Meuze Privacy Policy
Effective Date: July 13, 2026
1. Responsibility for This Privacy Policy
PromptShop Inc. (operating as Meuze) ("PromptShop," "we," "us") is responsible for the collection and processing of personal data described in this Privacy Policy, other than payment processing carried out directly by Stripe as described in Section 3, and is responsible for compliance with applicable privacy laws in the jurisdictions where it operates. This Policy uses "Customer" to mean the business that subscribes to the Service, "User" to mean an individual who accesses the Service on Customer's behalf, and "Service" to mean the Meuze web application, the Meuze Operator App (mobile), and related products described in Section 2.
2. Scope and Updates
This Privacy Policy applies to all use of PromptShop's websites, web application, mobile application, and related products and services (collectively, the "Service"). Where Customer's operational data processed through the Service (for example, point-of-sale transaction data) includes personal data about Customer's own employees or customers, PromptShop processes that data as a service provider/processor acting on Customer's behalf; Customer's own privacy notice to those individuals governs that underlying relationship. We may update this Privacy Policy from time to time. Updates will be communicated through the Service and take effect as of the date noted at the top of this document.
3. Payment Processing
Subscription fees for the Service are billed through Stripe, our third-party payment processor. Stripe collects, processes, and stores payment card and billing details on our behalf; PromptShop does not store full payment card numbers on its own systems. Stripe's handling of payment data is governed by Stripe's own privacy policy. PromptShop receives limited billing metadata from Stripe (for example, subscription status and invoice history) needed to operate the Service and manage Customer's account.
4. Cross-Border Data Transfers
PromptShop's infrastructure is hosted primarily in the United States (Amazon Web Services, region us-east-1). Personal data may be stored and processed in the United States and in other countries where PromptShop's subprocessors operate, as listed in Section 18. Subprocessors are contractually required to protect personal data consistent with this Privacy Policy.
5. Contact
Questions about this Privacy Policy, or requests to exercise a data subject right, may be directed to privacy@meuze.ai. General support inquiries can be directed to support@meuze.ai.
6. What Personal Data We Collect
| Category | Examples | Source |
|---|---|---|
| Account & identity data | Name, work email, authentication identifiers | Collected directly at signup, via Clerk |
| Business operational data | Invoices, inventory levels, purchase orders, point-of-sale transactions, waste logs, employee incident records | Uploaded by Customer or synced via connected integrations (POS, accounting, email) through Nango |
| Payment data | Subscription plan, billing history | Processed by Stripe; PromptShop does not directly store full card numbers |
| Usage data | Feature usage, login activity, API calls | Collected automatically by the Service |
| Support communications | Emails, support tickets | Collected when Customer or a User contacts us |
| Operator App data | Account/sign-in data, push notification token, optional WhatsApp number, on-site operational entries | See Section 20 |
7. When We Collect Personal Data
We collect personal data when an individual or Customer creates an account or uses the Service; when a Customer or User provides information through account settings, forms, or email; when a Customer connects a third-party integration (a point-of-sale, accounting, or email system) through Nango, which then syncs data into the Service; and when a Customer or User contacts support. We do not purchase or source personal data from credit agencies, credit bureaus, or similar third-party data brokers.
8. Purposes and Legal Bases for Processing
We use personal data to:
- Provide and operate the Service, including running AI agents against Customer's operational data (invoice extraction, inventory recommendations, waste analytics, and incident workflows);
- Maintain and improve the Service, including the accuracy of AI-driven features such as invoice extraction and inventory forecasting;
- Manage accounts, billing, and subscriptions;
- Provide customer support and respond to inquiries;
- Maintain security, detect fraud or abuse, and meet compliance obligations.
- Communicate with Customers and Users about the Service (product updates, billing, support).
We do not use personal data for personalized advertising, and we do not sell personal data.
Processing is based on the performance of our contract with Customer, our legitimate interests in operating and securing the Service, and, where required by applicable law, consent.
9. Storage Duration
Personal data is retained for as long as Customer maintains an active subscription, plus a post-termination export/retention window, after which it is deleted or anonymized, except where longer retention is required by law or necessary to establish, exercise, or defend legal claims.
10. Your Rights as a Data Subject
Depending on applicable law, individuals may have the right to: access their personal data; request correction or deletion; restrict or object to processing; request data portability; withdraw consent; request exclusion of their data from AI model training or improvement (see Section 13(b)); and lodge a complaint with a supervisory authority. Requests can be submitted to privacy@meuze.ai. Where PromptShop acts as a processor on Customer's behalf, we will direct the request to Customer or assist Customer in responding, as required by our data processing terms.
11. Cookies and Similar Technologies
The Service uses cookies and similar technologies strictly for operating and securing the web application — for example, session management and fraud prevention. We do not use advertising or cross-site tracking cookies. Disabling cookies may reduce functionality. Cookie settings can be managed through the browser.
