PlaneCater — Redefining In-flight Catering for Business Aviation

PlaneCater Privacy Policy

Last Updated: January 17, 2026.

Introduction

PlaneCater, Inc. (“PlaneCater”, “we”, “us” or “our”) is a Delaware corporation offering a web-based catering marketplace and a crew mobile app for aviation. Our platform connects flight departments and crew with catering vendors, and we act as a marketplace facilitator and Merchant of Record for orders. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our website, mobile application, and related services (collectively, the “Services”). It applies to all users of our Services, including flight department personnel, flight crew members, and catering vendor staff.

We are committed to protecting your privacy. We do not sell or rent your personal information, and we do not share data for third-party advertising or marketing purposes. All information we collect is used solely to provide and improve our Services as described below. By using PlaneCater, you acknowledge that you have read and understood this Privacy Policy.

1. Information We Collect

We collect various types of information from and about you when you use PlaneCater:

Account Information: When you register for PlaneCater, we collect personal details to create your account. This may include your name, email address, phone number, and a password (stored in hashed form). If you sign up under an organization (e.g., a flight department or company account), we also collect the organization’s name and details. Organization accounts can have user roles (admin, scheduler, member); for example, an admin can manage users, and a scheduler can place orders on behalf of crew members. We record your role and association with an organization. (Note: We do not require or store any government-issued IDs or sensitive personal identifiers for basic account creation.)
Flight and Order Information: When you place a catering order, we collect details about the flight and order. This includes the aircraft tail number, the flight or trip details relevant to catering (such as airport or FBO location for delivery, and scheduled delivery time), the items ordered and quantities, and any special instructions or dietary/allergy notes you provide. We understand that tail numbers and flight details can be sensitive, and we treat them as confidential (see Tail Number Confidentiality below). Importantly, we do not collect or store passenger manifest information or passenger names in any structured way. Any references to passengers (e.g. number of passengers or general dietary preferences) are kept high-level without personal identifiers.
Catering Preferences and Notes: You may provide additional information related to orders, such as favorite vendors or past order preferences, and notes about crew or passenger dietary restrictions. We store these to streamline future orders (for instance, remembering that a certain tail number prefers vegetarian meals, or noting allergy warnings for an order).
Payment Information: When you or your organization pays for an order through our platform, the payment is processed by our third-party payment processor, Stripe. We do not store full credit card numbers or bank account numbers on our servers. Stripe handles the sensitive payment data directly. What we do retain are limited payment details and tokens from Stripe: for example, the card brand/type, the last four digits of the card number, the card’s expiration month and year, and a Stripe customer ID or payment token associated with your account[1][2]. This information allows us to identify your payment method for refunds, receipts, and future orders (e.g., showing you the last 4 of the card you used) without exposing full card details. For ACH (bank transfer) payments, we similarly receive a masked account identifier and confirmation from Stripe. If your organization chooses to use “direct billing” for an order (meaning you pay the vendor outside of our platform), we will record that the order was marked as direct-billed but we do not collect any payment card or bank details for that transaction.
Vendor Information: If you are a catering vendor on PlaneCater, we collect information about your business and your staff users. This includes the vendor company name, business address, contact persons’ names, phone numbers, and email addresses. Vendors may also provide tax or payment details for payout purposes (for instance, information needed to receive payments via Stripe or bank transfer). We also store any content vendors upload to the platform, such as menu descriptions and images of food items. Vendor staff users will have their login credentials and contact info collected similarly to other users.
Communications (Chat and Messaging): PlaneCater provides an in-app chat system for communication between flight crew/schedulers and vendors regarding orders. If you use the chat feature to send messages (for example, to clarify an order request or coordinate a delivery at the airport), those messages are stored in our system. They are visible to the participants involved in the order (e.g., the flight crew/scheduler who placed the order and the vendor fulfilling it) and to PlaneCater support staff if needed for troubleshooting. We also collect any other communications you send to us, such as emails or support tickets, and any feedback or responses you provide in surveys.
Device and Usage Data: We automatically collect technical information about how you access and use our Services. This includes device identifiers and characteristics (e.g., your device type, operating system version, browser type if using the web app), IP address, and timestamps of log-ins and actions. We log usage data such as pages or screens viewed, features used (for example, searching for a vendor or creating an order), and other activity on the platform. We utilize Firebase Analytics (a Google service) to help us gather usage insights; this may involve collecting non-identifiable app instance IDs or similar analytics identifiers. This data helps us improve the user experience and troubleshoot issues. Location Data: PlaneCater does not continuously track your GPS location. We may collect location information only when you actively provide it—for instance, if you search for catering options near a specific airport or allow the app to use your current location at that moment to suggest nearby vendors or airports. This location input is used on a one-time basis for that search and is not stored as a continuous log of your movements. (For example, you might type in or select “Teterboro Airport (KTEB)” as your location, or allow the app to find nearby airports once, but we are not pinging your device GPS in the background.)
Cookies and Similar Technologies: Like most online services, we use cookies and similar tracking technologies on our website. These help us remember your preferences and facilitate account login. For example, when you sign in on the web portal, a session cookie keeps you logged in. Cookies also help with site features like saving your selected organization (if you belong to multiple) or keeping items in an order cart. We also use cookies/analytics scripts for internal metrics (see Cookies section below for more detail). We do not use cookies for third-party advertising.

