AITableFlow Privacy Policy
Effective Date: June 29, 2026 Last Updated: June 29, 2026
This Privacy Policy explains how AI TABLE FLOW LLC ("AITableFlow," "we," "us," or "our") collects, uses, discloses, and protects information in connection with our website at https://www.aitableflow.com (the "Site") and the AI front-of-house services we provide to restaurants (collectively, the "Services").
AI TABLE FLOW LLC is an Illinois limited liability company (File No. 18300931).
1. Who We Are and Scope of This Policy
AITableFlow provides a managed, AI-run front office for restaurants. Our Services include an AI agent that answers calls and web/social messages, captures and (where integrated) books reservations, handles to-go orders, requests reviews, runs guest win-back, and manages CRM records on behalf of our restaurant customers. Our Services are built on and delivered through the GoHighLevel platform and other third-party providers, and integrate with reservation platforms (such as SevenRooms, OpenTable, and resOS) per customer.
This Policy applies to two distinct categories of information, which are treated very differently:
- Information about our restaurant customers and Site visitors — for example, the restaurants that subscribe to AITableFlow, the individuals who run them, and people who visit our Site. For this information, AITableFlow acts as a controller (we decide how and why it is used).
- Information we process on behalf of our restaurant customers — the personal data of our customers' guests and patrons (for example, the diner who calls to make a reservation or place a to-go order). For this information, our restaurant customer is the controller and AITableFlow acts as a processor / service provider, handling the data only on the customer's documented instructions and under our Data Processing Agreement. If you are a guest of a restaurant that uses AITableFlow and you have questions about how your data is handled, please contact that restaurant directly; we will assist them in responding to your request.
This Policy does not govern the privacy practices of our restaurant customers or of third-party platforms (including reservation platforms) that have their own privacy policies.
2. Information We Collect
2.1 Information You Provide to Us
When you inquire about, sign up for, or use the Services, we may collect:
- Account and contact details — name, restaurant/business name, email address, phone number, mailing/business address, and role.
- Billing information — billing contact, billing address, and subscription plan. Payment card details are collected and processed directly by our payment processor (Stripe); we do not store full card numbers.
- Onboarding and configuration information — details about your restaurant, hours, menu, reservation policies, to-go handling, scripts, and other information you supply to configure your AI front office.
- Communications — messages, support requests, and other correspondence you send to us.
2.2 Information We Collect Automatically
When you visit the Site or use the Services, we and our providers may automatically collect:
- Device and technical data — IP address, browser type, operating system, device identifiers, and language settings.
- Usage data — pages viewed, features used, links clicked, referring/exit pages, and timestamps.
- Cookies and similar technologies — see Section 6 (Cookies and Tracking).
2.3 Information We Process on Behalf of Our Restaurant Customers
In delivering the Services, we process personal data about our customers' guests and patrons ("Guest Data") on the customer's behalf and instructions. This may include:
- Names, phone numbers, email addresses, and (where relevant) addresses.
- The content of messages exchanged with the restaurant (calls, SMS, web chat, social messages, and email).
- Reservation, party-size, seating, dietary/preference, to-go order, and guest-history details.
- Call recordings and call transcripts, where calls are recorded and transcribed as part of the Services (see Sections 4 and 5).
AITableFlow processes Guest Data as a processor / service provider, only to provide the Services and only as instructed by the restaurant customer. We do not sell this data and do not use it for our own independent purposes.
3. How We Use Information
We use information we collect as a controller to:
- Provide, operate, maintain, and improve the Site and Services.
- Set up, configure, and manage customer accounts.
- Process subscriptions, billing, and payments.
- Communicate with you about your account, support requests, service updates, and (where permitted) marketing.
- Monitor, secure, and troubleshoot the Services, and detect and prevent fraud or abuse.
- Comply with legal obligations and enforce our agreements.
We process Guest Data as a processor only to deliver the Services on the restaurant customer's behalf — for example, to answer calls and messages, capture and book reservations, handle to-go orders, request reviews, run guest win-back, and maintain CRM records — and as otherwise instructed by that customer under our Data Processing Agreement.
4. AI and Automated Processing Disclosure
The Services rely on artificial intelligence and automated processing. Specifically:
- AI agent. Calls and web/social messages to numbers and channels connected to the Services may be answered, screened, returned, or handled by an automated AI agent rather than a human.
- Recording and transcription. Calls and messages may be recorded, transcribed, and analyzed by automated systems to operate the Services, capture reservations and to-go orders, generate CRM records, and improve handling.
- Automated responses. The AI agent may generate and send automated responses, capture or book reservations, route inquiries, and update records without human intervention.
- Human oversight. Outputs of the AI may be reviewed or supplemented by humans at the restaurant customer's discretion.
AI systems can make mistakes and may produce inaccurate or incomplete results (for example, in capturing a reservation or order). The restaurant customer remains responsible for its communications with, and obligations to, its own guests.
The AI/voice processing in our Services is delivered through HighLevel Inc. (GoHighLevel) — including its native AI voice and conversational features, which acts as our sub-processor (see Section 7).
