Your data, straightforward.

1. Who we are

This Privacy Policy applies to the website at 86ops.ai (the "Site"), operated by 86ops ("we", "us", "our"). We are based in Toronto, Ontario, Canada. If you are a customer using our hosted restaurant-operations platform, a separate and more detailed privacy and security notice applies to that application and is provided to customers at sign-on.

2. What we collect

We only collect information you choose to give us, plus standard technical data that any website sees when a browser makes a request.

2.1 Information you provide through the consultation form

When you submit the form at /consultation/, we collect:

• Required: your name, work email, phone number, and restaurant or company name.
• Optional: number of locations, revenue band, employee band, current POS system, a free-text description of what you are trying to solve, and how you heard about us.
• Submission metadata: the IP address of the device that submitted the form, the browser's user-agent string, the page the submission came from, and the timestamp. This is used to detect fraud and spam, not for marketing.

We do not sell this information. We use it to reply to your request, prepare for an introductory call, and record the fact that you contacted us.

2.2 Information collected automatically

Like most websites, our hosting provider and analytics tool collect a small amount of technical information automatically:

• Cloudflare (our hosting and CDN provider) logs request-level information such as IP address, approximate geographic region, browser, referrer, and timing data. This is standard web-server logging and is used for performance, security, and abuse prevention.
• Google Analytics 4 records anonymized usage — which pages are viewed, how long the visit lasts, approximate location (country/region), device type, and a random Google-issued identifier. IP addresses are truncated by Google before storage. We do not attempt to re-identify visitors.
• Cloudflare Turnstile is a privacy-preserving alternative to traditional CAPTCHAs. It runs on the consultation form to tell humans from bots and may set a short-lived cookie during that challenge.

2.3 What we do not collect

We do not use third-party tracking pixels, behavioural ad networks, or cross-site identifiers on this marketing site. We do not buy or append outside data about you. We do not collect sensitive personal information such as health, financial account numbers, or government identifiers.

3. Why we use it

We use the information described above for the following purposes, and no others:

• To respond to your consultation request and prepare for our conversation.
• To maintain, secure, and improve the Site.
• To understand, in aggregate, which content is useful and which is not, so we can make the Site better.
• To comply with applicable law and respond to lawful requests from authorities.

We will never send you unsolicited marketing blasts. If you reach out for a consultation and we follow up by email, that is a direct reply, not a marketing campaign.

4. Who we share it with

We share information only with service providers we depend on to run the Site. They are bound by contract to use data only for the services they provide to us.

• Cloudflare, Inc. — hosting, CDN, DDoS protection, Pages Functions runtime, Turnstile anti-bot.
• Resend — sends the consultation form notification email to us. Your submission is passed to Resend's API so they can deliver the email; they do not use it for any other purpose.
• Google LLC (Google Analytics) — anonymized usage analytics.

We do not sell personal information. We do not disclose it to advertisers, brokers, or any party outside the list above, except when required by a valid legal process (such as a court order) or to protect the rights, property, or safety of 86ops, our customers, or the public.

5. Cookies and similar technologies

We keep cookie usage to the minimum required to run the Site:

• Essential: short-lived cookies set by Cloudflare and Turnstile for security and bot detection.
• Analytics: Google Analytics sets cookies (typically _ga and _ga_*) that assign a random identifier to your browser so GA4 can count repeat visits correctly.

You can block analytics cookies in your browser settings or install a browser extension that opts you out of Google Analytics. Doing so will not affect your ability to use the Site.

6. How long we keep it

• Consultation form submissions are kept in our email inbox for as long as they may be relevant to an active or potential customer relationship. You can ask us to delete your record at any time (see section 8).
• Server and security logs are retained by Cloudflare per their standard retention policy — typically weeks, not months.
• Analytics data in Google Analytics 4 is retained for 14 months by default, after which it is automatically aged out.

7. How we protect it

We apply reasonable security measures to the information we hold on this Site:

• All traffic to 86ops.ai is encrypted in transit using HTTPS with HSTS preload.
• Form submissions flow through a server-side function rather than client-side email, so authentication keys are never exposed in the browser.
• API credentials for Resend, Google Analytics, and Turnstile are stored as encrypted secrets in Cloudflare Pages, not in the public source code.
• We apply standard hardening headers (X-Frame-Options, Content-Security-adjacent directives, Referrer-Policy, etc.) to every response.
• We run spam and bot protection (Turnstile plus server-side honeypot) on the form endpoint.

No system is perfectly secure. If you believe you've found a vulnerability, please report it to [email protected] or via /.well-known/security.txt.

Our hosted restaurant-operations platform handles operational data for customers under a separate subscription agreement and has its own, deeper security documentation provided to those customers.

8. Your rights

If you are in Canada, your rights under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation apply. If you are elsewhere in the world, similar rights generally apply under your local law, and we extend them to you regardless of residency. You have the right to:

• Access — ask what personal information we hold about you and get a copy.
• Correction — ask us to fix information that is inaccurate or incomplete.
• Deletion — ask us to delete your consultation submission and any follow-up record of it.
• Withdrawal of consent — ask us to stop processing your information for any non-essential purpose.
• Complaint — file a complaint with the Office of the Privacy Commissioner of Canada at priv.gc.ca or your local regulator.

To exercise any of these rights, email [email protected]. We respond within 30 days.

9. Children

The Site and our platform are built for restaurant operators and are not directed at children. We do not knowingly collect personal information from anyone under 18.

10. International transfers

Our service providers may process data in the United States, Canada, or the European Union. When data leaves Canada, it may be subject to the laws of that other country. By using the Site or submitting the consultation form, you consent to this cross-border processing.

11. Changes to this policy

We may update this Privacy Policy to reflect changes in our practices or in applicable law. The "Last updated" date at the top of the page reflects the most recent version. If we make material changes, we will make reasonable efforts to notify active contacts directly.

12. How to contact us

For any privacy question, concern, or request:

• Email [email protected] (preferred)
• General inbox [email protected]
• 86ops, Toronto, Ontario, Canada