In summary, the information we collect is primarily what you provide to us (account details, orders, messages, etc.) and what is generated through your interactions (usage logs, etc.). If we ever need to collect personal data beyond these categories, we will update this Privacy Policy or provide an additional notice.

2. Use of Information

We use the collected information for various purposes in operating and enhancing PlaneCater’s Services. The main uses include:

Providing Our Services: We use your information to operate the PlaneCater marketplace and fulfill orders. This includes processing catering orders you place, coordinating between you and vendors, and delivering the services you request. For example, we use flight details and tail numbers to ensure catering is delivered to the correct aircraft and location. We use order details (like items and quantities) to inform the vendor what to prepare, and allergy or dietary info to help vendors accommodate those needs. Account information is used to log you in and authenticate you. In short, all the data described in Information We Collect is utilized as needed to carry out the functionality of the platform.
Marketplace Facilitation & Transactions: As a marketplace facilitator and Merchant of Record, PlaneCater uses personal and payment information to handle transactions on the platform. We charge flight departments or crew for orders (via Stripe) and then pay the catering vendors. We use payment tokens and records to process these charges and to prevent fraud. We also calculate and deduct our platform fee from vendor payouts automatically. Information like order history and organization details may be used for invoicing or billing summaries (for organizations that need expense reports, etc.). We keep records of transactions for accounting, audits, tax compliance, and dispute resolution. For direct billing orders (where the platform isn’t processing a payment), we still use order information to connect you with the vendor, but note that payment is handled offline per your arrangement with the vendor.
Communications and Customer Support: We use contact information (email, phone number) and in-app identifiers to communicate with you about your use of the Service. This includes sending transactional notifications such as order confirmations, updates when an order status changes, and delivery confirmations. For instance, after you place an order, we’ll send a confirmation with the details; as the vendor prepares and delivers it, you might get updates (e.g., “Your catering is en route to XYZ Airport”). We might contact you if there’s an issue with an order (for example, an item is unavailable and the vendor suggests a substitute). We also use your info to respond when you reach out for support or with a question – e.g., if you email support or use a help chat, we’ll review your account and order info to assist you. Important: These communications are not marketing – you will not receive promotional emails or texts, only service-related messages.
Tail Number Confidentiality Enforcement: As further detailed in the next section, we apply special handling to tail numbers and flight data. Internally, we use this information strictly to facilitate the specific orders and services (like showing the vendor where to deliver, or letting your organization’s dispatch see upcoming orders for a tail). We do not use tail number or flight info for any analytics, profiling, or marketing purposes. If we create aggregate metrics (like total orders per airport), tail numbers are stripped out or anonymized. Protecting the confidentiality of this operational data is a key use principle for us.
Improvement and Analytics: We use usage data, feedback, and analytics to improve PlaneCater. For example, we might analyze how users navigate the app to refine the user interface, or review search query logs to ensure our airport database is comprehensive. We monitor performance and error logs (which may include user IDs or device info) to debug software issues. We may also use aggregated order data to plan new features (e.g., if many users request certain types of catering, we might onboard more vendors in that category). All such analysis is done in-house; we do not share your personal analytics data with advertisers. Any external analysis (like demonstrating our platform’s usage statistics) would only use anonymized information.
Safety and Security: We use information to maintain the integrity and security of our platform. This includes using data to prevent fraud and unauthorized access. For instance, we might use device and IP information to detect if an account login seems suspicious (like a login from a new country) and prompt for verification. We keep logs of important actions (like payments or account changes) to detect and investigate irregularities. Chat messages may be reviewed if abuse is reported, to ensure users are not violating our policies or engaging in harassment. We also use data in protecting legal rights – for example, retaining information that would help us demonstrate compliance with agreements, or using records to resolve any legal disputes.
Legal Compliance: We may process personal information to comply with applicable laws, regulations, and contractual obligations. For example, payment records are kept to satisfy financial regulations and tax laws (e.g., for tax reporting we might need to know total payments processed). If law enforcement or aviation authorities lawfully require information (such as details of an order or user), we may use and disclose data as needed to comply (see Data Sharing below for more on this). Additionally, if you exercise privacy rights (like requesting a copy of your data), we will use your information to fulfill that request and to log our compliance with such requirements.

