This policy was last updated and takes effect on: January 17, 2023
This Privacy Notice describes how we, Presto Automation Inc. (“Presto”, “company”, “we”, “us”, and/or “our”), collect, process, and share your Personal Data (defined below) and your rights with respect to how we process your Personal Data.
Click on one of the links below to jump to the listed section:
This Privacy Notice applies to our “Service” which includes:
Please note, for certain Customers using our drive thru automation platform, we may use Automated License Plate Recognition Technologies (“ALPR Systems”). The ALPR Data section below applies to our use of this data collected through ALPR Systems.
Our Service and Platform allows restaurant guests (“Guest Users”) and restaurant staff (“Customer Users”) to interact, read restaurant menus, submit orders, pay, play games, and submit feedback to our restaurant and food service customers (our “Customers”).
This Privacy Notice only addresses how Presto processes Personal Data. This Privacy Notice does not describe how our Customers process Personal Data. Our Customers may process your Personal Data (including in connection with the use of our Platform) in ways that are not described in, or that are different from, the practices described in this Privacy Notice.
We may process the following categories of data that relate to identified or identifiable individuals (“Personal Data”):
|Identity Data:||Personal Data relating to an individual’s identity or representing that individual, such as your name, ID/driver’s license number, gender, date of birth, photo/avatar, username, persistent user identifiers/ID numbers, and biographical information.|
|Contact Data:||Personal Data used to contact an individual, e.g. email address(es), physical address(es), phone number(s), or usernames.|
|Transaction Data:||Personal Data we create in relation to orders you place, or similar transactions made through our Service, e.g. item description, price, quantity, or other description of the product/service purchased.|
|Payment Data:||Personal Data relating to payment accounts or services, e.g. a credit card or other payment account number, security code, authentication data, and other similar information you provide in connection with a payment transaction.|
|Device/Network Data:||Personal Data relating to use of a device, browser, or application e.g. IP addresses, MAC addresses, application ID/AdID/IDFA, identifiers from cookies, session navigation history, options clicked, navigation, timing, and similar browsing metadata, and other data generated through applications and browsers, including cookies and similar technologies.|
|Preference Data:||Personal Data inferred from personal characteristics and preferences, such as demographics, interests, behavioral patterns, psychological trends, predispositions, or behavior.|
|User Content:||Any Personal Data contained in a text box or other free-text field, such as when you email or contact us, including any content of a comment, review, or message.|
|Visit Data:||Any Personal Data related to your drive-thru visits such as how many times you have visited a location, your verbal order through the drive thru to be contextualized for the voice AI system to respond, how much time you spent waiting vs. ordering, as well extrapolated information about what vehicle you may have used, including such data derived from the use of ALPR systems.|
|Voice Data:||Where our Voice product is used by the Customer, your voice in placing orders may be recorded and then stored by us. Our Voice product is a proprietary speech recognition, automation intelligence (AI)-based product and we use such recordings to improve our product’s ability to recognize speech and better take Customer orders.|
We collect Personal Data in various ways, which vary depending on the context in which we process that Personal Data, including:
|Data you provide to us:||You may provide us or our Customers with Personal Data directly. We collect Identity Data, Payment Data, Transaction Data, Contact Data, and User Content when you submit it through our Service, for example, as part of account registration or when you conduct a transaction, and Visit Data may be collected when you place an order at a Customer premises where Voice technology is used.|
|Data we create or infer:||We or our Customers (or third parties operating on our behalf) create and infer Personal Data such as Preference Data or Aggregate Data based on our observations or analysis of other Personal Data processed under this Privacy Notice, and we may correlate this data with other data we process about you.|
|Customers:||We may receive Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, Preference Data, and User Content from third parties with whom we or a Customer have a relationship. For example, we may receive certain Personal Data when you interact with certain cookies, tablets and similar technologies, or when you use our third-party payment processing tools.|
|Data Aggregators:||We may receive Identity Data, Device/Network Data, Preference Data, Contact Data from data aggregators and other parties that provide us with data about you that helps us provide products or services better targeted to you.|
When you use the Platform, we may process your Personal Data:
When you use the Corporate Site, we may process your Personal Data in the following contexts, as well as for the processing purposes (described below) that are applicable to our Service generally.
