Privacy Policy

Effective Date: 07-21-2025

This Privacy Policy (“Policy”) explains how MFMsoft, LLC ("MFMsoft", "we", "us", or "our") collects, uses, and protects data through its software and services (the “Offerings”). This Policy applies to all Merchants and users who access MFMsoft’s systems, including POS systems, digital menus, and web-based tools.


1. Nature of Data Collected 
MFMsoft does not collect personally identifiable information (PII) such as names, addresses, emails, or payment card details of your customers. However, we do collect:

1(b): Data Licensing and Ownership

All Order Data and related transactional information collected through your systems is licensed directly to MFMsoft, LLC, and to no other company or third party. By using MFMsoft’s services, you acknowledge and agree that MFMsoft has the exclusive rights to capture, store, and process such Order Data. Once captured, all Order Data becomes the sole property of MFMsoft. MFMsoft may use this data for any lawful purpose, including but not limited to: analytics, marketing, sales enablement, data aggregation, licensing, and making such data available to other third parties for their business purposes. You expressly acknowledge that you have no ownership rights in the captured data beyond the limited license granted by MFMsoft’s Terms of Service.

  • Order Data: Includes product purchase details such as item names, timestamps, quantity, and other order metadata.
  • Merchant Contact Information: Includes email, phone number, and system credentials used to operate MFM Software.
  • Device/Technical Data: Includes device identifiers, TOOS login credentials (when authorized), and system metadata.

MFMsoft collects only transactional data necessary to optimize business operations. This data may qualify as “personal data” under GDPR if linked to individuals indirectly. MFMsoft has no way of creating or following any indicators that track or connect the customer as the same customer within your system or others.


2. Purpose of Collection and Use 
Order Data is collected to:

  • Analyze product and brand performance;
  • Automate product menu injection and synchronization;
  • Track sales and upsell trends across TOOS systems;
  • Support trademark compliance with brand asset use;
  • Improve AI-driven menu and sales optimization;
  • Generate anonymized business insights for Merchants and Brand partners.

MFMsoft may share this pseudonymized transactional data with authorized license holders and brand partners for lawful business and analytic purposes, in accordance with Schedule A.


3. Lawful Basis for Processing (GDPR Article 6) 
MFMsoft processes data based on:

  • Contractual necessity – to deliver services to Merchants;
  • Legitimate interest – to maintain and improve services and protect trademark usage;
  • Consent – where applicable, such as enabling Brand asset sharing or cookie tracking (if later used).

Merchants grant MFMsoft these rights by enrolling systems through the MFM registration process.


4. Data Minimization and Consumer Privacy 
MFMsoft does not:

  • Collect or retain customer payment information;
  • Track users via cookies or similar tracking technologies in the core platform;
  • Profile or make decisions about individual consumers.

All data collection is limited to business optimization and reporting metrics.


5. Data Subject Rights (GDPR Articles 15–22) 
Merchants and EU-based data subjects may:

  • Request access to their data;
  • Rectify inaccuracies;
  • Request erasure or restriction;
  • Object to processing or request data portability;
  • Lodge a complaint with a supervisory authority (e.g., CNIL).

All requests may be directed to [email protected].


6. International Data Transfers 
MFMsoft may transfer Order Data to systems hosted in the United States or other third countries. Such transfers will be safeguarded using:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Additional measures where required by the Schrems II decision.


7. Data Retention and Deletion 
MFMsoft retains Order Data only as long as needed to fulfill its contractual and legal obligations. Data may be anonymized or deleted in accordance with internal retention schedules.


8. Security Safeguards 
MFMsoft employs:

  • Role-based access controls;
  • Data encryption in transit and at rest;
  • Secure credential management;
  • Monitoring and alerting systems to detect unauthorized access.


9. Third-Party Systems 
If you integrate MFM with third-party TOOS platforms (e.g., Toast, Clover, Square), you are responsible for ensuring your credentials are valid and authorized. MFM accesses data only through credentials you provide and in accordance with those systems’ terms and conditions.


10. Contact and Legal Compliance 
Data Controller: MFMsoft, LLC
Email: [email protected]
Supervisory Authority: CNIL – https://www.cnil.fr


11. Updates and Changes 
We may update this Policy from time to time. Significant changes will be posted on our website or delivered through your Merchant dashboard. Continued use of the Offerings signifies acceptance of any updates.


Schedule A: Data Usage Purposes 
MFMsoft employs:

  • Analytics: Product popularity, category performance, timing trends.
  • Marketing: Non-personalized sales data to Brands.
  • Operational Improvements: Inventory, layout, pricing strategy.
  • Legal Compliance: Trademark use and audit tracking.
  • Security: Fraud detection, data integrity monitoring.

 
Last updated: 07-17-2025