Privacy Policy

Effective date: April 21, 2026  ·  Operator: Maya Coffee Company LLC

1. Who We Are

Rama OS is operated by Maya Coffee Company LLC, located in Hammond, Indiana. This Privacy Policy explains how we collect, use, and protect your information when you use Rama OS ("the Service") or visit ramaops.com ("the Site").

2. Information We Collect

Account information: Name, email address, business name, and role when you request access or create an account.

Usage data: Pages visited, features used, session duration, and interaction logs within the platform.

Business data: Operational data you enter into the Service including reservations, inventory records, schedules, and financial summaries. This data belongs to you.

Employee data: If you use workforce management features (Tasqem), you may enter personal data about your employees including names, contact information, wage rates, work schedules, time and attendance records, and certifications. You are the data controller for this information. We process it solely on your behalf to provide the Service.

POS integration data: If you connect a point-of-sale system such as Clover, we receive order data, sales data, employee records, and menu information from that platform as authorized by your connection.

Device data: IP address, browser type, operating system, and referral URL, collected automatically by our servers and analytics tools.

Communications: If you contact us by email or form, we retain that correspondence.

3. How We Use Your Information

  • To provide, operate, and improve the Service
  • To communicate with you about your account and the early access program
  • To send transactional messages (account confirmations, alerts, operational notifications)
  • To send product updates and announcements (you may opt out at any time)
  • To analyze usage patterns and improve platform performance
  • To generate AI-powered recommendations and summaries using your operational data
  • To comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share it with:

  • Infrastructure providers: Supabase (database and authentication) and Vercel (hosting), solely to operate the Service.
  • AI providers: Anthropic, PBC processes portions of your operational data to generate AI recommendations and summaries when you use Intelligence Layer features. Anthropic is contractually prohibited from using your data to train its models.
  • POS platforms: When you connect a POS integration such as Clover, data flows between that platform and the Service as required to deliver the integration you authorized.
  • Legal compliance: If required by law, subpoena, or to protect the rights and safety of our users or the public.
  • Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.

5. Cookies

We use cookies and similar tracking technologies for:

  • Authentication: Keeping you logged in securely.
  • Analytics: Understanding how the Site is used (aggregated, not individually tracked).

We do not use advertising cookies or sell cookie data to third parties. You may disable cookies in your browser settings, but some features of the Service may not function correctly.

6. Data Retention

We retain different categories of data for different periods based on operational and legal requirements:

  • Account and personal information: Retained while your account is active. Deleted or anonymized within 90 days of account termination, except where longer retention is required by law.
  • Operational data (schedules, inventory, reservations): Retained for 2 years from creation, then deleted or anonymized.
  • Platform events and audit logs: Retained indefinitely as an immutable operational record. These records are anonymized upon account termination.
  • AI conversation sessions: Retained for 90 days, then permanently deleted.

7. Employee Data and Data Controller Responsibilities

When you use workforce management features, you act as the data controller for your employees personal data. We act as a data processor on your behalf. You are responsible for ensuring you have a lawful basis to collect and process employee data, for notifying employees that their data is being processed in the Service, and for responding to employee requests regarding their personal data.

We will assist you in meeting your obligations under applicable privacy law, including responding to data subject requests, by providing the tools and access necessary to locate, export, or delete employee records.

8. Your Rights (GDPR — EU / UK Residents)

If you are located in the European Union or United Kingdom, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Request portability of your data in a machine-readable format
  • Lodge a complaint with your local data protection authority

Our lawful basis for processing your personal data is performance of a contract (to provide the Service you signed up for) and legitimate interests (to improve and secure the Service). Where we rely on consent, you may withdraw it at any time.

To exercise any of these rights, contact us at dev@aulki.com. We will respond within 30 days.

9. Your Rights (CCPA — California Residents)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale of your personal information (we do not sell personal information)
  • Non-discrimination for exercising your privacy rights

To make a CCPA request, contact us at dev@aulki.com.

10. Security

We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, row-level security on all database tables, and access controls. No method of transmission over the internet is 100% secure. We encourage you to use strong, unique passwords and to report any suspected security issues to dev@aulki.com immediately.

11. Children

The Service is intended for business use by adults. We do not knowingly collect personal information from anyone under 18. If we learn we have collected data from a minor, we will delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice in the Service. The updated policy will be effective upon posting.

13. Contact

Maya Coffee Company LLC
Hammond, Indiana
dev@aulki.com
mayacoffee.studio