Skip to content
Legal

Privacy Policy

Last updated: February 1, 2026

Tillzen Systems, Inc. ("Tillzen," "we," "us," or "our") is committed to protecting the privacy of our customers, their employees, and visitors to our website. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our platform, visit our website (tillzen.ca), or interact with our services (collectively, the "Service").

By using the Service, you consent to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, job title, company name, phone number, and login credentials when you create an account or request a demo.
  • Customer Operational Data: Closeout records, cash count data, variance logs, tip calculation records, deposit information, manager notes, evidence uploads (photos), and approval workflows submitted through the platform.
  • Employee Data: Names, roles, hours worked, tip allocations, and payout information for restaurant staff as entered by the Customer into the platform.
  • Communication Data: Messages, inquiries, and feedback you send to us through forms, email, or support channels.
  • Billing Information: Payment method details, billing address, and transaction history. Payment processing is handled by our third-party payment processor; we do not store full credit card numbers.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, actions taken within the platform, session duration, and interaction patterns.
  • Device and Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
  • Log Data: Server logs, error reports, access timestamps, and referring URLs.
  • Cookies and Similar Technologies: See our Cookie Policy for details.

1.3 Information from Third Parties

  • POS System Data: Transaction data, sales records, and payment information received through integrations with point-of-sale systems (e.g., Toast, Square, Clover, Oracle MICROS) as authorized by the Customer.
  • Banking Data: Deposit records and reconciliation data received through authorized bank integrations.
  • Smart Safe Data: Cash deposit and count data from smart safe providers.

2. How We Use Your Information

We use collected information for the following purposes:

  • Service Delivery: To provide, operate, and maintain the Tillzen platform, including closeout workflows, variance detection, tip management, and reconciliation features.
  • Account Management: To create and manage your account, authenticate users, and process billing.
  • Communication: To respond to inquiries, send transactional emails (e.g., closeout alerts, variance notifications, demo confirmations), and provide customer support.
  • Product Improvement: To analyze usage patterns, identify bugs, and improve the Service's functionality, performance, and user experience.
  • Aggregated Analytics: To generate anonymized, aggregated industry insights and benchmarks (e.g., our annual Cost of Variance report) that cannot identify individual customers or persons.
  • Security and Fraud Prevention: To detect and prevent fraudulent activity, unauthorized access, and security threats.
  • Legal Compliance: To comply with applicable laws, regulations, legal processes, and governmental requests.
  • Marketing: To send promotional communications about Tillzen products, features, and events. You may opt out at any time.

3. How We Share Your Information

We do not sell your personal information. We may share information in the following circumstances:

  • Service Providers: With trusted third-party vendors who assist us in operating the Service, including cloud hosting (AWS), payment processing (Stripe), email delivery (SendGrid), and analytics providers. These vendors are contractually bound to protect your data.
  • Within Your Organization: Customer Data is accessible to Authorized Users within the Customer's organization according to role-based permissions set by the Customer.
  • Legal Requirements: When required by law, subpoena, court order, or governmental authority, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.
  • With Consent: When you have given us explicit consent to share your information for a specific purpose.

4. Data Retention

We retain Customer Data for the duration of the Subscription Term and for thirty (30) days following termination or expiration to allow for data export. After this period, Customer Data is permanently deleted in accordance with our data retention schedule.

Account information and usage data may be retained for up to three (3) years after account closure for legal compliance, audit, and dispute resolution purposes.

Anonymized and aggregated data may be retained indefinitely as it cannot be used to identify individuals.

5. Data Security

We implement industry-standard security measures to protect your information, including:

  • AES-256 encryption of data at rest
  • TLS 1.2+ encryption of data in transit
  • Role-based access controls for authorized users
  • Regular security assessments and incident response procedures
  • Automated backup and recovery procedures

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request correction of inaccurate or incomplete personal information.
  • Deletion: Request deletion of your personal information, subject to legal and contractual obligations.
  • Data Portability: Request a machine-readable copy of your personal information.
  • Opt-Out: Opt out of marketing communications by clicking the "unsubscribe" link in any marketing email or contacting us directly.
  • Restrict Processing: Request that we limit the processing of your personal information in certain circumstances.

To exercise any of these rights, contact us at privacy@tillzen.com. We will respond to your request within thirty (30) days, or as required by applicable law.

7. Canadian Privacy Rights (PIPEDA)

Tillzen is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA), Canada's federal private-sector privacy law. Under PIPEDA, you have the following rights with respect to your personal information:

  • The right to know what personal information we hold about you and how it is used
  • The right to access your personal information upon written request
  • The right to challenge the accuracy and completeness of your personal information and have it amended as appropriate
  • The right to withdraw consent for the collection, use, or disclosure of your personal information, subject to legal or contractual restrictions
  • The right to file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated

To submit an access or correction request, email privacy@tillzen.com. We will respond to your request within thirty (30) days, as required under PIPEDA.

You may also contact the Office of the Privacy Commissioner of Canada at www.priv.gc.ca or by calling 1-800-282-1376.

8. International Data Transfers

Tillzen is based in Canada and processes data primarily on servers located in Canada. Some of our third-party service providers (such as cloud hosting and analytics providers) may process data in the United States or other jurisdictions where data protection laws may differ from those of Canada.

Where personal information is transferred outside of Canada, we ensure that appropriate contractual and security safeguards are in place to protect your information in accordance with PIPEDA and applicable Canadian privacy law.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete such information promptly.

10. Third-Party Links and Integrations

The Service may contain links to third-party websites or integrate with third-party services (e.g., POS systems, banking platforms). This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you connect to through Tillzen.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated policy on our website with a revised "Last updated" date. If we make material changes, we will notify you by email or through the Service.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Tillzen Systems, Inc.

Privacy Team

Ottawa, ON, Canada

Email: privacy@tillzen.com

See also: Terms of Service | Cookie Policy