Privacy Policy

Produce OS is a product of Reserva, Inc. ("Reserva," "Produce OS," "we," "us," or "our"). This Privacy Policy describes how we collect, use, disclose, and protect personal information in connection with Produce OS, our websites, cloud-based software platform, communications features, and related services (collectively, the "Services").

This Privacy Policy applies to information collected through produceos.com, the Produce OS application, and related support, onboarding, implementation, and communications activities.

1. Scope and Roles

This Privacy Policy applies to:

• visitors to Produce OS websites;
• customers, prospective customers, and their representatives;
• authorised users of Produce OS accounts; and
• personal information processed in connection with providing the Services.

Produce OS may act as:

• a data controller for personal information we collect for our own business purposes, such as account administration, sales, support, security, marketing, billing, and compliance; and
• a service provider / processor for personal information included in Customer Data that we process on behalf of our customers through the Services.

Customers are responsible for determining the lawful basis for processing Customer Data they submit to Produce OS, including any personal information relating to their employees, customers, suppliers, vendors, or other contacts.

2. Information We Collect

2.1 Information provided directly

We may collect personal information provided by you or your organisation, including:

• name, email address, phone number, job title, and company information;
• account registration and onboarding information;
• billing, payment, and subscription information;
• support requests, implementation details, and training correspondence;
• information submitted through forms, demos, waitlists, or contact requests; and
• any other information you choose to provide in connection with the Services.

2.2 Information processed on behalf of customers

Produce OS may process Customer Data uploaded to or generated within the Services, which may include personal information such as:

• customer and prospect contact information;
• supplier, vendor, and partner contact records;
• sales, purchase, transaction, and invoicing records;
• shipment, logistics, and operational communications; and
• other business information processed as part of customer workflows.

We process this information only on behalf of and under the instructions of the relevant customer, subject to our agreements with that customer.

2.3 Automatically collected information

When you access or use the Services, we may automatically collect:

• device, browser, and operating system information;
• IP address and approximate location;
• application logs, usage metrics, and diagnostic data;
• session, authentication, and security-related information; and
• cookie, local storage, and similar tracking data.

3. How We Use Information

We use personal information to:

• provide, operate, maintain, and improve the Services;
• create and manage accounts, workspaces, and user access;
• support produce sales, purchasing, communication, and workflow management features;
• deliver onboarding, implementation, support, troubleshooting, and training;
• process subscriptions, payments, and account administration;
• communicate with users and customers about the Services;
• monitor performance, reliability, security, and product usage;
• investigate misuse, fraud, security incidents, or legal claims;
• comply with legal, tax, accounting, and regulatory obligations; and
• develop analytics, reporting, and product improvements using aggregated or de-identified information where appropriate.

4. Messaging, Communications, and Connectivity Features

Produce OS includes features that help customers manage and send operational and commercial communications, including communications by email, SMS, WhatsApp, and other supported channels.

Through these features, Produce OS may process personal information such as:

• sender and recipient names, phone numbers, and email addresses;
• message content and attachments;
• conversation history and communication metadata;
• delivery, read, reply, and status information; and
• transaction-related details included in messages, such as sales updates, purchase information, order status, invoices, payment reminders, confirmations, and related workflow activity.

We use this information to:

• enable communications requested or initiated by our customers;
• route, send, receive, log, display, and organise messages within the Services;
• support workflow automation, follow-up, and transaction visibility;
• troubleshoot delivery or platform issues;
• improve communications functionality, reliability, and usability; and
• maintain security, auditability, and compliance.

Customers are responsible for ensuring they have the right to contact recipients through the channels they use, obtaining any required consent under applicable law for SMS, WhatsApp, email, or similar communications, providing required notices to their end users, customers, vendors, and contacts, and ensuring that message content and communication workflows comply with applicable privacy, marketing, telecommunications, and consumer protection laws.

Third-party communications providers, carriers, inbox providers, and platform operators may process communications data as part of message transmission and delivery. Message delivery is also subject to the policies and technical limitations of those third parties.

5. Legal Bases for Processing

Where required by applicable law, we rely on one or more of the following legal bases:

• performance of a contract;
• compliance with legal obligations;
• legitimate interests, such as security, fraud prevention, service administration, and product improvement; and
• consent, where required by law.

6. Disclosure of Information

We may disclose personal information to:

• service providers and subprocessors that support hosting, infrastructure, analytics, communications, authentication, payment processing, security, and customer support;
• messaging and communications providers, including providers used for email, SMS, WhatsApp, telephony, and related delivery infrastructure;
• professional advisors such as lawyers, accountants, auditors, and insurers;
• government authorities, regulators, courts, or law enforcement where required by law or legal process; and
• affiliates, acquirers, successors, or counterparties involved in a merger, acquisition, financing, reorganisation, or sale of assets.

We do not sell personal information.

7. Subprocessors and Third-Party Providers

We may engage third-party providers to support the operation of Produce OS. These providers may process personal information on our behalf for purposes such as hosting, analytics, communications delivery, infrastructure, monitoring, and customer support.

Where required, we contractually require such providers to protect personal information and process it only for authorised purposes.

8. International Data Transfers

Produce OS and its service providers may process or store personal information in the United States and other jurisdictions where we or our providers operate. Where required by law, we implement appropriate safeguards for cross-border transfers of personal information.

9. Data Retention

We retain personal information only for as long as reasonably necessary to:

• provide the Services;
• fulfil contractual obligations;
• maintain records related to communications, transactions, security, and support;
• comply with legal, accounting, tax, and regulatory requirements; and
• resolve disputes and enforce our agreements.

Retention periods may vary depending on the nature of the data, the customer relationship, legal requirements, and the specific Service feature involved.

10. Security Measures

We maintain administrative, technical, and organisational safeguards designed to protect personal information against unauthorised access, loss, misuse, alteration, or disclosure.

These measures may include access controls and role-based permissions, encryption in transit and where appropriate at rest, logging and audit controls, network and infrastructure security controls, and internal policies governing access, confidentiality, and security practices.

While we use commercially reasonable measures to protect personal information, no method of internet transmission or electronic storage is completely secure, and we cannot guarantee absolute security.

11. Individual Rights

Depending on applicable law, individuals may have rights regarding their personal information, including the right to request access, correction, deletion, restriction, objection, portability, or withdrawal of consent where applicable.

We may need to verify identity before responding to a rights request. Where Produce OS processes personal information on behalf of a customer, we may direct the request to the relevant customer where appropriate.

12. Cookies and Similar Technologies

We may use cookies, local storage, pixels, and similar technologies to operate, secure, personalise, and improve the Services. These technologies may be used to remember settings and preferences, maintain authenticated sessions, measure usage and performance, and support security and fraud prevention.

Users may be able to control certain cookies through browser settings, although disabling some technologies may affect functionality.

13. Children’s Information

The Services are intended for business use and are not directed to children. We do not knowingly collect personal information from children.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the Services, our practices, or applicable law. If we make material changes, we will provide notice through the Services, by email, or by other appropriate means. The "Last updated" date indicates when this Privacy Policy was most recently revised.

15. Contact Us