Privacy Policy

Last Modified: May 14, 2026

Please take a few minutes to read the following policy so that you understand how we treat your information. As we continuously improve and expand our services, this policy might change, so please check it periodically.

This Privacy Policy describes how ConverseNow Technologies Inc. ("ConverseNow," "Service Provider," "we," "our," "us") collects, uses, and shares information you provide while placing your order via our voice-ordering platform ("Platform," "Phone" or "Drive-Thru") subject to your consent. It also describes your rights and choices regarding our use and sharing of your information, including how you can access and update such information.

If we make any changes to our Privacy Policy, we will post the revised Privacy Policy and update the "Last updated" date above. We encourage you to read the Privacy Policy in its entirety from time to time as we may update the Privacy Policy without direct notice to you. Your continued use of the voice ordering platform means that you accept and agree to the revised Privacy Policy. If you do not accept this Privacy Policy (as amended from time to time), please exit the Website immediately. Your engagement and interaction with our voice ordering platform constitutes your agreement and acceptance of this Privacy Policy and your consent to the practices it describes. If you have questions or comments about our Privacy Policy, please contact us by writing to us at privacy@conversenow.ai.

Data Controller Information

The data controller with respect to the data processing described in this Privacy Policy is ConverseNow Technologies Inc., located at the address in the section entitled "Contact Us" below.

Information Collection

Information You Provide

We collect information you provide directly via the voice ordering platform ("Phone" or "Drive-thru"). The information we collect includes personally identifiable information, which is any information that concerns you individually and would permit someone to identify you. Some examples of information we collect include the following:

Contact Data. We collect your first and last name, postal address, email address, telephone number, and other contact data.

Demographic Data. We may collect demographic information including your gender and country.

Payment Data. We collect data necessary to process your payment if you make a purchase, including your payment instrument number (such as a credit card number) and the security code associated with your payment instrument.

Order Information. We collect information about your orders and food choices.

Profile Data. We may collect your interests, favorites, and other profile data.

Content. We collect the content of messages you send to us, such as feedback and product reviews you give, or questions and information you provide to customer support.

We collect information you provide at various points during your ordering process, such as the following:

Account Registration – To submit your order to the restaurant, you may be required to provide information as requested. This may require you to provide your first name and last name, email address, postal address, telephone number, and loyalty membership details. You may also provide payment data and profile data to help speed up and facilitate your future orders.

Online Orders – You can place an online order for carryout or delivery through a registered account or as a guest. If you place a carryout order, you will need to provide your first name and last name, email address, telephone number, and order information. If you pay online, you will also need to provide your payment data. If you place an order for delivery, you will also need to provide your postal address.

Rewards Programs – We may offer rewards programs, sweepstakes, contests, surveys, or other promotions ("Promotions") through our ordering platform.

Other Transactions – We may offer you other opportunities to transact with us through our ordering platform. If you conduct transactions through our online ordering platform, we will collect information you provide directly about the transactions you engage in while interacting with our online ordering platform. This information may include payment and billing information as well as the nature, quantity and price of the goods or services you exchange and the individuals or entities with whom you communicate or transact business.

Email and other voluntary communications – You may also choose to communicate with us through email, via the website or through other means. Such communications may be in connection with our customer service efforts, your questions, or for other purposes. We collect the information in these communications, and such information may include information that personally identifies you.

You may choose to voluntarily disclose other information when using the voice ordering platform that we do not request, and, in such instances, you are solely responsible for such information.

Information Collected Automatically

When you use our Platform or visit the parent restaurant organization (or their franchisee) by phone or on Drive-Thru, we automatically collect information about your interactions. Some examples of information we collect include the following:

Service Use Data. We collect data about the features you use, the emails and advertisements you view or listen to, the products you purchase, the date and time of your interaction, the queries you ask during your interaction, and the personal information associated with your phone number, if any, from which you linked directly to the restaurant, and other similar information.

