Privacy Policy

LetsOrderUp, Inc. (“OrderUp,” “we,” “us,” or “our”) builds an operating system for independent restaurants: point of sale, online ordering, payments, kitchen routing, menus, customer database, accounting (OrderUp Books), and AI-driven restaurant websites. This Privacy Policy explains what information we collect when you use the OrderUp platform, visit our websites, or interact with us, and how we use, share, and protect that information.

By using the Service you agree to the practices described here. If you do not agree, please do not use the Service.

LetsOrderUp, Inc. is a Wyoming corporation doing business as “OrderUp.” Our registered address is 30 N Gould St #6569, Sheridan, WY 82801. You can reach us at hello@letsorderup.com or +1 (845) 329-8840. OrderUp is the controller of personal information we collect about restaurant operators, our website visitors, and prospects. For information that operators collect from their own customers using the Service, OrderUp acts as a processor on the operator’s behalf (see Operator & customer data).

This policy covers the marketing websites we operate under the OrderUp brand, the operator-facing applications (admin, management, restaurant websites, POS tablet, menu display, ordering), the supporting APIs and cloud services, and communications we send (email, SMS, phone).

OrderUp currently operates in the United States only. We do not direct the Service to users outside the US.

We use information to:

• Provide, operate, and maintain the Service.
• Process orders, payments, refunds, billing, and reconcile settlement with our third-party payment processors.
• Authenticate users, prevent fraud, and protect the Service and its users.
• Send transactional messages (receipts, alerts, security notices, service updates) and operational SMS or email related to your account.
• Provide customer support, respond to inquiries, and resolve disputes.
• Understand how the Service is used, debug, monitor performance, and improve features.
• Personalize features (for example, surface relevant onboarding steps) and develop new functionality.
• Send marketing communications about OrderUp, with the ability to opt out at any time (see Marketing communications).
• Comply with legal obligations, enforce our agreements, and respond to lawful requests.

We do not use the personal information of your customers (collected through your use of the Service) to market to those customers on our own behalf.

We do not sell personal information for money. We share information only in these categories:

• Service providers: cloud infrastructure, third-party payment processors, communication providers (email, SMS), customer support tooling, analytics, error monitoring, and developer infrastructure that operate the Service on our behalf under contractual confidentiality and data protection obligations.
• Integrated platforms: with your direction, with delivery marketplaces, accounting tools, and other integrations you connect to your account, in order to perform the integration you requested.
• Business transfers: in connection with a financing, merger, acquisition, reorganization, bankruptcy, or sale of assets, subject to the receiving party honoring the commitments in this policy.
• Legal & safety: when we reasonably believe disclosure is required by law, subpoena, court order, or other valid legal process, or necessary to investigate, prevent, or respond to fraud, abuse, security incidents, or threats to the safety of any person.
• With your consent: any other sharing we describe to you and obtain your consent for.
• Aggregated or de-identified data: we may share information that has been aggregated or de-identified such that it cannot reasonably be used to identify you.

Restaurant operators own the data they put into the platform, including their menus, configurations, employee records, and the customer information they collect from their own diners. OrderUp processes that data on the operator’s behalf in order to provide the Service.

Operators are responsible for posting their own privacy notice to their diners, obtaining any required consents for the customer information they collect (for example, for SMS or marketing), and honoring the privacy rights of their own customers. The operator’s relationship with their customers is governed by the operator’s own privacy policy and applicable law.

We retain account, transaction, and operational data for as long as the account is active and for a reasonable period afterward to satisfy legal, accounting, tax, security, and dispute-resolution obligations. Backups and disaster-recovery archives may persist for longer on a defined rolling basis before being overwritten.

Operators can request deletion of their data after termination by emailing hello@letsorderup.com, subject to our retention obligations. Aggregated and de-identified data may be retained indefinitely.

Depending on your state of residence, you may have one or more of the following rights with respect to your personal information:

• Right to know / access: request confirmation of whether we process your personal information and a copy of that information.
• Right to correct: request correction of inaccurate personal information.
• Right to delete: request deletion of personal information, subject to exceptions allowed by law.
• Right to portability: request a copy of certain personal information in a portable, machine-readable format.
• Right to opt out of sale or sharing: we do not “sell” personal information for money, and we do not share personal information for cross-context behavioral advertising.
• Right to limit use of sensitive PI (California): request that we limit use of sensitive personal information to purposes permitted by law.
• Right to appeal certain decisions where state law provides.
• Right to non-discrimination for exercising any of these rights.

