Privacy Policy

Last Updated: February 15, 2026

Cold Stone Creamery of Reno, LLC ("Company," "we," "us," or "our") operates the CreameryOps multi-franchise management platform (the "Service"). This Privacy Policy describes how we collect, use, store, and protect information when you use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and authentication credentials. If you use Google OAuth, we receive your Google profile information (name, email, profile photo).

1.2 Franchise Business Data

Through integrations with your point-of-sale, payroll, and scheduling systems, we process:

• Sales data — transaction totals, guest counts, payment methods, product mix
• Labor data — employee hours, labor costs, scheduling data, overtime records
• Financial data — revenue, cost-of-goods, operating expenses, profit calculations
• Employee data — names, positions, hire dates, contact information, pay rates
• Inventory data — stock levels, par levels, product counts, variance records

1.3 Usage Information

We automatically collect information about how you use the Service, including pages visited, features used, and session duration. This helps us improve the Service.

2. How We Use Your Information

We use collected information to:

• Provide, maintain, and improve the Service
• Process your transactions and send related communications
• Generate analytics, reports, and dashboards for your franchise
• Respond to your requests and provide customer support
• Detect and prevent fraud, abuse, or security incidents
• Comply with legal obligations

3. Data Storage and Security

3.1 Infrastructure

Your data is stored on Google Cloud Platform (GCP) infrastructure in the United States (us-west1 region). We use Google BigQuery for analytics data and Cloud SQL for account data.

3.2 Security Measures

• All data in transit is encrypted using TLS 1.2+
• Data at rest is encrypted using Google-managed encryption keys
• Access to production systems requires multi-factor authentication
• We maintain audit logs of all data access
• Regular security reviews and vulnerability assessments

3.3 Multi-Tenant Isolation

Your data is logically isolated from all other customers. Every data query is filtered by your unique franchisee identifier. No other customer can access your data.

4. Data Sharing

We do not sell your personal information or franchise data. We may share data with:

• Service providers — Stripe (payment processing), Google Cloud (infrastructure), SendGrid (email)
• Legal requirements — When required by law, court order, or governmental request
• Business transfers — In connection with a merger, acquisition, or sale of assets (with notice)

5. Data Retention

We retain your data for as long as your account is active plus 30 days after termination. After the 30-day export window, we delete your data in accordance with our retention schedule. Audit logs are retained for 365 days.

6. Your Rights

You have the right to:

• Access — Request a copy of your data at any time
• Export — Download your data in CSV or JSON format through the Service
• Correction — Request correction of inaccurate data
• Deletion — Request deletion of your data (subject to legal retention requirements)
• DSAR — Submit a Data Subject Access Request to [email protected]

7. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information is collected, the right to delete personal information, and the right to opt-out of the sale of personal information. We do not sell personal information.

8. Cookies

The Service uses session cookies for authentication. We do not use tracking cookies or third-party advertising cookies.

9. Children's Privacy

The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will provide at least 30 days' notice of material changes via email or through the Service.

11. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at:

[email protected]
Cold Stone Creamery of Reno, LLC — Reno, Nevada