Privacy Policy

Keva is operated by Binyan Group. We provide a B2B operations platform for restaurants and hospitality operators, accessible through the web at kevaos.ai and through the Relay iOS app distributed via the Apple App Store. This Privacy Policy describes how we collect, use, share, and protect personal information when authorized restaurant staff use the platform.

Keva is sold to restaurant operators (our customers). Individual users access Keva only when their employer has provisioned them an account. Operational data ingested on a customer's behalf (e.g. point-of-sale transactions, schedules, invoices) is governed by our agreement with that customer; this policy primarily covers personal information about end users.

Account information

• Name, email, and work phone (if provided)
• Organization, role, and venue assignment
• Authentication credentials — passwords are hashed; we never store them in cleartext
• Profile preferences (theme, default venue, notification settings)

Usage information

• Pages and features accessed within the platform
• Actions taken (e.g. acknowledging an enforcement signal, approving a comp)
• Device, browser, and operating system metadata
• IP address and approximate location (city/region) for security
• Crash and error diagnostics (via Sentry)

Mobile app information

The Relay iOS app collects the same information described above. If you grant permission, we may also collect:

• Push notification tokens (only if you accept push permissions)
• Device hardware model and OS version, for compatibility

The Relay app does not collect location data, contacts, photos, microphone audio, or camera content unless you explicitly trigger a feature that requires it (none today).

Operational data (on behalf of the customer)

On behalf of the operator who has contracted with Keva, we ingest data from systems such as point-of-sale, scheduling, payroll, accounting, reservations, and review platforms. This data is processed under the contract with the operator and is used to provide the operations platform to that operator. We are a data processor with respect to this data; the operator is the controller.

• Authenticate and provide access to the platform
• Generate operations reports, alerts, and enforcement signals
• Send transactional and operational notifications (email, push)
• Respond to support requests and improve the product
• Detect, prevent, and respond to security incidents and abuse
• Comply with legal obligations

Some platform features use AI models (currently provided by Anthropic). When AI is used to generate summaries, briefs, or recommendations, the relevant data is sent to the model provider under a data-processing agreement that prohibits training on your inputs. We do not use customer data to train third-party AI models.

We share personal information only with the parties below, and only for the purposes described:

• Service providers (subprocessors): Supabase (database and authentication hosting), Vercel (web hosting), Resend (transactional email), Anthropic (AI features), Sentry (error monitoring), and others required to deliver the service. All subprocessors are bound by contract to security and confidentiality obligations.
• Your employer: the operator who provisioned your account can access your platform activity, role, and the operational data you produce within Keva.
• Legal compliance: we may disclose information to comply with applicable law, valid legal process, or to protect rights, property, and safety.
• Business transfers: in a merger, acquisition, or asset sale, information may be transferred as part of the transaction.

We do not sell personal information, and we do not share it with third parties for advertising or marketing.

• Account information:retained while your account is active and for a short period thereafter to comply with legal obligations or resolve disputes. You can delete your account at any time (see “Your rights” below).
• Usage and diagnostic data: typically retained for up to 24 months, then aggregated or deleted.
• Operational data:retained for the duration of the operator's contract with Keva, plus any period required by that contract or by law.
• Backups: encrypted backups may persist for up to 35 days after deletion.

You have the following rights regarding your personal information:

• Access: request a copy of the personal information we hold about you.
• Correction: ask us to correct inaccurate information.
• Deletion: request that we delete your account and associated personal information.
• Portability: request your information in a portable format.
• Objection: object to certain processing activities.

How to delete your account: sign in to the Keva platform or the Relay app, go to Account → Delete Account, and follow the prompts. Account deletion is also available by emailing privacy@kevaos.ai.

For users in California, the European Economic Area, the United Kingdom, or other jurisdictions with applicable privacy laws, additional rights may apply. Contact us using the details below to exercise them.

We use industry-standard administrative, technical, and physical safeguards to protect personal information, including encryption in transit (TLS) and at rest, role-based access controls, multi-tenant data isolation, audit logging, and routine security reviews. No system is perfectly secure; if you believe your account has been compromised, contact us immediately.

Keva is a B2B platform intended for use by restaurant operators and their staff. The service is not directed to children under 18 and we do not knowingly collect personal information from anyone under 18. If you believe a minor has provided us with personal information, please contact us and we will take appropriate action.

Keva is operated from the United States. If you access the service from outside the United States, your information will be transferred to and processed in the United States. We rely on appropriate safeguards (such as standard contractual clauses) where required for transfers from the European Economic Area, the United Kingdom, and other jurisdictions.

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the latest change. If a change is material, we will provide reasonable notice (e.g. by email or in-app notice) before it takes effect.

Questions, requests, or complaints about this policy or our handling of personal information:

Email: privacy@kevaos.ai
Mail: Binyan Group, c/o Keva — 8430 Sunset Blvd, West Hollywood, CA 90069