Subject to Users’ Rights and Choices, we use this data as follows:
We process Personal Data for numerous business and commercial purposes, including:
We process any Personal Data as is necessary to provide our Service, authenticate users and their rights to access the Service, the Platform version, or various data, features, or functionality, and as otherwise necessary to fulfill our contractual obligations to you, and provide you with the information, features, and services you request.
We may use Personal Data we process through our Service as necessary in connection with our business interests in improving the design of our Service, for customer service purposes, in connection with logs and metadata relating to Service use, and for ensuring the security and stability of the Service. Additionally, we may use this data to understand what parts of our Service are most relevant to Users, how Users interact with various aspects of our Service, how our Service performs or fails to perform, etc., or we may analyze use of the Service to determine if there are specific activities that might indicate an information security risk to the Service, our Users or our Customers. We may also use this information in connection with the provision of new features, products, and analytics tools to be used by other Customers. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We may use automated processing in relation to our Users’ use of the Platform. For Guest Users, automated processing may determine suggestions for items you may want to order, offers or promotions you may be interested in, ordering/payment methods, or for other similar matters. For Customer Users, we use automated processing on behalf of the Customer to help determine priorities for guest service, to analyze hours worked and availability, determine server performance, average check size, Guest count, and other similar information.
We use Personal Data processed through our Platform to create aggregate analytics relating to Platform Use. For example, we use Guest Users’ Personal Data to create aggregate analytics relating to trends in how Guests interact with our Customers, such as food and drink orders, product choices, preferences, spending habits, time of day, or other similar information. Additionally, we may use Customer Users information to create aggregate data regarding staff efficiency, hours worked, service performance, Guest satisfaction, availability, etc. Platform Analytics will not contain information from which an individual may be individually identified, but may be combined with information used in automated processing or advertising. These analytics may be made available to our Customers individually, in the case of Customer User analytics, and to all Customers, in the case of Guest User analytics. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We process Personal Data in connection with our legitimate business interest in personalizing the Platform. For example, the Service may be customized to you so that it displays your name, reflects service preferences, to suggest orders, or to display items that you have ordered or interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Platform, or Customers. This processing may involve the creation and use of Preference Data relating to your preferences. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
We use Personal Data processed through our Service in connection with our, and with our Customers’ marketing communications. You may opt-in to these communications, or consistent with our legitimate business interests, we may send you marketing and promotional communications if you communicate with us about our Service, register for an account, or where otherwise permitted by law. We may also process Device/Network Data and Contact Data when you interact with our communications in connection with our interest in understanding communication response and open rates. This processing is subject to Users’ rights and choices applicable to processing performed in accordance with our legitimate business interests.
Please note: on occasion, third parties unaffiliated with us may conduct marketing campaigns using our devices where they offer incentives, as inducements to enroll in their programs, complete surveys or take other actions. In such cases, requests directed to us to opt out of further communications will not be effective, as we have no control over the activities of such third parties.
With your consent or where otherwise permitted by law, we may deliver advertising through our Platform, though we do not currently buy or sell advertising at present.
Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Data for purposes determined to be in the public interest, required by law, or as necessary in connection with the establishment or defense of our legal rights. For example, we may process information as necessary to fulfill our legal obligations, to protect the vital interests of any individuals, to establish claims for violations of applicable contracts, for authorized medical or public health purposes, or as otherwise in the public interest or required by a public authority. Please see the data sharing section for more information about how we disclose Personal Data in extraordinary circumstances.
