Privacy Policy

Last updated: July 12, 2026

This Privacy Policy describes how Sous LLC ("Sous," "we," "us") collects, uses, and shares information in connection with the Sous application and related services (the "Service"). Sous is a restaurant operations product that consolidates an operator's point-of-sale, labor, and accounting data into a single dashboard, with an AI assistant layered on top.

1. Who this policy covers

Sous is a business-to-business product used by restaurant operators and their staff. Data in the Service is organized by tenant (a restaurant business). This policy applies to account holders and authorized users of a tenant. The Service is not intended for consumers or for anyone under 18.

2. Information we collect

3. How we use information

We use the information above to operate the Service: to display your business metrics, to power the Sous AI assistant, to refresh your data from connected systems, and to secure and support the Service. We do not use your business data for advertising, and we do not sell it.

4. AI processing

The Sous AI assistant answers questions about your business in plain language. When you use it, your messages and the specific business data needed to answer them are sent to third-party AI model providers — Anthropic, OpenAI, and Google (Vertex AI) — which generate responses on our behalf. We access these providers through their commercial APIs, under terms that state customer data submitted through the API is not used to train their models (this differs from those providers' consumer apps); a provider may retain API data briefly to monitor for abuse. The assistant's access to your data is constrained by tenant-isolation controls (a restricted, read-only database role, row-level security scoped to your tenant, query validation, and an audit log) so it can only reach your own tenant's data.

5. Where data is stored and who processes it

Sous runs on Google Cloud Platform (Cloud Run, Cloud SQL / PostgreSQL, and Secret Manager) in the United States. Your business data is cached in our PostgreSQL database for fast dashboard access and refreshed periodically from the source systems. Integration credentials are encrypted at rest. We use the following subprocessors:

6. How we share information

We do not sell, rent, or trade your data. We share it only with the subprocessors listed above, strictly to operate the Service and only to the extent needed. Data also flows between Sous and the third-party integrations you connect (Toast, 7Shifts, QuickBooks) using their official APIs. We may disclose information if required by law.

7. Security

We use reasonable technical and organizational measures to protect your data, including HTTPS encryption in transit, encryption at rest for integration credentials, OAuth 2.0 for third-party connections, and tenant-scoped access controls. No method of transmission or storage is completely secure, but we work to protect your information.

8. Data retention and deletion

We retain your business data while your account is active. You can disconnect any integration at any time from Settings → Integrations, which stops further data collection from that source. To request deletion of your account and associated data, contact us at privacy@mysous.ai.

9. Your rights and choices

Depending on where you live, you may have rights over your personal information — including, for California residents under the CCPA/CPRA, the right to know what personal information we collect, to access or delete it, to correct it, and to receive a copy. To exercise any of these, email privacy@mysous.ai; we will verify your request and respond as required by law, and we will not discriminate against you for exercising your rights.

We do not sell or "share" your personal information as those terms are defined under the CCPA/CPRA, and we have not done so in the preceding 12 months.

Our role. For the business data you connect (Toast, 7Shifts, QuickBooks) — including the employee information within it — your organization is the controller/business and Sous acts as its service provider/processor, handling that data only to provide the Service. If you are an employee of one of our customers, please direct requests to your employer, who controls that data; we will help them respond. A Data Processing Addendum is available on request at privacy@mysous.ai.

10. Third-party services

Your use of connected services and subprocessors is also governed by their own privacy policies:

11. Children's privacy

The Service is not intended for individuals under the age of 18, and we do not knowingly collect personal information from children.

12. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be reflected by the "Last updated" date above.

13. Contact

For questions about this Privacy Policy or to make a data request, contact: privacy@mysous.ai.