BasilBookBasilBook

Privacy Policy

Effective date: March 19, 2026 · Last updated: March 19, 2026

BasilBook (“we”, “us”, or “our”) operates the BasilBook web application and mobile application (collectively, the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

1. Information We Collect

1.1 Information You Provide

  • Account information: name, email address, and password when you create an account.
  • Organization data: restaurant name, business type, country, currency, and timezone.
  • Operational data: purchases, inventory items, recipes, sales transactions, waste records, stock counts, journal entries, and reconciliation sessions you enter into the Service.
  • Payment information: processed by our third-party payment provider (Paddle). We do not store credit card numbers.

1.2 Information Collected Automatically

  • Device and usage data: IP address, browser type, operating system, device identifiers, pages visited, and timestamps.
  • Cookies: session cookies for authentication. We do not use advertising or tracking cookies.

1.3 Third-Party Authentication

If you sign in using Apple, Google, or GitHub, we receive your name, email address, and profile image from that provider. We do not receive or store your password from these providers.

2. How We Use Your Information

  • Provide, maintain, and improve the Service.
  • Authenticate your identity and manage your account.
  • Process transactions and send related information (invoices, receipts).
  • Generate accounting reports and operational analytics for your organization.
  • Send administrative communications (security alerts, service updates).
  • Respond to support requests.
  • Detect, prevent, and address fraud or technical issues.

3. Data Sharing

We do not sell your personal data. We may share information with:

  • Service providers: hosting (Vercel), database (managed PostgreSQL), payment processing (Paddle), and email delivery, solely to operate the Service.
  • Legal obligations: if required by law, regulation, or legal process.
  • Business transfers: in connection with a merger, acquisition, or sale of assets, with notice to you.

4. Data Retention

We retain your account data for as long as your account is active. Operational data (purchases, sales, journal entries) is retained as required for accounting purposes. You may request deletion of your account and associated data by contacting us. Financial records may be retained as required by applicable law.

5. Data Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit (TLS), encryption at rest for sensitive fields, secure session management (HTTP-only cookies, JWT), and regular security reviews.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion of your data.
  • Export your data in a machine-readable format.
  • Withdraw consent for optional data processing.

7. International Transfers

Your data may be processed in countries other than your own. We ensure appropriate safeguards are in place for any international data transfers.

8. Children's Privacy

The Service is not intended for individuals under 16 years of age. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date.

10. Contact Us

If you have questions about this Privacy Policy, please contact us at privacy@basilbook.com.