APRON DESK
FeaturesPricingContactSign inStart free
Legal

Privacy Policy

Last updated: April 17, 2026

The short version

  • You own your data. We never sell it.
  • We use your data only to operate Apron Desk for you.
  • We log access for security and support.
  • You can export or delete your data at any time.
  • We use a small set of standard sub-processors for hosting, payments, email, SMS, AI, and maps (described below in plain language).
  • Email us at privacy@aprondesk.com for anything privacy-related.

1. What we collect

Account information.Your name, email address, and authentication tokens. We never see your password — magic-link sign-in means there isn't one.

Business data you upload. Contacts, events, proposals, invoices, menu items, vendors, staff records, file attachments, and everything else you put into Apron Desk. This is your data.

Usage logs. IP address, browser, the actions you take in the app, and timestamps. Used for security audit log, debugging, and product improvement.

Payment information. Handled by our payment processor. We store only the last 4 digits of your card and a customer reference ID — never the full card number.

Communications. Emails you send through Apron Desk are stored in your audit log so you can see what went out and to whom.

2. How we use it

  • To provide the Service (run your calendar, send proposals, etc.)
  • To bill you correctly
  • To respond to support tickets
  • To send transactional emails (magic links, receipts, alerts)
  • To investigate security incidents
  • To improve the product (in aggregate, never selling identifiable data)

We do not use your business data to train AI models.

3. Maître AI

When you use Maître (our AI team member), your prompts and the relevant context from your data are sent to our AI infrastructure provider. That provider does not use your data to train their models (per their commercial terms).

Conversation history is stored in your account so Maître has memory across sessions. You can delete it from Settings.

4. Sub-processors

We rely on a small number of audited third-party services to run Apron Desk:

  • Application hosting — serves the website to your browser
  • Database hosting — stores your account data, sign-in, and uploaded files
  • Payment processing — accepts deposits and payouts
  • Outbound email — sends transactional and customer-facing email
  • SMS service — sends text reminders to staff (if you enable it)
  • AI infrastructure — powers Maître's responses
  • Maps — calendar map view and dispatch routing
  • E-signature — legally binding contract signing (if you enable it)
  • Accounting sync — push invoices to your accounting tool (if you enable it)
  • Marketing list export — push contacts to your email-marketing tool (if you enable it)

We do not publish the specific vendor names in this policy because the underlying providers may change without notice. Email privacy@aprondesk.com if you need the current list for compliance review.

5. Sharing

We don't sell your data. We share it only:

  • With sub-processors above, to operate the Service
  • With your team members you've invited
  • With your clients via the portal links you share
  • If required by law (subpoena, court order)
  • In a business transaction (acquisition) — you'll be notified first

6. Your rights

You can:

  • Export all your data as CSV from Settings
  • Permanently delete your account from Settings → Plan → Cancel
  • Request access to or correction of your personal data
  • Object to processing or request a portable copy (GDPR Article 20)

Email privacy@aprondesk.com for any of these requests. We respond within 30 days.

California residents have additional rights under the CCPA, including the right to know what we've collected and the right to opt out of any sale (we don't sell).

7. Security

All data is encrypted at rest and in transit (TLS 1.3). Access to production data is limited to a small set of platform administrators and logged in the admin audit trail.

We strongly recommend you use a unique email and modern device for accessing Apron Desk. Magic-link authentication eliminates password risk but session tokens still need to be protected.

8. Data retention

We keep your business data while your account is active. After cancellation we retain it for 90 days for re-subscription, then permanently delete it (except where we're legally required to retain — e.g. payment records for tax compliance).

Audit logs are retained for 12 months.

9. International users

We're based in the United States and our infrastructure runs in US-East (Virginia). If you're in the EU, UK, or another jurisdiction, your data is transferred to and processed in the United States. We rely on Standard Contractual Clauses (SCCs) for these transfers.

10. Children

Apron Desk is not for children. We do not knowingly collect data from anyone under 16. If you believe a child has signed up, email us and we'll delete their account.

11. Changes to this policy

We'll post material changes here and email you at least 14 days before they take effect.

12. Contact

Privacy questions: privacy@aprondesk.com
Anything else: hello@aprondesk.com or visit our contact page.

APRON DESK

The operating system for caterers.

Product
  • All features
  • Maître AI
  • Custom features
  • Pricing
  • Sign in
Company
  • Contact
  • hello@aprondesk.com
Legal
  • Terms of Service
  • Privacy Policy
© 2026 Apron Desk. All rights reserved.·A Mitryxa productMade for people who feed people.