In summary, we use your data solely to serve you and operate our business – not to exploit it. We do not use your personal data for any form of third-party advertising or profiling unrelated to our aviation catering services. If we plan to use information for any purpose beyond the above, we will seek your consent or provide the appropriate notice.

3. How We Share Your Information

We recognize that aircraft tail numbers and related flight details are highly sensitive information in the private aviation community. PlaneCater treats all tail numbers and operational flight data with strict confidentiality and care. Here’s how we protect and limit the use of this information:

Need-to-Know Access: Tail numbers and flight details (such as aircraft type, departure/arrival locations, flight times) are only disclosed to parties who need that information to service the order. This means that within your own organization account, only authorized personnel (e.g., your dispatchers, schedulers, or crew assigned to that flight) can view the flight’s catering order details. When you place an order for a specific tail, that order (with the tail number and details) is visible to you and others in your organization with the appropriate permissions, but not to anyone outside your organization.
Vendors: The catering vendor fulfilling your order will see the tail number and flight information only for the purpose of completing the delivery. For example, the vendor will know that an order is for aircraft tail “N123AB” arriving at ABC Airport at a certain time, so they can deliver to the correct plane. Vendors are contractually and ethically obligated to keep this information confidential and use it only for the order. They do not receive any more flight info than necessary (they typically don’t see passenger names, or details beyond what’s needed to deliver the food).
No Public Disclosure: We will never publish your tail numbers or flight schedules publicly. PlaneCater does not have any public-facing feed or list of flights or orders. Each user and organization only sees their own data. We also avoid using identifiable flight examples in our marketing. Internally, if we generate metrics (e.g., total orders per month, popular delivery airports), we remove or anonymize any tail numbers or personally identifying details.
Internal Protections: Within PlaneCater, access to tail number data is restricted to employees who need it to support our services (for example, a support agent helping with an order might need to view the details). All employees and any third-party service providers who might assist us are bound by strict confidentiality obligations regarding the data[3]. We train our staff on the sensitive nature of private aviation data. Any handling of such information internally is logged and monitored.
Security Measures: Tail number and flight data is stored securely in our databases with the same high security standards described in Data Security below. We treat this data as highly confidential. For instance, if you have specific requirements (some aircraft owners participate in programs to block tracking of their tail numbers), we will work with you to apply any additional privacy measures available in our system for those tails.
Third-Party Requests: If for some unlikely reason a third party (e.g., an authority or legal request) demands access to flight or tail number information, we will verify the legitimacy of the request and only comply if legally required. We would also, where permitted, inform the affected customer (you) of such requests.