To submit a request, email hello@letsorderup.com. We will verify your identity using information already on file and respond within the time required by law. An authorized agent may submit a request on your behalf with written authorization and verification.

If you are a restaurant operator submitting a request that relates to data your own customers entered into the platform, we will direct that request to you as the controller of that data.

The rights above are provided to the extent required by your state of residence, including:

• California(California Consumer Privacy Act, as amended by the California Privacy Rights Act): right to know, access, delete, correct, opt out of “sale” and “sharing,” limit use of sensitive personal information, and non-discrimination. In the twelve months preceding the last-updated date, we have not sold personal information for money and have not shared personal information for cross-context behavioral advertising. California residents may also designate an authorized agent.
• Colorado (Colorado Privacy Act): access, correct, delete, portability, opt out of sales / targeted advertising / certain profiling, and appeal.
• Connecticut (Connecticut Data Privacy Act): access, correct, delete, portability, opt out of sales / targeted advertising / certain profiling, and appeal.
• Virginia (Virginia Consumer Data Protection Act): access, correct, delete, portability, opt out of sales / targeted advertising / certain profiling, and appeal.
• Utah (Utah Consumer Privacy Act): access, delete, portability, opt out of sales / targeted advertising.
• Texas (Texas Data Privacy and Security Act): access, correct, delete, portability, opt out of sales / targeted advertising / certain profiling, and appeal.
• Other states that grant comparable rights as their laws come into effect.

Where state law requires it, we provide a separately accessible method for submitting opt-out requests. You may also use the “Global Privacy Control” (GPC) signal in your browser; we treat a valid GPC signal as a request to opt out of “sale” and “sharing” for the browser sending the signal.

The Service is not directed to children under 16, and we do not knowingly collect personal information from children under 16. If you believe a child under 16 has provided us with personal information, please contact us and we will take steps to delete it.

We use a combination of administrative, technical, and physical safeguards appropriate to the sensitivity of the data we handle. These include encryption in transit (TLS) and at rest, least-privilege access controls, multi-factor authentication for our administrators, audit logging, environment segmentation, code review, and use of PCI-aware third-party payment processors for cardholder data.

No method of transmission or storage is perfectly secure. We cannot guarantee that information will never be accessed, disclosed, altered, or destroyed by breach of any of our administrative, physical, or technical safeguards.

The Service is offered in the United States. Information we collect is stored and processed in the United States. We do not offer the Service to users in the European Economic Area, United Kingdom, or Switzerland. If you access the Service from outside the US, you do so on your own initiative and are responsible for compliance with local laws.

We use cookies and similar technologies (local storage, pixels, SDK identifiers) on our websites and product surfaces to:

• Operate the Service (essential cookies for authentication, session management, security, and load-balancing).
• Remember preferences (language, UI state).
• Measure performance (Google Analytics 4, Microsoft Clarity, Vercel Analytics) and understand how visitors interact with our marketing site so we can improve it.
• Detect and prevent fraud and abuse.

You can control cookies through your browser settings or device-level privacy controls. Disabling certain cookies may limit functionality. We honor valid Global Privacy Control (GPC) browser signals as opt-outs of “sale” and “sharing” under applicable state law.

You may receive marketing communications from us by email or SMS if you have requested information from us, signed up for early access, or otherwise opted in. You can opt out at any time by clicking the unsubscribe link in any marketing email, replying STOP to an SMS, or by emailing hello@letsorderup.com. Even after you opt out of marketing, we will continue to send transactional and account-related messages.

We may update this Privacy Policy from time to time. When we do, we will update the “Last updated” date at the top of this page. If we make material changes, we will provide additional notice — for example, by email to operators or a prominent notice on the Service — before the change takes effect. Your continued use of the Service after an update means you accept the updated policy.

Questions, requests, or concerns about this Privacy Policy? Reach us at:

See also our Terms and Conditions.