Privacy Policy
Last updated: April 26, 2026
Buffalo Eats Online (“we,” “us,” or “our”) operates buffaloeatsonline.com (the “Service”). This Privacy Policy describes how we collect, use, protect, and share information when you use our Service.
1. Information We Collect
Information You Provide
- Account information: Name, email address, phone number, business name, and password when you register
- Business data: Menu items, pricing, business hours, and location information you enter to configure your account
- End-customer data: Names, addresses, phone numbers, email addresses, and order history or reservation details of your customers processed through the Service
- Communications: Messages you send to us via email or support channels
Information Collected Automatically
- Usage data: Pages visited, features used, timestamps
- Device information: Browser type, operating system, IP address
- Cookies: Session cookies for authentication and preferences (see Section 8)
Information We Do NOT Collect
- Credit card or payment card numbers — all payment processing is handled by Stripe, Inc. and card data never touches our servers
2. How We Use Your Information
- To provide and maintain the Service
- To process orders and reservations on behalf of your business
- To send transactional emails (order confirmations, password resets, account notifications)
- To provide customer support
- To detect and prevent fraud, abuse, or security incidents
- To improve the Service based on usage patterns (aggregated, non-identifiable data only)
We do not sell your data or your customers’ data to third parties. We do not use your data for advertising or marketing purposes unrelated to the Service.
3. How We Share Your Information
We share information only in these circumstances:
- Service providers: Third parties that help us operate the Service (see Section 9 — Sub-Processors)
- Legal requirements: When required by law, regulation, legal process, or governmental request
- Business transfers: In connection with a merger, acquisition, or sale of assets, with notice to you
- With your consent: When you explicitly authorize sharing
4. Administrative Access
Our support team may access your account for the purpose of providing technical support, troubleshooting issues, or responding to your requests. When this occurs:
- Every administrative access event is logged with the administrator identity, your account identity, and timestamp
- Access is limited to what is necessary to resolve the issue
- Administrators cannot view your password (passwords are cryptographically hashed and irreversible)
- Administrators can reset your password on request, which triggers an email notification to you
5. Data Security
We implement industry-standard security measures to protect your information:
- All data transmitted between your browser and our servers is encrypted via TLS/HTTPS
- Data at rest is encrypted using AES-256 encryption
- Passwords are hashed using bcrypt (one-way, irreversible)
- All forms are protected against cross-site request forgery (CSRF)
- User-submitted content is sanitized to prevent cross-site scripting (XSS)
- All database queries use parameterized statements to prevent SQL injection
- File uploads are validated server-side for type and size
- Administrative access requires multi-factor authentication
No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
6. Data Retention
- Account data: Retained for as long as your account is active, plus 90 days after account closure
- Order/transaction history: Retained for 3 years for business record-keeping purposes
- Server logs: Retained for 90 days, then automatically purged
- Backups: Encrypted backups are retained for 30 days and then destroyed
7. Your Rights
Depending on your location, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request correction of inaccurate information
- Deletion: Request deletion of your personal information
- Portability: Request your data in a machine-readable format
- Opt-out: Opt out of marketing communications at any time
To exercise any of these rights, contact us at privacy@buffaloeatsonline.com. We will respond within 30 days.
California residents: Under the CCPA/CPRA, you have additional rights including the right to know what personal information is collected, the right to delete, and the right to opt out of the sale or sharing of personal information. We do not sell your personal information.
8. Cookies
We use essential cookies only:
- Session cookies: Required for login and authentication. Expire when you close your browser or after 24 hours of inactivity.
- Preference cookies: Remember your language and display settings.
We do not use third-party advertising or tracking cookies.
9. Sub-Processors
We use the following third-party service providers to operate the Service:
| Provider | Purpose | Data Processed |
|---|
| Amazon Web Services (AWS) | Hosting and storage | All data at rest and in transit |
| Stripe, Inc. | Payment processing | Payment card data (never stored on our servers) |
| ForwardEmail.net | Email routing | Inbound email headers and content |
| Google (Gmail SMTP) | Outbound email delivery | Outbound email content |
| Cloudflare, Inc. | DNS, CDN, DDoS protection | HTTP traffic metadata |
10. Children’s Privacy
The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us at privacy@buffaloeatsonline.com and we will promptly delete it.
11. Data Breach Notification
In the event of a data breach affecting your personal information, we will:
- Notify affected users via email within 72 hours of discovery
- Notify applicable regulatory authorities as required by law
- Provide a description of the breach, the data affected, and steps we are taking to address it
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the “Last updated” date. For significant changes, we will also notify you by email.
13. Contact Us
If you have questions about this Privacy Policy or our data practices, contact us at:
- Email: privacy@buffaloeatsonline.com
- Phone: (716) 299-8493
Last updated: April 27, 2026