Run the Tab← Back

Legal

Privacy Policy

Effective June 5, 2026

Run the Tab is operational reporting and inventory software for multi-location bar groups. This Privacy Policy explains what information we collect when an employer (an operator of one or more bars) provisions you access to the application, how we use that information, and the rights you have over it.

Run the Tab is a business-to-business product. Your employer is the controller of information about your employment and your access to the system; we act as a processor on their behalf. Where this policy describes your rights, those rights may be exercised through your employer or directly with us.

1. Who we are

“Run the Tab”, “we”, “us”, and “our” refer to the operator of the Run the Tab service, reachable at support@runthetab.com. Run the Tab is operated by Chaitanya Vallurupalli, a sole proprietor doing business as Run the Tab, in Texas, United States.

2. What we collect

Information you give us directly:your email address (used as your sign-in identifier), your name as it appears on time entries from your employer’s point-of-sale system, and any inventory counts, invoice uploads, or shift-related interactions you submit through the application.

Information we receive from your employer’s point-of-sale (Toast): employee identifiers, job titles, pay rates set by your employer, time entries (clock-in / clock-out timestamps), declared cash tips, non-cash tips, and sales records attributable to the location at which you work. Your employer authorizes this access.

Information we receive from your employer’s accounting system (QuickBooks Online):where the employer connects its QuickBooks Online company, we receive business bank transaction records — dates, amounts, payee names, memo text, and account names — used solely to produce the employer’s financial reports. This data is business financial data about the employer, not personal data about staff. Access is read-only, authorized by the employer through Intuit’s consent flow, and revocable by the employer at any time (from within Run the Tab or from their Intuit account settings). We do not sell QuickBooks data or use it for any purpose other than the employer’s own reporting.

Employment information:pay rate, scheduled and worked hours, declared and recorded tips, and tip-out calculations. This information is sourced from your employer’s point-of-sale system and used to compute payroll figures the employer relies on. It is treated as confidential and shown only to your employer’s authorized managers and to you (your own row).

Information we generate automatically: service logs (request identifiers, timestamps, error stack traces, IP address of the requesting device) used to operate the service and diagnose problems. We retain a tamper-evident audit log of changes to inventory, invoices, recipes, and user accounts for one year.

Crash and performance diagnostics: when the application encounters an error or unusually slow operation, we collect a crash report and request-latency metrics so we can diagnose and fix the problem. These reports include stack traces, request identifiers, and timing information. They do not contain inventory counts, invoice contents, sales figures, or payroll numbers.

Device information for push notifications: when you install our mobile app and grant notification permission, we store an opaque device token issued by Apple Push Notification Service or Firebase Cloud Messaging so that we can deliver shift-related alerts to your device. Tokens are tied to your user account; we do not collect device location, contacts, photos, microphone, or camera data.

We do not collect Social Security numbers, financial account numbers, government IDs, or health information. We do not sell personal information.

3. How we use it

  • To authenticate you and route you to the correct bar(s).
  • To compute payroll figures (hours, tips, tip-outs), inventory depletion, suggested orders, and food cost reports for your employer.
  • To deliver shift-related notifications you have opted into.
  • To send the weekly operational report and account-management emails (password resets, sign-in links).
  • To diagnose errors, prevent abuse, and maintain the integrity of the service.
  • To comply with legal obligations and enforce our terms of service.

4. Service providers we share information with

We share information with the providers below only to the extent needed to operate the service:

  • Google Cloud Platform — application hosting, database, secret storage, and observability. Located in the United States.
  • Firebase Authentication (Google) — sign-in, email-link delivery, and password reset flows.
  • Toast, Inc.— your employer’s point-of-sale provider. We pull menu, sales, time-entry, and employee data through Toast’s API on your employer’s behalf. We do not push data into Toast.
  • Resend — transactional email delivery (weekly reports, sign-in invites).
  • Apple Push Notification Service and Firebase Cloud Messaging — delivery of shift-related push notifications when you have installed the mobile app and granted permission.
  • Google Cloud Logging — retention of service logs (request identifiers, error stack traces, request IPs) for diagnostic and security purposes.
  • Cloud Build & Artifact Registry (Google) — build and deploy our application code; do not receive customer data.

We do not share your information with advertisers, data brokers, or analytics platforms.

5. Retention

  • Account records (your user, role, employer association) — kept for the lifetime of your access plus 30 days, then deactivated. Your employer may retain employment records independently.
  • Inventory counts, invoices, sales, and recipes— retained for the lifetime of your employer’s account. These are operational business records owned by the employer.
  • Audit log — one year, then automatically pruned.
  • Service logs — 30 days for non-error logs, 90 days for errors.
  • Push device tokens — deleted when the device is uninstalled, you sign out, or the token is rejected by APNs/FCM.

6. Security

We use TLS 1.2+ in transit, encryption at rest, role-based access controls, audit logging of privileged actions, separation of production and development environments, and credential rotation. No internet-connected service can guarantee absolute security; we commit to notifying your employer and, where required, you, without undue delay if a breach affects your information.

7. Your rights

Depending on where you live, you may have rights to access, correct, port, or delete information about you, and to object to certain processing. To exercise these rights, contact us at support@runthetab.com. Because your employer is the controller of most data we hold about you, we may forward your request to them and respond jointly. We will not retaliate against you for exercising any right.

California residents may exercise rights under the California Consumer Privacy Act (CCPA/CPRA), including the right to know what personal information we have collected (in categories such as identifiers, employment information, and internet/network activity), to request deletion, to correct inaccurate information, and to limit the use of sensitive personal information. We do not sell or share personal information for cross-context behavioral advertising.

Texas residents may exercise rights under the Texas Data Privacy and Security Act, including the right to access, correct, delete, and obtain a portable copy of personal information we process about you.

EU and UK residents may exercise rights under the GDPR and UK GDPR. The lawful basis for our processing is the performance of a contract with your employer (Article 6(1)(b)) and our legitimate interest in operating and securing the service (Article 6(1)(f)).

8. Children

Run the Tab is not directed to children under 13 (or under 16 in the EU/UK). We do not knowingly collect personal information from children, and we comply with the U.S. Children’s Online Privacy Protection Act (COPPA). Bar staff using the application must meet the legal working age in their jurisdiction; this is enforced by your employer at the time of hiring. If you believe we have inadvertently collected information from a child, contact us at support@runthetab.com and we will delete it.

9. International data transfers

We process data in the United States. If you access the service from outside the United States, you consent to the transfer of your information to the United States for the purposes described here. Where required, we rely on the Standard Contractual Clauses published by the European Commission for transfers from the EU and UK.

10. Changes

We may update this policy as the service evolves. The “Effective” date at the top reflects the most recent change. For material changes, we will post a notice in the application and, where required, contact your employer administrator.

11. Contact

Questions, requests, or complaints about this policy: support@runthetab.com.