5. Call Recording and Monitoring Notice
Calls handled through the Services may be recorded and/or monitored for purposes including answering calls, capturing and confirming reservations and to-go orders, quality assurance, training, record-keeping, and improving the Services.
Consent and Illinois law. Illinois is an "all-party consent" state for the recording of private electronic communications. Where calls are recorded, all parties to the call must consent to the recording. AITableFlow provides functionality to deliver a recording disclosure (for example, an audible notice at the start of a call), but the restaurant customer, as controller of its own calls, is responsible for ensuring that recording and monitoring comply with all applicable federal, state, and local laws — including Illinois' all-party consent requirement and the recording-consent laws of any other state in which the customer or the called party is located. Callers who do not consent to recording should not continue the call or should request that the restaurant handle the matter without recording.
6. Cookies and Tracking Technologies
We and our providers use cookies, web beacons, local storage, and similar technologies on the Site to:
- Keep you logged in and remember preferences.
- Measure and analyze Site traffic and usage.
- Secure the Site and prevent fraud.
You can control cookies through your browser settings; disabling some cookies may affect Site functionality. Where required by law, we will request your consent for non-essential cookies. We honor Global Privacy Control (GPC) signals where required by applicable law.
7. How We Share Information and Sub-Processors
We do not sell personal information. We share information only as described below:
- Service providers and sub-processors. We use trusted third parties to provide the Services. Our current sub-processors include:
| Sub-processor | Purpose |
|---|---|
| HighLevel Inc. (GoHighLevel) — including its native AI voice and conversational features | CRM, marketing automation, AI agent platform, native AI voice/chat, and data hosting |
| Twilio / LeadConnector | Telephony, call routing, and SMS |
| Stripe | Payment processing |
| Cloudflare | Website hosting, CDN, and security |
| Resend | Transactional and notification email |
| Google (Google Workspace) | Email and productivity |
| Reservation platforms (per customer) — SevenRooms, OpenTable, resOS | Reservation capture and booking, where the customer uses that platform |
- Our restaurant customers. Guest Data is made available to the restaurant customer that controls it.
- Legal and safety. We may disclose information to comply with law, respond to lawful requests, enforce our agreements, or protect the rights, property, or safety of AITableFlow, our customers, or others.
- Business transfers. In connection with a merger, acquisition, financing, or sale of assets, information may be transferred subject to this Policy.
Where a restaurant integrates a reservation platform, data shared with that platform is also subject to that platform's own privacy policy.
8. Data Retention
We retain information for as long as needed to provide the Services, maintain business records, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include: account data — for the life of the account plus 90 days after termination; call recordings and transcripts — 12 months by default (or per the business customer's configured settings); and billing and transaction records — 7 years (for tax and legal purposes). Guest Data is retained per the restaurant customer's instructions and our Data Processing Agreement, and is deleted or returned on termination as described there.
9. Security
We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit, access controls, and reliance on reputable infrastructure providers. No method of transmission or storage is completely secure, and we cannot guarantee absolute security.
10. Your Rights and Choices
Depending on where you live and your relationship with us, you may have rights to:
- Access the personal information we hold about you.
- Correct inaccurate information.
- Delete your information.
- Opt out of marketing communications (via the unsubscribe link or by contacting us).
- Opt out of "sale" or "sharing" of personal information and limit certain uses, where applicable.
California (CCPA/CPRA). If you are a California resident, you may have rights to know, access, delete, correct, and opt out of sale/sharing of personal information, and not to be discriminated against for exercising these rights. AITableFlow does not sell or share personal information; where the CCPA/CPRA applies, AITableFlow acts as a "service provider" and does not sell or share personal information.
EEA/UK (GDPR). If you are in the European Economic Area or the United Kingdom, you may have rights to access, rectification, erasure, restriction, portability, and objection, and to lodge a complaint with a supervisory authority. We are primarily US-facing; where GDPR or UK GDPR applies to your data, we will honor these rights, and any international transfers are handled via Standard Contractual Clauses where applicable.
If you are a guest of a restaurant that uses AITableFlow, please direct rights requests to that restaurant (the controller); we will assist them. To exercise rights for which AITableFlow is the controller, contact us using Section 14.
11. Children's Privacy
The Site and Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.
12. Third-Party Links
The Site and Services may link to third-party websites and services that we do not control, including reservation platforms. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.
13. Data Location and International Transfers
We and our providers are based in the United States, and information is processed and stored in the United States and other countries where our sub-processors operate. If you access the Services from outside the United States, you understand that your information may be transferred to and processed in the United States. Where required, international transfers are handled via Standard Contractual Clauses where applicable.
14. Contact Us
For privacy questions or to exercise your rights, contact:
AI TABLE FLOW LLC Email: kevin@aitableflow.com Website: https://www.aitableflow.com
15. Changes to This Policy
We may update this Policy from time to time. When we do, we will revise the "Last Updated" date above and, where appropriate, provide additional notice. Your continued use of the Site or Services after changes take effect constitutes acceptance of the updated Policy.