In essence, PlaneCater is built to respect the privacy of your flight operations. We understand the trust you place in us when providing tail numbers and schedules, and we take that responsibility seriously. If you have any further concerns about how we handle tail or flight information, please contact us and we will be happy to discuss our practices in more detail or accommodate special requests whenever possible.

4. Tail Number Confidentiality

Need-to-Know Access: Tail numbers and flight details (such as aircraft type, departure/arrival locations, flight times) are only disclosed to parties who need that information to service the order. This means that within your own organization account, only authorized personnel (e.g., your dispatchers, schedulers, or crew assigned to that flight) can view the flight’s catering order details. When you place an order for a specific tail, that order (with the tail number and details) is visible to you and others in your organization with the appropriate permissions, but not to anyone outside your organization.
Vendors: The catering vendor fulfilling your order will see the tail number and flight information only for the purpose of completing the delivery. For example, the vendor will know that an order is for aircraft tail “N123AB” arriving at ABC Airport at a certain time, so they can deliver to the correct plane. Vendors are contractually and ethically obligated to keep this information confidential and use it only for the order. They do not receive any more flight info than necessary (they typically don’t see passenger names, or details beyond what’s needed to deliver the food).
No Public Disclosure: We will never publish your tail numbers or flight schedules publicly. PlaneCater does not have any public-facing feed or list of flights or orders. Each user and organization only sees their own data. We also avoid using identifiable flight examples in our marketing. Internally, if we generate metrics (e.g., total orders per month, popular delivery airports), we remove or anonymize any tail numbers or personally identifying details.
Internal Protections: Within PlaneCater, access to tail number data is restricted to employees who need it to support our services (for example, a support agent helping with an order might need to view the details). All employees and any third-party service providers who might assist us are bound by strict confidentiality obligations regarding the data[3]. We train our staff on the sensitive nature of private aviation data. Any handling of such information internally is logged and monitored.
Security Measures: Tail number and flight data is stored securely in our databases with the same high security standards described in Data Security below. We treat this data as highly confidential. For instance, if you have specific requirements (some aircraft owners participate in programs to block tracking of their tail numbers), we will work with you to apply any additional privacy measures available in our system for those tails.
Third-Party Requests: If for some unlikely reason a third party (e.g., an authority or legal request) demands access to flight or tail number information, we will verify the legitimacy of the request and only comply if legally required. We would also, where permitted, inform the affected customer (you) of such requests.

5. Payment Processing

PlaneCater uses Stripe as our payment processor to handle credit card and ACH (bank) transactions. Below is how payment data is handled:

