Privacy Policy

OpenToServe ("we," "us," "our") operates a platform that connects on-demand shift workers with restaurants, cafés, and hospitality businesses. This policy explains how we collect, use, and protect your personal information.

From Workers:

• Name, email address, and phone number
• City and state of residence
• Professional skills, certifications, and experience level
• Commute preferences
• Profile photo and uploaded certification documents

From Businesses:

• Business name, owner/manager name, and contact information
• Business address and city
• Roles needed, staffing volume, and scheduling preferences
• POS system and equipment information
• Business logo

Automatically Collected:

• IP address and browser type (standard web server logs)
• Pages visited and actions taken within the platform
• Device information for security and fraud prevention

We use the information we collect to:

• Match workers with businesses — Your skills, location, and availability help us connect you with relevant shift opportunities.
• Determine city launch order — We measure worker and business density by city to decide where to launch next.
• Communicate with you — Notifications about shift availability, launch updates, and account activity.
• Verify identity and credentials — Ensuring workers hold valid certifications and businesses are legitimate.
• Improve the platform — Aggregated, anonymized data helps us understand usage patterns and improve our service.

• ❌ We never sell your personal data to third parties.
• ❌ We never share your phone number or email with other users unless you explicitly accept a shift or connection.
• ❌ We never use your data for unrelated advertising or marketing by third parties.
• ❌ We never store passwords in plain text — all credentials are securely hashed.

We share personal information only in these limited circumstances:

• Worker ↔ Business matching: When a worker accepts a shift, the business sees the worker's name, skills, and relevant certifications. The worker sees the business name, address, and shift details.
• Service providers: We use trusted third-party services for hosting (AWS), database (Supabase), and analytics. These providers are contractually bound to protect your data.
• Legal requirements: If required by law, subpoena, or court order.
• Safety: If we believe disclosure is necessary to protect the safety of our users or the public.

We take the security of your data seriously. Our measures include:

• All data transmitted over HTTPS (TLS 1.2+)
• Passwords hashed with bcrypt (never stored in plain text)
• Database access restricted by row-level security policies
• Secrets stored in AWS Secrets Manager (encrypted at rest)
• Regular security reviews and dependency updates

We retain your information for as long as your account is active or as needed to provide services. Pre-registration data is kept until you convert to a full account or request deletion. You may request deletion of your data at any time by contacting us.

You have the right to:

• Access — Request a copy of the personal data we hold about you.
• Correction — Update or correct inaccurate information via your profile or by contacting us.
• Deletion — Request that we delete your personal data. We will comply unless we have a legal obligation to retain it.
• Portability — Request your data in a machine-readable format.
• Opt-out — Unsubscribe from marketing communications at any time.

To exercise any of these rights, email us at privacy@opentoserve.com.

We use essential cookies for authentication and session management. We do not use third-party advertising or tracking cookies. No cookie consent banner is needed because we only use strictly necessary cookies.

OpenToServe is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from minors. If we discover we have collected data from a minor, we will delete it promptly.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify registered users via email and update the "Last updated" date at the top of this page.

If you have any questions about this Privacy Policy, contact us at:

• 📧 privacy@opentoserve.com