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We may share Personal Data with the following categories of recipients:
|Customers:||We process data on behalf of Customers and may share your Personal Data with Customers to the extent such information was provided to us for processing on the Customer’s behalf, subject to the data sharing choices and configurations made by the Customer. Personal Data provided by a Customer User or processed on the Customer’s behalf may be disclosed to Customers, including: Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, Preference Data, and User Content.|
|Service Providers:||In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other legitimate business interests or other business purposes, we may share your Personal Data with service providers or subprocessors who provide certain services or process data on our behalf. For example, we may use cloud-based hosting providers to host our Service or may disclose information as part of our own internal operations, such as security operations, internal analytics, product development, etc.) We may disclose Identity Data, Contact Data, Transaction Data, Payment Data, Device/Network Data, Preference Data, and User Content to Service Providers.|
|Data Aggregators:||In connection with our marketing operations, and subject to Users’ rights and choices, we may share certain Personal Data to data aggregators, solely to help better personalize our Services to better provide Services to you. We do not sell Personal Data to anyone.|
|Affiliates:||We may share your Personal Data with any of our current or future affiliated entities, subsidiaries, and parent companies, for example, in order to streamline certain business operations, develop products and services that better meet the interests and needs of our customers, or to improve the quality and delivery of our Service.|
|Successors:||Your Personal Data may be shared if we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Data may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.|
To the extent required under applicable law, and subject to our rights to refuse requests under applicable law, you may have the following rights in your Personal Data.
Know/Access: You may have a right to know what information we collect, use, disclose, or sell, and you may have the right to receive a list of that Personal Data and a list of the third parties (or categories of third parties) with whom we have received or shared Personal Data, to the extent required and permitted by law. You may be able to access some of the Personal Data we hold about you directly through the account settings menu.
Rectification: You may correct any Personal Data that we hold about you to the extent required and permitted by law. You may be able to make changes to much of the information you provided to us using the account settings menu.
Delete: To the extent required by applicable law, you may request that we delete your Personal Data from our systems. We may delete your data entirely, or we may anonymize or aggregate your information such that it no longer reasonably identifies you.
Data Portability: To the extent required by applicable law, we will send you a copy of your Personal Data in a common portable format of our choice.
Regulator Contact: You may have the right to contact or file a complaint with regulators or supervisory authorities about our processing of Personal Data. To do so, please contact your local data protection or consumer protection authority.
Note: In some cases, Presto acts on its Customers’ behalf when processing Personal Data. In those cases, we may notify Customers of your rights request, however, we may be unable to directly fulfill rights requests regarding Personal Data unless we are in control of how that data is processed or have the necessary rights of access. Presto may not have access to or control over all or some Personal Data controlled by Customers. Please contact the Customer directly for data rights requests regarding Customer-controlled information, and we will assist the Customer as necessary to complete your request.
As a California resident, you have the right to request any of the following information from us regarding personal information collected about you:
We will provide this information free of charge up to two (2) times in any twelve (12) month period within 45 days of receiving your verifiable request (including verification of your identity), subject to delays and exclusions permitted by law. Specific personal information about you or your account that is categorized as sensitive or confidential may be redacted.
We will honor requests that we correct or delete any personal information that we have collected about you. We will honor this request subject to the range of exclusions permitted by law. For example, we are not required to delete personal information if it is necessary to complete a transaction or reasonably used for an ongoing business relationship or if it is used internally in a lawful manner that is compatible with the context in which the consumer provided the information. You may opt out of the sharing or selling of your personal information to third parties by clicking on “Do Not Share My Data”. We do not sell your personal information to third parties. We will not discriminate against you if you choose to exercise any of these rights.
You may exercise the rights described above by contacting us directly using our “Contact Us” details below or via our website.
It is possible for you to use portions of our Service without providing any Personal Data, but you may not be able to access certain features or view certain content. To the extent required under applicable law, and subject to our rights under applicable law, you have choices regarding the Personal Data we process.
Consent: If you consent to processing, you may withdraw your consent at any time, to the extent required by law.
