Effective Date: September 26, 2018
Last Updated: March 24, 2026
KnightCode LLC ("us", "we", or "our") operates the OrderFlow website and the OrderFlow application (the "Service").
This Privacy & Cookie Policy describes the policies and procedures that govern the collection, use, and disclosure of your information while using the Service as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing.
We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy & Cookie Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.
The Service is intended for users who are 13 years of age or older. By using the Service, you represent that you are at least 13 years old. If you are under 13, you must not use the Service. If we become aware that a user under the age of 13 has provided us with Personal Data, we will take steps to delete that information from our systems promptly.
If you have any questions or objections about our practices or this Privacy & Cookie Policy, please contact us by email:privacy@orderflowapp.co
You have the right under applicable laws and this Privacy & Cookie Policy to the following:
In most cases, the Service provide the necessary controls for you to create, modify, and delete the information you submit to our systems. Functionality is provided to export your data and erase your account from our systems.
To raise objections to any processing we conduct of your Personal Data, please contact us by email:privacy@orderflowapp.co
The Data Controller for your Personal Data is Dylan Knight, currently the sole proprietor and chief architect of the Service located in New York City.
The categories of data we collect are as follows:
While using the Service, you may find prompts to provide certain personally identifiable information that can be used to contact or identify you. Personally identifiable information includes, but is not limited to:
These prompts arevoluntary. Abstaining from providing this information will not inhibit or diminish your use of the Service.
However, should you inquire about the Personal Data we store about you, we require the means to authenticate your identity and associate you with the information we store about you. While you may remain entirely anonymous using the Service, it may not be possible to later identify your information within our database should you contact us outside of the Service.
We collect and process Identity Data on the basis of your consent, which you may withdraw at any time.
The Service collects and stores information regarding your business operations, which includes but is not limited to menu items, product catalogs, inventory data, order history, customer information, facility locations, pricing information, and operational settings.
This data is essential for the Service to function and provide order management, inventory tracking, and business analytics features. We collect and process Business Data on the basis of contractual necessity — it is the core purpose of the Service and cannot be withheld without impairing your use of it.
We may also collect information that your browser sends whenever you visit the Service or when you access the Service by or through a mobile device ("Usage Data").
This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of the Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.
When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
We collect and process Usage Data on the basis of our legitimate interest in understanding how the Service is used and improving its reliability and features.
The OrderFlow iOS ordering application and the OrderFill iOS kitchen display application are currently in production and operate on the same backend as the web Service. In addition to the data categories above, these applications may collect:
Additional mobile applications (OrderTake and OrderRun) are forthcoming and will operate under the same data practices described in this policy.
We use cookies and similar tracking technologies to track the activity on the Service and hold certain information. Our use of cookies is limited to those set by Google Analytics 4 for analytics purposes. We do not use advertising or third-party tracking cookies beyond this.
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of the Service.
We collect and process Tracking & Cookie Data on the basis of your consent, which you may withdraw at any time by adjusting your browser settings.
The primary purpose of the Service is the collection, storage, and management of your business operations data, including orders, menus, inventory, and customer information. We allow you to engage with this primary purpose while providing an amount of Identity Data with which you're most comfortable. Your Identity and Usage Data are used for the following purposes:
Moreover, your Tracking & Cookie Data are used to maintain a private and secure session between your device and our servers once we have authenticated you and your device.
Your Personal Data is used to conduct automated decision-making and profiling in several ways:
You have the right to restrict us from processing your Personal Data in this way, and the Service provides mechanisms to declare or effect such restrictions upon your data. You may configure your account settings to limit automated processing where available.
We take your faith in our security seriously and implement reasonable measures to maintain the security and privacy of your Personal Data.
We are extremely cautious about the third party software we bundle in the Service for your browser or device, limiting it to a minimal set of vendors with acceptable reputations and who actively maintain their products. However, we trust them to properly vet their own suppliers.
All transmissions over the Internet are conducted using modern encryption and up-to-date transport security standards.
Your data is stored on encrypted disk over which we maintain some reasonable authority.
Access to our production database is limited to the minimal number of people needed to maintain its function. Development efforts are performed on a separate set of data containing fictional information or the Personal Data of those individuals from whom we've obtained written permission to test features or address flaws upon their Personal Data.
Access may temporarily be granted to other individuals as the law requires or as is necessary to conduct security audits and assessments.
Backups of our database are similarly encrypted and stored on encrypted disk.
An access log is maintained that records the dates and times of grants to, requests for, and revocation of access to your Personal Data.
However, remember that no method of transmission over the Internet or method of electronic storage is 100% secure. As such, we cannot and the law cannot guarantee its absolute security.
In the event of a data breach that is likely to affect your Personal Data, we will notify affected users without undue delay. Where required by applicable law, we will also notify the relevant supervisory authority within the timeframes prescribed by law, including within 72 hours where required under GDPR.
The Service is operated exclusively in the United States. All Personal Data collected through the Service is stored and processed on servers located in the United States.
If you are located outside the United States, including within the European Economic Area, please be aware that your Personal Data will be transferred to, stored, and processed in the United States. Data protection laws in the United States may differ from those in your jurisdiction and may not provide the same level of protection.
By choosing to use the Service, you acknowledge that your Personal Data will be processed in the United States. If you have concerns about this transfer, please contact us at privacy@orderflowapp.co before using the Service.
We retain your Personal Data in perpetuity until you instruct the Service to purge it, for as long as is legally required, and for as long as we are able to maintain the Service.
Upon receiving an authenticated request to purge your Personal Data, the Service immediately removes all Personal Data from our systems. However, it may take up to 12 months before all backups no longer contain your Personal Data. Also, we are required to maintain our access logs for a period of six years.
OrderFlow may disclose your Personal Data in the good faith belief that such action is necessary to:
We may employ third party companies and individuals to facilitate the Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.
Google Analytics 4 is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy?hl=en
We use the following third-party payment processors to handle payment transactions on the Service: Adyen, Stripe, Authorize.net, Clover, and Core Cashless. These providers process payment card data on our behalf and are subject to PCI DSS compliance requirements. We do not store full payment card data on our systems.
For more information on their respective privacy practices, please consult each provider's privacy policy directly.
We use Amazon Web Services (AWS) for cloud infrastructure and hosting, including data storage and server operation. AWS also provides our transactional email delivery via AWS Simple Email Service (SES).
For more information on AWS privacy practices, please visit: https://aws.amazon.com/privacy/
We use Apple Push Notification Service (APNs) to deliver push notifications to users of our iOS applications (OrderFlow and OrderFill), as well as Safari web push notifications on Apple devices.
For more information on Apple's privacy practices, please visit: https://www.apple.com/legal/privacy/
We use Firebase Cloud Messaging (FCM), a service provided by Google, to deliver push notifications to users of our Android application and to web browsers that support web push notifications, such as Google Chrome and Microsoft Edge.
For more information on the privacy practices of Google and Firebase, please visit: https://policies.google.com/privacy?hl=en
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
To exercise any of these rights, please contact us at: privacy@orderflowapp.co
Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.
We reserve the right, in our sole discretion, to change, modify, add, or remove portions of this Policy & Cookie Policy at any time. Any changes or updates will be effective immediately upon posting to this page. You should review this Privacy & Cookie regularly for changes. You can determine if changes have been made by checking the Effective Date above. Your continued use of the Services following the posting of any changes to this Privacy & Cookie Policy means you consent to such changes.