Privacy Policy

Last updated: 2026-05-21 · Effective: 2026-05-21

Draft v3. This policy is a working draft. It reflects our actual practices and is binding for purchases made today, but a Canadian privacy lawyer review is planned before scaling. We'll re-publish if anything material changes and notify all customers by email.

Page for Plate ("we", "us", "the Company") respects your privacy and is committed to handling personal information in accordance with Canadian privacy law, including the federal Personal Information Protection and Electronic Documents Act (PIPEDA) and the British Columbia Personal Information Protection Act (PIPA). This policy explains what we collect, why, who we share it with, and your rights.

1. Information we collect

From restaurants we contact via postcard

Before you sign up, we may have built a preview website for your restaurant and mailed you a postcard inviting you to claim it. To do this, we collect publicly available information about your business:

Restaurant name, address, phone number
Public reviews and ratings
Photos uploaded to Google Maps
Menu items pulled from your existing website (if any)
Hours of operation

This information comes from Google Places, public review sites, and your own website. We do not collect personal information about individual employees, customers, or owners during this stage.

When you visit our website

Visitor analytics via Cloudflare's edge analytics — this is privacy-preserving and does not use cookies, fingerprinting, or unique identifiers. We see aggregate counts of pageviews per country and per page, but cannot identify individual visitors.
QR scan tracking. When you scan a QR code on a Page for Plate postcard, the resulting visit is counted in Cloudflare's aggregate analytics. We can see that someone scanned a particular postcard, but not who.

When you subscribe

Payment information — handled directly by Stripe Inc. We do not see or store your credit card number. We receive only: your name, email, billing address, and a Stripe customer/subscription identifier.
Account information — email address, restaurant name, slug, and chosen plan.
Customizations you provide — menu items, hours, photos, logo, social-media links, and any text or imagery you ask us to put on your site.

When you use the self-service editor

Your editor lives at edit.pageforplate.com on a subdomain we operate via Google Cloud Run. Use of the editor involves the following collection:

Sign-in by magic link. When you enter your email, we check it against the email Stripe gave us at checkout. If they match, we generate a single-use token, store it hashed in a SQLite database, and email you a sign-in link via Resend (our email provider). Tokens expire after 15 minutes.
Session cookie. Clicking your magic link sets an HTTP-only, slug-scoped session cookie so you stay signed in. The cookie value is opaque and stored hashed at rest.
Edit requests. When you type or upload a change ("change Thursday hours to 5–10pm", "add a $14 ramen", a new photo), the text of your request is sent to our AI provider (Anthropic, PBC) to parse it into a structured edit. The edit is then validated against a strict whitelist and applied to your site. Photo files you upload are stored on our hosting infrastructure and served only from your site.
Audit log. We keep an append-only log of every editor request and the resulting edit (the natural-language input, the structured plan, success/failure) for quality monitoring, debugging, and dispute resolution.

For initial site copy

Before launch, taglines and About sections may be drafted by sending the publicly available restaurant information we have collected (name, cuisine, address, hours, menu items) to Anthropic for content generation. You approve the draft before it goes live.

Retention for AI-related data

We retain editor requests, generated site copy, and the audit log for up to 90 days, then delete them. Anthropic may separately retain API inputs for up to 30 days for abuse monitoring before deletion, per their data handling policies.

2. Why we collect it (purposes)

To build and host your custom website
To bill you accurately, send receipts, and handle subscription changes
To provide visitor analytics so you understand your traffic
To authenticate you to your owner editor using the email Stripe gave us at checkout
To operate the AI-assisted editor and apply edits you submit
To draft initial site copy with AI before launch
For Full Plate subscribers, to manage your Google Business Profile and reputation
To contact you about service changes, outages, and support requests
To comply with our legal obligations (tax records, etc.)

3. Who we share it with (third parties)

We use the following third-party processors to operate the Service. Each receives only the information necessary for the function listed.