Direct Marketing: You have the choice to opt-out of or withdraw your consent to processing related to direct marketing communications. You may have a legal right not to receive such messages in certain circumstances, in which case, you will only receive direct marketing communications if you consent. You may exercise your choices via the links in our communications or by contacting us re: direct marketing using the information below. To opt-out of the collection of information relating to email opens, configure your email so that it does not load images in our emails.
Data Sale: We do not sell your Personal Data.
Other Processing: You may have the right under applicable law to object to our processing of your Personal Data that we undertake without your consent as in connection with our legitimate business interests. You may do so by Contact Us re: data rights requests. Note that we may not be required to cease, or limit processing based solely on that objection, and we may continue processing cases where our interests in processing are balanced against individuals’ privacy interests.
Note: Presto processes Personal Data primarily on behalf of its Customers. Some choices may be available only to certain Customers and Users, and your choices may be limited based on a Customers’ specifications and requirements.
We retain Personal Data that is not Voice Data only to provide the Services to our Customers and Users. We may de-identify or anonymize data and such data may be held for longer periods, solely for use in improving our products. For Voice data, we may retain voice recordings for up to two years for the sole purpose of improving speech recognition technology and training Presto speech recognition models, algorithms, systems, and human-assisted monitoring, after which we destroy all such data.
At some of our locations, license plate information may be collected upon arrival by Automatic License Plate Readers (ALPRs). This data may be used for all or any of the following purposes:
All access to, and retention of, ALPR data shall be managed by Presto’s VP of IT & Information Security or designee. Presto’s Chief Privacy Officer shall be responsible for the monitoring of our ALPR system to ensure the security of the information and compliance with applicable privacy laws. Presto’s VP of IT & Information Security or designee shall also be responsible for the correction of data errors of which they become aware. Presto’s Presto’s Chief Privacy Officer and VP of IT & Information Security, or their designee(s), shall ensure that only authorized personnel with a legitimate business need shall be granted access to ALPR data.
All personnel with access to ALPR data shall undergo training on proper use and handling of ALPR data in order to safeguard customer privacy and comply with applicable laws. Presto’s Chief Privacy Officer or designee shall be responsible for the development and implementation of training requirements for all authorized personnel. Such training shall include [annual reviews with regard to the proper handling of personal information].
Presto’s VP of IT & Information Security or their designee will monitor querying activity via electronic logs to ensure searches are tied to legitimate transactions and other business needs described in this Privacy Notice.
The sale and unauthorized dissemination of customer license plate information is strictly prohibited by company policy. Violations will include disciplinary action up to and including termination of employment. License plate information collected using the ALPR system will remain on file for a period of two years and shall be automatically purged from the ALPR system upon the expiration of this period unless recollected during this period.
Our Service is intended for use by Customers and Users, and is neither directed at nor intended for direct use by individuals under the age of 16. Do not access or use the Service if you are not of the age of majority in your jurisdiction.
We operate and use service providers located in the United States. If you are located outside the U.S., your Personal Data may be transferred to the U.S. The U.S. may not provide the same legal protections of Personal Data as your home country. If you are a resident of the European Union, your Personal Data may be transferred to the U.S. pursuant to the E.U.-U.S. Standard Contractual Clauses in place with our Customers, or other adequacy mechanisms, or pursuant to exemptions provided under EU law.
We may update this Privacy Notice periodically and without prior notice to you to reflect changes in our personal information practices. Changes will be posted on this page with the effective date. Please visit this page regularly so that you are aware of our latest updates. Your acknowledgement of these changes, or use of the Service following notice of any changes (as applicable) indicates your acceptance of any changes.
Feel free to contact us with questions or concerns using the appropriate address below.
|Physical address:||Presto Automation Inc.|
Attention: Chief Privacy Officer
985 Industrial Rd. Suite 205
San Carlos, CA 94070
|Via our website||www.presto.com|