At LastRound, we take your privacy seriously. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use the LastRound platform at getlastround.com and any related applications or services (the "Service"). This policy applies to all users of the Service, including venue owners, managers, and staff members.
By accessing or using LastRound, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with our practices described herein, please do not use the Service.
1. Introduction
LastRound ("we," "us," "our," or "Company") provides a software-as-a-service (SaaS) operations platform designed for bars, restaurants, and hospitality venues. In the course of providing the Service, we collect and process certain information. This Privacy Policy describes what information we collect, why we collect it, how we protect it, and what rights you have regarding your data.
This policy should be read alongside our Terms of Service, which govern your use of the Service.
2. Information We Collect
We collect the following categories of information in order to provide and improve the Service:
Account Information
Data Type
Purpose
Venue name and address
Account identification and service configuration
Owner/manager name
Account ownership and communication
Email address
Account authentication, billing, and notifications
PIN hashes
Secure authentication (we store hashed PINs, never plaintext)
Operational Data
Data Type
Purpose
POS and sales data
Revenue analytics, daily reporting, and performance dashboards
Employee names and roles
Scheduling, labor cost tracking, tip management, and attendance
Financial records
Profit & loss reporting, budget tracking, and journal entries
Inventory and ingredient data
Stock management, waste tracking, and cost analysis
Event and catering data
BEO management, booking, and payout tracking
Vendor and invoice data
Vendor management, invoice processing, and expense tracking
Technical Data
When you access the Service, we may automatically collect:
Browser type and version
Device type and operating system
IP address (anonymized for analytics)
Pages and features accessed within the Service
Date and time of access
Referring URL
We collect this technical data to maintain service quality, diagnose issues, and improve the user experience.
3. How We Use Your Information
We use the information we collect for the following purposes:
Providing the Service: To operate, maintain, and deliver all features and functionality of the LastRound platform, including analytics dashboards, scheduling tools, financial reporting, and integrations
Analytics and Insights: To generate reports, dashboards, and actionable insights for your venue's operations based on the data you provide
Customer Support: To respond to your inquiries, troubleshoot issues, and provide technical assistance
Billing and Payments: To process subscription payments, send invoices, and manage your account billing through Stripe
Service Improvement: To analyze usage patterns (in aggregate), identify bugs, and develop new features and enhancements
Communication: To send you important service-related notices, including updates, security alerts, billing reminders, and changes to our terms or policies
Security: To detect, prevent, and respond to fraud, unauthorized access, or other malicious activity
We do not use your data for targeted advertising. We do not sell your personal information to third parties.
4. Data Storage & Security
We take the security of your data seriously and implement industry-standard measures to protect it.
Infrastructure
Hosting: The Service is hosted on Railway, a cloud infrastructure provider that maintains robust physical and network security controls
Databases: Customer data is stored using SQLite databases with Redis for caching and session management
Encryption in Transit: All data transmitted between your device and our servers is encrypted using TLS (Transport Layer Security) via HTTPS
Encryption at Rest: Sensitive data, including PIN hashes and integration credentials, is encrypted at rest using industry-standard encryption algorithms
Security Practices
PINs are cryptographically hashed before storage and are never stored in plaintext
Third-party integration credentials (API keys and tokens) are encrypted before storage
Access to production systems is restricted to authorized personnel only
We regularly review and update our security practices
While we implement reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we commit to promptly notifying affected users in the event of a data breach that compromises personal information, in accordance with applicable law.
5. Third-Party Integrations
LastRound connects with several third-party services to enhance your operational capabilities. When you choose to enable an integration, we access and process data from that service on your behalf.
Integration
Data Accessed
Purpose
Square
Sales transactions, payment data, item catalog
POS sync, revenue analytics, and sales reporting
QuickBooks
Financial accounts, transactions, vendor records
Accounting sync, P&L reporting, and journal entries
7shifts
Employee schedules, labor data, time entries
Schedule management and labor cost analytics
Tripleseat
Event bookings, BEOs, catering data
Event management and catering payout tracking
Stripe
Payment method tokens, subscription status
Subscription billing and payment processing
Instagram
Public posts, media, and engagement metrics
Social media feed management and monitoring
Credential Handling. When you connect a third-party service, we use secure OAuth flows or encrypted API tokens to authenticate. We do not store your raw third-party passwords. Integration tokens and API credentials are encrypted before being stored in our systems. You may revoke any integration at any time through your account settings, which will remove the stored credentials and stop data syncing.
Each third-party service has its own privacy policy and terms of service. We encourage you to review those policies. We are not responsible for the privacy practices of third-party services.
6. Data Sharing
We do not sell, rent, or trade your personal information or Customer Data to third parties.