Log Files. A log file is a file that records events that occur in connection with your interaction, such as phone number, caller name associated with your telephone service provider, call duration, language and utterances you use, date/time stamps, and related data. This information allows us to recognize you and help customize your ordering experience and make it more convenient for you. The log files are also useful in allowing more efficient tracking of your transaction history and preserving information between sessions. The information collected from log files may also be used to improve the functionality of the platform.

Types of logging on our platform include:

• Functionality: Used to remember your preferences and for facilitating transactions such as purchases.
• Performance or Analytics: Used to measure ordering activity to improve user experience.
• Personalization: Used to offer information and a personalized ordering experience and offers that specifically interest you.

For further information on tracking technologies and your rights and choices regarding them, please see the sections entitled "Analytics, Advertising, and Retargeting" and "Your Rights and Choices" below.

Information Collected from Other Third Parties

We also obtain information about you from other third-party sources and combine such information with information we have collected about you. To the extent we combine such third-party sourced information with information we have collected about you on our online ordering platform, we will treat the combined information in accordance with this Privacy Policy, plus any additional restrictions imposed by the source of the data. These third-party sources vary over time, but may include:

Social networks when you reference our Service or grant permission to parent restaurant organization (or their franchisee) to access your data on one or more of these services.

Partners with which we offer co-branded services, sell or distribute our products, or engage in joint marketing activities.

Publicly available sources such as open government databases or other data in the public domain.

We are not responsible for the accuracy of any information provided by third parties or third-party policies or practices.

Information Use

We use the information about you for our legitimate interests, including for purposes such as:

• servicing users' accounts or memberships;
• providing services and support to users;
• processing, servicing or enforcing transactions and sending related communications;
• responding to your questions, inquiries, comments and instructions;
• protecting our systems from fraud and unlawful access;
• maintaining the security and integrity of its systems;
• helping to establish and verify the identity of users;
• improving our ordering platform, advertisements, products, and services;
• providing users with product or service updates, promotional notices and offers; and
• advertisements, and other information about Parent Restaurant Organization, Franchisee and its affiliates.

We also use information about you with your consent, including for purposes such as:

• providing you with Promotions;
• sending you promotional newsletters and marketing communications;
• serving digital advertisements to you tailored to your interests on third party ad properties; and
• fulfilling any other purposes disclosed to you and with your consent.

We may use information that does not identify you (including information that has been de-identified) without obligation to you except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see the section entitled "Your Rights and Choices" below.

Information Sharing

We may share information about you in the following ways:

Affiliates. We may share information about you with other companies owned or controlled by ConverseNow and other companies that own or control ConverseNow or that are under common control with ConverseNow.

Service Providers. We may share information about you with third-party service providers who need access to such information to carry out work on our behalf. The service provider's use of personal data will be subject to appropriate confidentiality and security measures.

Parent Restaurant Organization (or their Franchisee). We may share information about you with the Parent Restaurant Organization (or their franchisee) where you place your food order.

Professional Advisors. We may share information about you with professional advisors acting as processors or joint controllers including lawyers, bankers, auditors, and insurers based on our legitimate interests in receiving their services.

Authorities. We may share information about you with government and regulatory bodies, including law enforcement, in connection with enquiries, proceedings or investigations by such parties anywhere in the world or where compelled to do so by court order or similar legal procedure provided that we take reasonable steps to ensure that the recipient will protect the information in a manner that is consistent with this Privacy Policy.

Safety, Security and Compliance with Law. We may share information about you in connection with legal requirements, such as in response to an authorized subpoena or when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, or investigate fraud. We may also share information about you to defend the Terms of Use or other policies applicable to the website or if we believe your actions are inconsistent with our user agreements or policies. To the maximum extent permitted by applicable law, we may use IP addresses, mobile device identifiers or any other information we collect to identify users, and may do so in cooperation with copyright owners, internet service providers, wireless service providers or law enforcement agencies in our discretion. Such disclosures may be carried out without notice to you.

Consent. We may share your information for any other purpose disclosed to you and with your consent. Parent Restaurant Organization (or their Franchisee) may also disclose aggregated de-identified information to potential business partners and other unaffiliated entities for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we share your information, please see the section entitled "Your Rights and Choices" below.

