Sunnyside
How it worksPricing
Log inGet started

Privacy Policy

Last updated: 3 July 2026

This Privacy Policy explains how Sunnyside (“we”, “us”) collects, uses, stores, and discloses information when you use our kitchen display service (the “Service”). We handle personal information in accordance with the Australian Privacy Principles under the Privacy Act 1988 (Cth). By using the Service you consent to the practices described here.

1. Information we collect

  • Account information — your name, email address, and a password. Passwords are stored only as salted bcrypt hashes; we never store or see your plain-text password.
  • Square connection data — when you connect your Square account we store OAuth access and refresh tokens, your Square merchant and location identifiers, location names, and timezone information, so we can receive and route your orders.
  • Order data — order line items, categories, ticket names (for example, a table number or a first name entered at the till), timestamps, and fulfilment type, as sent to us by Square. We do not receive or store your customers’ payment card details.
  • Billing data — your Stripe customer and subscription identifiers and subscription status. Your payment card details are collected and stored by Stripe, not by us.
  • Device and technical data — paired kitchen device records, and standard server logs (IP address, request metadata) used for security and troubleshooting.

2. How we use information

  • To provide the Service: routing orders from Square to your kitchen screens in real time.
  • To manage your subscription and process payments through Stripe.
  • To provide analytics about your own kitchen’s performance within your dashboard.
  • To send transactional email (for example, password resets) via Resend.
  • To secure, maintain, troubleshoot, and improve the Service.

We do not sell your data, and we do not use your order data for advertising or share it with third parties except the service providers listed below.

3. Service providers (processors)

We share information with a small number of providers who help us run the Service:

  • Square — the source of your order and location data, connected via OAuth with your authorisation.
  • Stripe — subscription billing and payment processing.
  • Fly.io — application and database hosting.
  • Resend — transactional email delivery (for example, password reset emails).

Each provider processes data under its own privacy policy and only as needed to provide its service to us.

4. Where your data is stored

The Service and its database are hosted with Fly.io in the Sydney, Australia region. Some providers (such as Stripe and Resend) may process data outside Australia, including in the United States, as part of providing their services. Where information is disclosed overseas, we take reasonable steps to ensure it is handled consistently with the Australian Privacy Principles.

5. Security

We take reasonable steps to protect your information: passwords are hashed with bcrypt, access tokens are stored server-side, connections are encrypted in transit (HTTPS), and access to kitchen displays is controlled through short-lived pairing codes and scoped device tokens. No system is perfectly secure, so we cannot guarantee absolute security.

6. Retention and deletion

We retain your account, configuration, and order data while your account is active so we can provide the Service and show historical analytics. If you cancel, we retain your data for a reasonable period in case you reactivate, after which it may be deleted.

You can request deletion of your account and associated personal information at any time by emailing support@example.com. We will action deletion requests within a reasonable time, except where we must retain records to comply with legal obligations (for example, financial records relating to billing).

7. Access and correction

You may request access to, or correction of, the personal information we hold about you by contacting support@example.com. You can update your account details and location names directly in the dashboard.

8. Cookies and local storage

The Service uses browser local storage to keep you signed in (your session token) and to remember device pairing on kitchen tablets. We do not use third-party advertising or tracking cookies.

9. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or through the dashboard, and the “Last updated” date above will change.

10. Contact and complaints

For privacy questions, requests, or complaints, email support@example.com. We will respond within a reasonable time. If you are not satisfied with our response, you may complain to the Office of the Australian Information Commissioner (oaic.gov.au).

See also our Terms of Service.

Sunnyside
HomeTerms of ServicePrivacy Policy
© 2026 Sunnyside