We may share your information only in the following limited circumstances:
Service Providers: We share data with trusted third-party providers who assist in operating and delivering the Service, including our hosting provider (Railway), payment processor (Stripe), and email communication services. These providers are contractually obligated to use your data only for the purposes of providing services to us and to protect your data
Third-Party Integrations: When you enable an integration, data is exchanged between LastRound and the connected service as described in Section 5. This sharing occurs only at your direction and for the specific integrations you choose to enable
Legal Requirements: We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others
Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information
Aggregated Data: We may share anonymized, aggregated data that cannot identify you or your venue for research, industry benchmarking, or analytical purposes
7. Data Retention
We retain your data as follows:
Active Accounts: Your Customer Data is retained for as long as your account remains active and your subscription is in good standing. We need this data to provide the Service to you
After Cancellation: Upon account cancellation or termination, we will retain your Customer Data for 30 days to allow you to export your data or reactivate your account. After this 30-day period, your Customer Data will be permanently deleted from our active systems
Backup Retention: Residual copies of your data may exist in encrypted backups for up to an additional 30 days after deletion from active systems, after which they will be purged through our standard backup rotation
Legal Obligations: We may retain certain information for longer periods as required by applicable law, such as billing records for tax and accounting purposes
If you wish to have your data deleted before the standard retention period, you may submit a deletion request to support@getlastround.com, and we will process it within 30 days, subject to any legal retention requirements.
8. Your Rights & Choices
You have the following rights regarding your data:
Access: You may request a copy of the personal information we hold about you and your venue at any time
Export: You may export your Customer Data (including sales records, financial data, employee information, and operational data) at any time through the Service or by contacting support
Correction: You may update or correct your account information at any time through the Service settings
Deletion: You may request deletion of your account and associated Customer Data by contacting us at support@getlastround.com. Deletion requests are processed within 30 days
Integration Control: You may connect or disconnect third-party integrations at any time. Disconnecting an integration removes stored credentials and stops further data syncing
Communication Preferences: You may opt out of non-essential communications (such as product updates) at any time. You cannot opt out of critical service-related communications (such as billing notices and security alerts)
To exercise any of these rights, contact us at support@getlastround.com. We will respond to your request within 30 days.
9. Cookies & Tracking
LastRound uses a minimal approach to cookies and tracking technologies:
Session Cookies: We use session cookies that are essential for authentication and maintaining your logged-in state within the Service. These cookies expire when you close your browser or after your session times out
Functional Cookies: We may use cookies to remember your preferences and settings within the Service (such as your selected venue or dashboard configuration)
What We Do Not Use:
We do not use third-party tracking cookies
We do not use advertising or remarketing cookies
We do not use cross-site tracking technologies
We do not participate in ad networks or sell cookie data
Because we only use essential cookies that are strictly necessary for the Service to function, you do not need to provide separate cookie consent. However, you can configure your browser to refuse cookies, though this may affect your ability to use the Service.
10. Children's Privacy
LastRound is a business-to-business platform designed for hospitality industry professionals. The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from anyone under the age of 18.
If we become aware that we have inadvertently collected personal information from a person under 18, we will take steps to delete that information as promptly as possible. If you believe that a minor has provided us with personal information, please contact us immediately at support@getlastround.com.
11. CCPA & GDPR Rights
California Consumer Privacy Act (CCPA)
If you are a California resident, you have the following rights under the CCPA:
Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business purposes for collecting the information, and the categories of third parties with whom we share the information
Right to Delete: You have the right to request that we delete the personal information we have collected from you, subject to certain exceptions provided by law
Right to Opt-Out: You have the right to opt out of the "sale" of your personal information. However, LastRound does not sell personal information, so this right does not apply in practice
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. You will not receive different pricing, quality of service, or experience for making a rights request
To submit a CCPA request, contact us at support@getlastround.com. We will verify your identity before processing any request and respond within 45 days.
General Data Protection Regulation (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the GDPR:
Right of Access: You have the right to obtain confirmation as to whether your personal data is being processed, and to access that data
Right to Rectification: You have the right to request correction of inaccurate personal data
Right to Erasure: You have the right to request deletion of your personal data under certain circumstances
Right to Restrict Processing: You have the right to request that we limit the processing of your personal data under certain circumstances
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format
Right to Object: You have the right to object to our processing of your personal data under certain circumstances
Legal Basis for Processing. We process your personal data on the following legal bases:
Contract Performance: Processing necessary to fulfill our contractual obligations to you under our Terms of Service
Legitimate Interests: Processing necessary for our legitimate business interests, such as improving the Service and ensuring security, where such interests are not overridden by your rights
Legal Compliance: Processing necessary to comply with applicable laws and regulations
Consent: Where you have provided explicit consent for specific processing activities
To exercise your GDPR rights, contact us at support@getlastround.com. We will respond to your request within 30 days. If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:
Update the "Effective Date" at the top of this page
Notify you by email or through a prominent notice within the Service at least 30 days before the changes take effect
Provide a summary of the material changes
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after the updated policy becomes effective constitutes your acceptance of the revised policy.
13. Contact Information
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: