Privacy Policy
Effective Date: February 1, 2026
BetterTable Inc. ("BonAppify", "we", "us", or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our food sustainability auditing platform and related services (the "Services"). By using our Services, you consent to the practices described in this policy.
1. Information We Collect
We collect the following categories of personal information:
Account Information: When you register, we collect your name, email address, business name, job title, and password credentials. If you sign up through a team invitation, we also record the inviting organization.
Business Data: Information about your foodservice operation, including location details, shift schedules, food category configurations, and organizational structure.
Audit & Operational Data: Food waste measurements, guest counts, cost data, carbon footprint calculations, sourcing metrics, and other sustainability-related data you enter into the platform.
Usage Data: We automatically collect information about how you interact with our Services, including IP address, browser type, device information, pages visited, features used, and timestamps.
Communications: Records of your communications with our support team, feedback submissions, and survey responses.
2. How We Use Your Information
We use your personal information for the following purposes:
Service Delivery: To provide, maintain, and improve our food sustainability auditing platform, including generating reports, dashboards, analytics, and carbon footprint calculations.
Account Management: To create and manage your account, authenticate your identity, and process team invitations and role assignments.
Communication: To send you service notifications, security alerts, technical updates, and respond to your inquiries.
Analytics & Improvement: To analyze usage patterns, diagnose technical issues, and develop new features that better serve the foodservice and hospitality industry.
Legal Compliance: To comply with applicable laws, regulations, and legal processes, including Canadian privacy legislation.
We do not sell your personal information to third parties. We do not use your data for automated decision-making that produces legal effects concerning you.
3. Data Sharing & Disclosure
We may share your information in the following circumstances:
Within Your Organization: Audit data, reports, and analytics are shared with authorized members of your business account according to the role-based permissions you configure.
Service Providers: We engage trusted third-party providers for hosting (Microsoft Azure, Canada Central region), email delivery, payment processing, and customer support tools. These providers are contractually bound to protect your data and use it only as directed.
Aggregated & De-identified Data: We may use aggregated, anonymized data for industry benchmarking, sustainability research, and product improvement. This data cannot identify you or your business.
Legal Requirements: We may disclose information if required by law, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to continued privacy protections.
5. Data Retention
We retain your personal information for as long as your account is active or as needed to provide you with our Services. Specifically:
Account Data: Retained for the duration of your account plus 30 days after deletion to allow for recovery.
Audit & Operational Data: Retained for the duration of your subscription. Upon account termination, you may request an export of your data within 30 days.
Usage Logs: Retained for up to 12 months for security and performance analysis.
Backup Copies: Encrypted backups may persist for up to 90 days after data deletion from production systems.
You may request deletion of your personal data at any time by contacting us at info@bettertable.com.
6. Security Measures
We implement industry-standard technical and organizational measures to protect your personal information:
Encryption: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).
Access Control: Role-based access controls, multi-factor authentication support, and least-privilege principles govern access to data.
Infrastructure: Our Services are hosted on Microsoft Azure in the Canada Central region, which maintains SOC 2 Type II, ISO 27001, and other certifications.
Monitoring: Continuous security monitoring, intrusion detection, and regular vulnerability assessments.
Incident Response: We maintain a documented incident response plan and will notify affected users and applicable authorities promptly in the event of a data breach.
7. Your Privacy Rights
Under the Personal Information Protection and Electronic Documents Act (PIPEDA) and Quebec's Act Respecting the Protection of Personal Information in the Private Sector (Law 25), you have the following rights:
Right of Access: You may request a copy of the personal information we hold about you.
Right of Rectification: You may request correction of inaccurate or incomplete personal information.
Right of Deletion: You may request deletion of your personal information, subject to legal retention requirements.
Right to Withdraw Consent: You may withdraw your consent to the processing of your personal information at any time, though this may affect your ability to use our Services.
Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.
Right to File a Complaint: You may file a complaint with the Office of the Privacy Commissioner of Canada or the Commission d'accès à l'information du Québec.
To exercise any of these rights, please contact our Privacy Officer at info@bettertable.com. We will respond within 30 days.
8. Children's Privacy
Our Services are designed for business use and are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately and we will take steps to delete such information.
9. International Data Transfers
Your data is primarily stored and processed in Canada (Azure Canada Central region). In limited circumstances, data may be processed in other jurisdictions by our service providers. Where this occurs, we ensure appropriate safeguards are in place, including contractual protections consistent with Canadian privacy law.
We do not transfer personal information to jurisdictions that do not provide an adequate level of data protection without implementing appropriate safeguards.
10. Third-Party Links
Our Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party services you access through our platform.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting a notice on our platform or sending you an email at least 30 days before the changes take effect.
Your continued use of our Services after the effective date of a revised policy constitutes your acceptance of the changes.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
BetterTable Inc. 142-757 Hastings St W, Vancouver, BC V6C 1A1, Canada Email: info@bettertable.com
For complaints regarding our handling of your personal information, you may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or the Commission d'accès à l'information du Québec at www.cai.gouv.qc.ca.