Stripe Inc. — payment processing. Stores your billing information directly; we receive only customer/subscription identifiers and metadata. Stripe data may be processed in the United States.
Cloudflare, Inc. — website hosting and edge analytics. Cloudflare may process traffic data internationally; the privacy-preserving analytics do not identify individual visitors.
Airtable, Inc. — our internal CRM. Stores your restaurant info, contact details, and subscription status. Data is stored in the United States.
Anthropic, PBC — AI provider used to (a) parse your plain-English editor requests into structured edits, and (b) draft initial site copy from publicly available restaurant information. Receives the request text and your restaurant metadata; does not receive payment data.
Resend — transactional email provider used to deliver editor sign-in magic links and operational notices. Receives your email address and the contents of the email we send to you.
Google Cloud (Cloud Run) — hosts the owner editor at edit.pageforplate.com. Processes traffic to that subdomain in US-based data centres.
Google LLC — we use Google Places API for restaurant data and, for Full Plate subscribers, Google Business Profile API to manage your listing.
PostGrid and Lob — print-and-mail providers for our postcard outreach.

We do not sell, rent, or trade personal information.

4. International data transfers

Some of our processors (Stripe, Cloudflare, Airtable, Anthropic) store or process data in the United States or other jurisdictions outside Canada. By using the Service, you understand and consent to this cross-border transfer. We require all processors to meet privacy standards comparable to Canadian law and have contractual data protection agreements with each.

5. Retention

Lead information (pre-subscription): retained for up to 24 months from collection, then deleted.
Subscriber information: retained for the duration of the subscription plus 7 years for tax/accounting purposes, then deleted.
Editor requests, audit log, and AI site-copy drafts: retained by us for up to 90 days, then deleted. Anthropic may separately retain API inputs for up to 30 days, per their policies.
Editor magic-link tokens: 15 minutes (single-use).
Editor session cookies: 30 days, sliding window; revoked on sign-out or password-equivalent reset.
Owner-uploaded photos: retained for the life of your subscription plus 30 days after cancellation, then deleted unless you have requested an HTML export.
Visitor analytics (aggregate, non-identifying): retained up to 6 months in Cloudflare per their default retention.

6. Your rights

Under PIPEDA and BC PIPA, you have the right to:

Know what personal information we hold about you
Request access to that information
Request correction of inaccurate information
Withdraw consent for further use (this may end the Service)
File a complaint with our Privacy Officer (below)
File a complaint with the Office of the Privacy Commissioner of Canada or the Office of the Information and Privacy Commissioner for BC

To exercise any of these rights, email support@pageforplate.com. We will respond within 30 days.

7. Security and breach notification

We use industry-standard safeguards: encrypted connections (TLS) for all data in transit, encrypted storage with our processors, and access controls limiting who can see your data. No system is perfectly secure; we make reasonable efforts in proportion to the sensitivity of the data.

If we detect a breach of security safeguards that creates a real risk of significant harm to you, we will notify you and the Office of the Privacy Commissioner of Canada as soon as feasible, as required by PIPEDA. We will also notify the BC Office of the Information and Privacy Commissioner where appropriate.

8. Cookies & tracking

The marketing site at pageforplate.com does not use cookies or tracking pixels. Your subscriber site (e.g. {your-restaurant}.pageforplate.com) does not use cookies by default; if you enable third-party tools (e.g. Meta Pixel) on your site, separate disclosure on your site will be required.

The owner editor at edit.pageforplate.com uses a single HTTP-only, slug-scoped session cookie (pfp_session) so you stay signed in. The cookie value is opaque and stored hashed at rest. No third-party cookies or trackers are set.

Stripe may set cookies on the Stripe-hosted Checkout page during payment; that is governed by Stripe's privacy policy.

9. Children

The Service is sold to businesses, not consumers, and is not directed at children. We do not knowingly collect personal information from anyone under 16.

10. Changes to this policy

We may update this policy. The "Last updated" date at the top reflects the most recent change. For material changes affecting subscribers, we will notify you by email at least 14 days before the change.

11. Privacy Officer & contact

Our Privacy Officer can be reached at:
Email: support@pageforplate.com
Subject line: "Privacy request"
Postal: Page for Plate, Burnaby, British Columbia, Canada