12. Data Security
We apply administrative, technical, and physical safeguards appropriate to the sensitivity of the data we process, including encryption in transit and at rest, access controls, and continuous monitoring. No method of transmission or storage is completely secure. Data stored on a Customer's or User's own device is that party's responsibility to protect. We will notify affected Customers of a security incident involving their personal data as soon as reasonably practicable, consistent with our incident response procedures and applicable law.
13. Meuze and AI
a. Responsible AI. The Service uses AI — developed by PromptShop and by third-party model providers accessed via OpenRouter — to power core product features, including invoice data extraction, inventory forecasting, waste analytics, and customer support. Personal data processed by these AI features is handled consistent with the safeguards described in Section 12.
b. AI Development and Training. Customer Data is used to power AI features for that Customer's own use of the Service (inference) and is not used to train or fine-tune models shared with other customers. Where personal data is used to develop, test, validate, or improve PromptShop's own AI features — for example, improving invoice extraction accuracy or improving inventory forecasting — we apply safeguards such as data minimization, masking, or access controls appropriate to the processing involved.
14. Specific Privacy Disclosures
a. "Do Not Track." The Service does not track individuals across third-party sites for advertising purposes, and we honor Do Not Track signals accordingly.
b. Children's Privacy. The Service is intended for business use by adults and is not directed to children. We do not knowingly collect personal data from children. If we learn that we have collected personal data from a child, we will delete it.
15. Data Collection Practices (Clarification)
We collect: account information; usage data; device and technical data; content Customer or Users submit to or generate through the Service (for example, invoices, uploaded documents, and AI-generated output); transaction data (billing information, processed by Stripe); and integration data synced from third-party systems a Customer connects, including point-of-sale providers (e.g., Square), accounting systems (QuickBooks Online, Xero), and email providers (Gmail, Outlook), all connected via Nango.
16. Data Storage and Security Practices (Clarification)
Data is hosted on cloud infrastructure operated by Amazon Web Services (AWS), primarily in the United States, and by our subprocessors in the jurisdictions where they operate. We apply encryption in transit and at rest, access controls, and monitoring/logging consistent with Section 12. Data is retained only as long as necessary, per Section 9.
17. Data Usage Practices (Clarification)
We use data to: deliver the Service and its AI agent functionality; manage Customer and User accounts; personalize the product experience; maintain security and prevent fraud; analyze and improve the Service; communicate with Customers and Users; and develop and improve AI features per Section 13. We do not sell personal data.
18. Third-Party Processors and Service Providers (Clarification)
We share personal data with the following subprocessors, strictly to operate the Service:
| Processor | Role |
|---|---|
| Amazon Web Services (AWS) | Cloud hosting infrastructure |
| Supabase | Primary application database (Postgres) and file storage |
| Clerk | Customer and User authentication |
| Stripe | Subscription billing and payment processing (does not result in PromptShop storing card numbers) |
| Nango | Integration platform connecting a Customer's third-party accounts (e.g., Square, QuickBooks Online, Xero, Gmail, Outlook) |
| OpenRouter | LLM inference routing to underlying model providers |
| Upstash | Optional Redis caching layer |
| Vanta | Compliance monitoring of PromptShop's own security posture (does not process Customer operational data) |
We do not sell personal data. We disclose data to third parties beyond the above only: (a) at Customer's direction, (b) to comply with law or valid legal process, or (c) to protect the rights, safety, or property of PromptShop or others.
19. User Controls and Choices (Clarification)
Users can manage account settings directly in the Service and can request access, correction, or deletion of personal data by contacting privacy@meuze.ai. Requests to exclude personal data from AI model training or improvement, per Section 13(b), can also be directed to privacy@meuze.ai.
20. Meuze Operator App (Mobile)
This section describes data practices specific to the Meuze Operator App, PromptShop's companion mobile application (iOS and Android) used by F&B operators and staff to manage day-to-day operations on-site.
- Account and identity data. Email address, name, and — where a User signs in with Google — the account identifier associated with that sign-in, processed via Clerk as PromptShop's authentication processor. Credentials are stored in the device's secure keychain and are not accessible to PromptShop.
- Push notifications. With User opt-in, we collect a device push token to deliver operational briefs and alerts, routed through Expo and delivered via Apple Push Notification service (APNs) or Firebase Cloud Messaging (FCM). Users may opt out of push notifications at any time in device settings.
- WhatsApp linking (optional). Users may optionally link a phone number to receive operational briefs via WhatsApp. This number is stored solely for that delivery purpose.
- Operational data. Store data, reorder decisions, inventory counts, incident reports, and notes entered by the User, tied to the User's account and their organization (Customer).
- No advertising or tracking. The Operator App does not serve advertising and does not include third-party analytics or tracking SDKs; it does not track Users across other apps or websites.
- Account deletion. Users may delete their account in-app (Settings > Delete Account) or by request. See meuze.ai/account-deletion for details on what data is deleted and what is retained (for example, for financial or legal compliance) per Section 9.