Privacy Policy

Last updated: February 26, 2026

1. Introduction

Parly (“we,” “us,” or “our”) is operated by Parly. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (collectively, the “Service”). By using the Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

Account Information

When you create an account, we collect your name, email address, and password (hashed and stored securely). We also store your role within your organization (Owner, Manager, or Member).

Business Data

We store inventory counts, item details, supplier information, purchase orders, recipes, tasks, and pastry delivery records that you or your team members enter into the Service.

POS Data (Square Integration)

If you connect your Square POS account, we sync sales transactions, catalog items, and labor timecards in read-only mode. We never modify, create, or delete data in your Square account. Synced data includes order totals, line items, modifiers, discounts, tips, tax amounts, and team member shift records.

Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, and timestamps. This helps us improve the product.

3. How We Use Your Information

  • To provide, maintain, and improve the Service, including inventory tracking, demand forecasting, order suggestions, and reports.
  • To generate AI-powered demand forecasts and order recommendations based on your sales and inventory data.
  • To send you operational notifications (supplier cutoff reminders, low-stock alerts, task assignments) within the application.
  • To communicate with you about your account, Service updates, and support requests.
  • To enforce our Terms of Service and protect against unauthorized access or misuse.

4. Data Storage and Security

Your data is stored in a PostgreSQL database hosted by Supabase (powered by AWS infrastructure) with row-level security policies that ensure strict tenant isolation. Each organization's data is logically separated and cannot be accessed by other tenants.

We use industry-standard encryption for data in transit (TLS/HTTPS) and at rest. Authentication is handled by Supabase Auth with bcrypt-hashed passwords.

5. Third-Party Services

Supabase

Database hosting, authentication, and real-time subscriptions. Data is stored in the US West (Oregon) region.

Vercel

Application hosting and serverless function execution. Vercel processes requests but does not persistently store your business data.

Square (Read-Only)

POS data sync. We access your Square data in read-only mode to import sales, catalog, and labor records. We never write to or modify your Square account.

Anthropic (Claude AI)

AI demand forecasting and recipe parsing are processed server-side through the Anthropic API. We send aggregated sales and inventory data (not personal information) to generate forecasts and order suggestions. Anthropic does not use this data for training.

6. Cookies and Local Storage

We use essential cookies for authentication session management. We use localStorage for UI preferences (sidebar state, theme preferences). We do not use third-party tracking cookies or advertising pixels.

7. Data Retention

We retain your data for as long as your account is active. Inventory counts and audit logs are retained indefinitely to maintain historical records for your business. If you delete your account, we will delete your personal information and business data within 30 days, except where retention is required by law.

8. Your Rights

  • Access: You can request a copy of the personal data we hold about you.
  • Correction: You can update your account information at any time through the Settings page.
  • Deletion: You can request deletion of your account and associated data by contacting us.
  • Export: You can export your reports and inventory data via CSV at any time.
  • Portability: Upon request, we will provide your data in a machine-readable format.

9. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or your data, please contact us at:

Parly
New York, NY
Email: hello@parly.app