Aggregated/Anonymized Data

This Privacy Policy does not apply to any data to the extent it is held, processed, disclosed, or published in a form which cannot be linked or attributed to a living individual (such as anonymized or aggregated data which cannot directly or indirectly be used to identify you or to obtain information about you) ("Aggregate/Anonymized Data"). We may generate, use, and share Aggregate/Anonymized Data for any purpose, in our sole discretion, subject to applicable law.

Security of Protected Information

We use commercially reasonable controls that are designed to reasonably safeguard Protected Information consistent with applicable and governing laws. We implement a variety of security measures when a user enters, submits, or accesses their information to maintain the safety of your Protected Information. However, please be aware that no method of electronic transmission or storage is completely secure, and we cannot guarantee the security of your Protected Information. Accordingly, we make no promise, representation, or warranty regarding the security of your Protected Information or any other information or data collected, stored, used, or transmitted in connection with the Website.

In the event that we become aware of unauthorized access to your Protected Information in a manner that exposes, or risks exposure of, your Protected Information in a manner that is inconsistent with this Privacy Policy, we will satisfy legal obligations to notify you and the other affected users, and display a notification on the Website, consistent and in accordance with our legal duties. We also reserve the right to cooperate with any individual who pursues legally enforceable rights against data collectors and processors who fail to adhere to the law.

Retention Period

ConverseNow will retain your personal data for the period necessary for the execution of the services or to attend to your requests or claims up to 1 year. After this time, ConverseNow will keep retaining the data only to the extent necessary to fulfill its obligations provided by the law or the European laws and regulations.

When you have given your consent for your personal data to be processed for marketing purposes, your personal data will be retained until your consent is revoked.

Your Rights and Choices

Review and Update of Account Information

You have the right to access certain account information that you have voluntarily submitted to us while placing your order on the online ordering platform. You may correct, update, amend, delete, or remove that information.

Such requests will have to be made to the Parent Restaurant Organization (or their franchisee) and it will be the responsibility of the Parent Restaurant Organization (or their franchisee) to send this request to us, by writing to us at privacy@conversenow.ai.

Responsibility of identifying the end user will lie with the Parent Restaurant Organization (or their franchisee) before sending the request to ConverseNow.

We will respond to your request for access within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Analytics and Advertising

You may also exercise choice regarding the receipt of interest-based advertising. ConverseNow only shares your information with Parent Restaurant Organization (or their franchisee) and does not carry out any direct advertising.

Please be aware that, even if you are able to opt out of certain kinds of interest-based advertising, you may continue to receive other types of ads. Opting out only means that those selected members should no longer deliver certain interest-based advertising to you but does not mean you will no longer receive any targeted content and/or ads (e.g., from other ad networks).

ConverseNow is not responsible for effectiveness of, or compliance with, any third parties' opt out options or programs or the accuracy of their statements regarding their programs.

Communications

In order to provide service to you, we may send you communications related to your transactions, security or the administration of the platform. From time to time, ConverseNow may also send you other messages or updates on behalf of the parent restaurant organization (or their Franchisee), or their promotions and other activities. If you do not wish to receive such promotional communications, you can opt out at any time by following the instructions provided in those communications.

Such requests will have to be made to the Parent Restaurant Organization (or their franchisee) and it will be the responsibility of the Parent Restaurant Organization (or their franchisee) to send this request to us, by writing to us at privacy@conversenow.ai.

Responsibility of identifying the end user will lie with the Parent Restaurant Organization (or their franchisee) before sending the request to ConverseNow.

Please note that even if you opt out of receiving promotional communications, we may continue to send you non-promotional emails, such as those about your account, servicing, or our ongoing business relations.

Your State Privacy Rights

Depending on your state of residency, you may have certain rights related to your personal data, including:

Access and Data Portability. You may confirm whether we process your personal data and access a copy of the personal data we process. To the extent feasible and required by state law, depending on your state, data will be provided in a portable format. Depending on your state, you may have the right to receive additional information and it will be included in the response to your access request.

