; protecting users and the platform.
• Improvement and analytics — understanding how the Services are used in aggregate, improving reliability and user experience, and developing new features (using de-identified or aggregated information where appropriate).
• Legal and compliance — complying with law, responding to lawful requests, and establishing, exercising, or defending legal claims.
• Business operations — billing, recordkeeping, audits, and corporate transactions (for example, a merger or asset sale) subject to applicable law.

6. What is our basis for processing (EEA, UK, and similar regions)?

Where laws such as the GDPR or UK GDPR apply, we rely on one or more of the following legal bases, depending on the context:

• Performance of a contract — processing necessary to provide the Services you request (for example, account access, order placement, payment handling).
• Legitimate interests — for example, securing the Services, preventing fraud, improving performance, understanding aggregate usage, and communicating with business users about similar services—balanced against your rights and freedoms.
• Legal obligation — where processing is necessary to comply with applicable law.
• Consent — where we rely on consent (for example, certain cookies or marketing where required), you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

7. For what period do we retain personal information?

We retain personal information for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

• for as long as you maintain an account or the Restaurant remains active on the platform;
• as needed to provide the Services and resolve disputes;
• where a longer retention period is required or permitted by law (for example, tax, accounting, or regulatory obligations); or
• where retention is advisable in light of legal positions (such as statutes of limitations or regulatory investigations).

8. When and how may we disclose your personal information?

Within our organization. Authorized personnel and affiliates may access personal information on a need-to-know basis for the purposes above.

Service providers. We may disclose personal information to vendors that help us operate the Services, including hosting, email delivery, customer support, analytics, security, maps or geocoding (such as MapTiler when configured), and payment processing (such as Stripe). We enter into agreements designed to require appropriate confidentiality and processing terms.

Legal and safety. We may disclose information if required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect the rights, property, or safety of ttmsfood.com, our users, or others.

Business transfers. In connection with a merger, acquisition, financing, reorganization, bankruptcy, or sale of assets, personal information may be transferred as part of that transaction, subject to applicable law and notice requirements.

9. How is personal information handled globally?

We may process and store personal information in the United States and other countries. If we transfer personal information from the EEA, Switzerland, or the UK to countries not deemed to provide an adequate level of protection, we use appropriate safeguards where required (such as standard contractual clauses approved by relevant regulators). You may contact us at privacy@ttmsfood.com for more information about such safeguards.

10. How is your personal information secured?

We implement technical, physical, and organizational measures designed to protect personal information against unauthorized access, loss, misuse, or alteration. No method of transmission or storage is completely secure; you should protect your account credentials and devices.

11. What cookies and similar technologies do we use?

We and our partners use cookies, local storage, pixels, and similar technologies to operate and improve the Services—for example, to keep you signed in, remember preferences, process payments, measure performance, and reduce fraud. Third-party payment providers such as Stripe may set their own cookies or device identifiers when you interact with card payment flows; see Stripe's privacy policy for details on Stripe's technologies.

Theme preference. If you use dark or light mode in the Vault web app, your preference may be stored locally (for example, in browser storage) by our UI theme layer.

Illustrative cookie categories. Exact names may change as we update the product; the table below summarizes typical categories. You can control many cookies through your browser settings.

12. What are your privacy rights?

Depending on your location, you may have the right to access, correct, update, delete, restrict, or object to certain processing of your personal information, or to receive a copy in a portable format, subject to exceptions under applicable law.

To exercise these rights, contact us at privacy@ttmsfood.com. We may need to verify your identity before responding. If you use an authorized agent (where permitted by law), the agent should provide proof of authorization; we may still require you to confirm your identity.

If you are a Restaurant client with questions about a specific order, also contact the Restaurant that received your order, since it may hold complementary records.

13. Sensitive information and children

Please do not send us sensitive personal information (such as government ID numbers, health information, or biometric data) unless we explicitly request it for a defined purpose.

The Services are intended for adults and business users. They are not directed to children under the age where they cannot lawfully consent on their own. If you believe we have collected personal information from a child inappropriately, contact us at privacy@ttmsfood.com and we will take appropriate steps.

14. California residents (CCPA / CPRA)

If you are a California resident, you may have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve months; delete personal information we collected from you, subject to exceptions; correct inaccurate personal information; and opt out of certain processing (including "sale" or "sharing" as defined under California law, if applicable). We will not discriminate against you for exercising these rights.

To submit a request, email privacy@ttmsfood.com with the subject line "California Privacy Request" and describe your request. We will respond in accordance with applicable law.

You may also contact the California Attorney General's office for information about your privacy rights: https://oag.ca.gov/contact.

15. Links to other sites

The Services may contain links to third-party websites or services. This Privacy Policy does not apply to those sites. We encourage you to read the privacy policies of every site you visit.

16. Data protection and privacy contacts

For privacy questions or complaints about how we handle personal information under this Privacy Policy, contact:

ttmsfood.com — Privacy
7285 Desert Forest Rd, Oak Hills, CA 92344, USA
Email: privacy@ttmsfood.com

We do not currently appoint a separate EU representative for the purposes of this public policy. If that changes, we will update this section.

17. Filing a complaint

If you believe we have not handled your personal information in line with this Privacy Policy, please contact us first at privacy@ttmsfood.com. You may also have the right to lodge a complaint with a supervisory authority in your country or region, where applicable law provides that right.

For disputes that relate to the Terms of Use (including governing law and venue), see our Terms of Use.

18. Corporate headquarters and previous versions

Corporate / principal mailing address

Venue for certain disputes may be specified in our Terms of Use (including reference to the Superior Court of California, County of San Bernardino where applicable).

Previous versions

• May 12, 2026 — Full policy published (this version).

© 2026 ttmsfood.com / TTMS Food. All rights reserved.