Privacy Policy
Last updated: July 3, 2026
Food Truck OS ("we," "us") is a product of Dr. Hines Inc. ("Stronghold"). This policy explains what information we collect, how we use it, and the choices you have. It covers two groups: food truck owners who use our platform, and customers who order from a truck that uses our platform.
Information we collect
- Account information (owners): your name, business name, email, and password (passwords are stored hashed — we never see them in plain text).
- Order information (customers): the name, and optionally the phone number, you enter when placing an order, plus the items and amounts. Card payments are processed by Stripe or Square directly — we do not receive or store your full card number.
- Marketing opt-ins: if you choose to receive a truck's updates or our newsletter, we store your email and your opt-in.
- Usage & technical data: pages visited, and, if a truck enables Google Analytics, standard analytics data. We capture anonymous error reports (page, error message, browser type) to fix bugs.
- Approximate location: only if you tap "near me" / "locate me," and only to show nearby trucks. We do not track your location in the background.
How we use information
- To run the service: create sites, take and route orders, send receipts and order-ready notifications.
- To send email you asked for (a truck's updates, or our newsletter). Every marketing email includes a one-click unsubscribe, honored promptly, as required by the CAN-SPAM Act.
- To keep the service secure, prevent abuse, and fix problems.
How we share information
- With the truck you order from: your order details go to that truck's owner so they can prepare it.
- Service providers: Supabase (database/hosting), Netlify (web hosting), Stripe/Square (payments), and our email provider — each only receives what they need to perform their function.
- We do not sell your personal information.
- We may disclose information if required by law.
Your choices & rights
- Unsubscribe from any marketing email using the link in it.
- Request access to, correction of, or deletion of your personal information by emailing us (below). Depending on where you live (e.g. California/CCPA), you may have additional rights, which we honor.
- Owners can delete their account and associated data by contacting us.
Data retention & security
We keep information for as long as your account is active or as needed to provide the service and meet legal obligations. Access is protected by database row-level security and encrypted connections. No method of transmission is 100% secure, but we work to protect your information.
Children
The service is not directed to children under 13, and we do not knowingly collect their information.
Changes
We may update this policy; we'll revise the "last updated" date above and, for material changes, provide additional notice.
Contact
Questions or requests: johnathanhines@gmail.com — Dr. Hines Inc.
This template covers common U.S. requirements (CAN-SPAM, CCPA basics) for a small SaaS. Before large-scale launch or handling EU/UK visitors, have a lawyer review it and add GDPR terms if applicable.