Correction. You may request that we correct inaccuracies in your personal data that we maintain, taking into account the information's nature and processing purpose.

Deletion. You may request that we delete personal data about you that we maintain, subject to certain exceptions under applicable law.

Opt Out of Using Personal Data for Targeted Advertising, Profiling, and Sales. You may request that we do not use your personal data for these purposes.

Important: The exact scope of these rights vary by state. There are also several exceptions where we may not have an obligation to fulfill your request.

Additional State-Law Privacy Protections

CALIFORNIA CONSUMER PROTECTION ACT (CCPA) AND CALIFORNIA PRIVACY RIGHTS ACT (CPRA)

This section applies to California Residents.

The Protected Information we collect might, depending on the situation, include identifiers, characteristics of protected classifications under California law, commercial information, internet or other network activity information, or inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer's preferences, characteristics, behavior, attitudes, intelligence, abilities and aptitudes. For detailed information on what we collect please review the "Information We Collect From You" section of this Privacy Policy.

As described in this Privacy Policy, Protected Information we collect from consumers might be shared for business or commercial purposes with third parties. You can find more details on this third-party sharing in the 'Disclosure Of Your Information' section.

We might have disclosed all of the categories of Protected Information, listed above, based on the use case, for a business purpose in the past 12 months.

The CCPA provides consumers (California residents) with specific rights regarding their Personal Data. This section describes your CCPA rights and explains how to exercise those rights. Those rights are:

• The right to know
• The right to delete
• The right to opt-out

In accordance with applicable law, we will not discriminate against you for exercising these rights. You can exercise your right, at any time by contacting us via email at privacy@conversenow.ai, or via phone by calling 737-301-1234.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

• Provide sufficient information that allows us to reasonably verify you are the person about whom we collected Protected Information or an authorized representative.
• Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

Only you, or someone legally authorized to act on your behalf, may make a verifiable consumer request related to your Protected Information. We cannot respond to your request or provide you with Protected Information if we cannot verify your identity, or authority to make the request, and confirm Protected Information relates to you. We will only use Protected Information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.

We will respond to a Request to Opt-Out within 15 days. We will respond to Requests to Delete and Requests to Know within 45 days, unless we need more time, in which case, we will notify you and may take up to 90 days total to respond to your request.

California Do Not Track Disclosure: At this time, ConverseNow's Website does not respond to Do Not Track beacons sent by browser plugins as there is not yet a common agreement about how to interpret Do Not Track signals from browsers. However, you may delete or refuse cookies, or accept all or just stick to essential, though taking such action may limit your ability to use the Website fully. The essential category includes necessary cookies as the bare minimum for the site to function, i.e., session, consent, and security related.

OTHER STATE CONSUMER PRIVACY LAWS

Other states also have enacted comprehensive consumer privacy laws that include additional provisions and protections that may apply if you reside in any of those states, including the following state laws:

• The Colorado Privacy Act (CPA) (Colo. Rev. Stat. Ann. § 6-1-1308(1))
• The Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA) (Conn. Gen. Stat. Ann. § 42-520(c)-(e))
• The Delaware Personal Data Privacy Act (DPDPA) (6 Del. C. § 12D-106(c)-(e) (effective January 1, 2025))
• The Florida Digital Bill of Rights (FDBR) (§§ 501.711 and 501.715(2), Fla. Stat. (effective July 1, 2024))
• The Indiana Consumer Data Protection Act (INCDPA) (Ind. Code §§ 24-15-4-3 to 24-15-4-5 (effective January 1, 2026))
• The Iowa Consumer Data Protection Act (ICDPA) (Iowa Code Ann. § 715D.4(5)-(7) (effective January 1, 2025))
• The Montana Consumer Data Privacy Act (MCDPA) (Mont. Code Ann. § 30-14-2812(5)-(6) (October 1, 2024))
• Nevada Rev. Stat. 603A: Security and Privacy of Personal Information
• The Oregon Consumer Privacy Act (OCPA) (Section 5(4), 2023 Or. Laws Ch. 369 (SB 619) (effective July 1, 2024))
• The Tennessee Information Protection Act (TIPA) (T.C.A. § 47-18-3305(c)-(e) (effective July 1, 2025))
• The Texas Data Privacy and Security Act (TDPSA) (Tex. Bus. & Com. Code Ann. § 541.102 (effective July 1, 2024))
• The Utah Consumer Privacy Act (UCPA) (Utah Code § 13-61-302(1) (effective December 31, 2023))
• The Virginia Consumer Data Privacy Act (VCDPA) (Va. Code Ann. § 59.1-578(C)-(E))

These state laws may include additional provisions governing disclosure of your personal information, including provisions governing the following:

• Personal data categories collected or processed;
• Processing purposes;
• Personal data categories shared with third parties, if any;
• Categories of third parties with whom we share personal data, if any;
• The sale of personal data to third parties or processes personal data for targeted advertising and how you may exercise the right to opt out of this processing; and
• How you may exercise your consumer rights, including how to submit requests and, when available, appeal a controller's decision.

To exercise any of these rights, please contact the Parent Restaurant Organization (or their franchisee), who will send your request to us at privacy@conversenow.ai. To appeal a decision regarding a consumer rights request, please contact us at privacy@conversenow.ai.

Some browsers and browser extensions support the Global Privacy Control ("GPC") that can send a signal to process your request to opt out from certain types of data processing, including data "sales" as defined under certain laws. When we detect such a signal, we will make reasonable efforts to respect your choices indicated by a GPC setting as required by applicable law.

We will respond to your request within 30 days. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfill the purposes for which it was collected and may continue to retain and use the information even after a data subject request for purposes of our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

In any case, you are entitled to file a complaint with the competent supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that our processing of your personal data is in violation of the applicable law.

International Transfer

We are based in the United States and the information we collect is governed by data protection laws in the U.S. and other jurisdictions. However, please be aware that information collected through the voice ordering platform may be transferred to, processed, stored, and used outside of the United States as well. Data protection laws in these countries may be different from those of the United States. Your use of the voice ordering platform or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of your information in the U.S. and other jurisdictions as set forth in this Privacy Policy. If your data is collected in the European Union ("EU"), we will transfer your personal data subject to appropriate or suitable safeguards, such as standard contractual clauses.

Children's Privacy

The voice ordering platform is directed toward and designed for use by persons aged 16 or older. ConverseNow will not approve applications of or establish or maintain registrations for any child whom ConverseNow knows to be under the age of 16. ConverseNow does not solicit or knowingly collect personal data from children under the age of 16. If ConverseNow nevertheless discovers that it has received personal data from an individual who indicates that he or she is, or whom ConverseNow otherwise has reason to believe is, under the age of 16, ConverseNow will delete such information from its systems. Additionally, a child's parent or legal guardian may request that the child's information be corrected or deleted from our files.

Such requests will have to be made to the Parent Restaurant Organization (or their franchisee) and it will be the responsibility of the Parent Restaurant Organization (or their franchisee) to send this request to us, by writing to us at privacy@conversenow.ai.

Responsibility of identifying the end user will lie with the Parent Restaurant Organization (or their franchisee) before sending the request to ConverseNow.

Data Security

ConverseNow maintains reasonable physical, electronic, and procedural safeguards to help guard your information from loss, theft, misuse and unauthorized access, disclosure, alteration, and destruction. Please be aware, however, that any email or other transmission you send through the internet cannot be completely protected, and we cannot guarantee the security of your information collected through our online ordering platform.

Changes to this Privacy Policy

ConverseNow reserves the right to modify or supplement this policy at any time. If a material change to the terms of this policy is made, ConverseNow will post a notice prior to the change becoming effective on its homepage and a link to the new policy. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this Privacy Policy to check for any changes.

Contact Us

If you have questions or comments about this Privacy Policy or our privacy practices, please contact us at:

Email: info@conversenow.ai

Mail: ConverseNow Technologies, Inc.
5209 Burnet Road, Suite 200, Austin, TX 78756

Phone: (737) 301-1234