Payment Details Collection: When you input your payment information (such as a credit card number or bank account for ACH) into PlaneCater, that information is transmitted directly to Stripe via a secure, encrypted connection. We intentionally design the system so that sensitive card data bypasses our servers and goes straight to Stripe, which is certified to handle it. Stripe then returns a secure token or identifier to us that represents your payment method.
No Storage of Full Financial Info: We do not store your full card number, CVV, or bank account numbers on our servers. Stripe securely stores that information on our behalf. The only payment-related data we retain in our system is non-sensitive, partial information and tokens for record-keeping and functionality. This includes details like the card type/brand (e.g., Visa or MasterCard), the card’s expiration month and year, and the last four digits of the card number[1]. We also store the Stripe-generated customer ID or payment method ID that corresponds to your saved payment method[2]. These pieces of information allow us to (a) display to you and admins which payment method is on file (e.g., “Visa ending in 4242, exp 12/2025”), and (b) reference the correct card for future charges without ever seeing the full card number ourselves.
Platform Charges and Payouts: When you place an order and pay through the platform, Stripe charges your card or bank account for the order amount. Stripe then forwards the payment (minus our platform fee) to PlaneCater’s account. PlaneCater, as Merchant of Record, is responsible for paying the vendor for their portion. We then initiate a payout to the vendor (either through Stripe Connect or via separate payment arrangements). For vendors receiving payouts, Stripe (or our banking partner) processes those payouts, and we might retain basic info about where the payout was sent (e.g., to which bank account, identified by a name or last4 of account number). All such financial transfers are done securely.
Direct Billing Orders: If you choose the “Direct Billing” option for an order (where you arrange to pay the vendor outside of our platform, for example by invoice or a corporate account with that vendor), PlaneCater will not process any payment for that order. In this scenario, we mark the order in our system as payment handled outside platform and no Stripe transaction occurs. We do not collect any credit card info for direct-billed orders. Any payment details you share for direct billing (for instance, if you provide a credit card directly to the vendor, or have an account on file with them) do not go through PlaneCater. Our system will still record the order details and that it was direct-billed (so you have it in your order history), but the financial aspect is solely between you and the vendor.
Security and PCI Compliance: Stripe is a Level 1 PCI DSS-compliant payment processor, which means it adheres to the highest standards of payment card security. By using Stripe, we ensure that credit card data is handled in compliance with PCI standards. Our servers never see the full card data, greatly reducing risk. The limited payment info we do store (like last4 and tokens) is not sufficient to make unauthorized charges. It’s essentially for reference and linking to Stripe’s records. (For example, storing the last 4 digits of a card is generally considered safe and is outside the scope of full PCI compliance requirements[1]. Similarly, Stripe’s tokens are designed to be unusable by anyone except our account with Stripe.)
Stripe Privacy: When Stripe processes a payment, it may collect or receive personal data about the cardholder (such as billing name, billing address, and of course the payment details). This data is subject to Stripe’s own privacy policy. Stripe might use the data for fraud prevention and regulatory compliance (for example, screening for fraudulent transactions or complying with anti-money laundering laws). We recommend reviewing Stripe’s Privacy Policy if you want more insight into their practices. PlaneCater only shares with Stripe the information that is necessary to process payments – typically, the order amount, your payment details, and billing info if needed. We do not control how Stripe uses that information beyond our transaction (though they primarily use it to process the payment and meet legal obligations).
Retention of Payment Data: We retain the Stripe tokens and associated payment records as part of your order history. If you delete a payment method or your account, we will purge the associated token from active use (so it can’t be charged via PlaneCater anymore). However, we may retain transaction records (which include, for example, that a certain card ending in 4242 was charged X dollars on a date) for legal and accounting purposes. Again, those records contain no sensitive card details.

In short, PlaneCater handles payments in a secure manner by offloading sensitive processing to Stripe and only keeping what’s necessary. If you have any questions about making payments or security concerns related to payments, please contact us.

6. Communication

PlaneCater will communicate with you in order to provide our services, but we strive to avoid any unnecessary or unwelcome communications. Specifically:

Transactional Communications: These are messages that are triggered by your use of the Service and are necessary for its operation. They include:
Order Updates: We will send you confirmations when you place an order, and notifications as the order progresses (accepted by vendor, out for delivery, delivered, etc.). For example, if a vendor updates the status to “Delivered”, we might send a push notification or email saying “Your catering order for Flight X has been delivered.”
Reminders and Alerts: If you have a scheduled order coming up, we might remind you or the vendor a few hours ahead. If an order is waiting for vendor acceptance or if there’s a message in the chat that you haven’t seen, we may notify you.
Account and Security Alerts: This includes emails or messages to verify your email address upon sign-up, password reset emails, MFA (multi-factor authentication) codes if you enable that, or alerts about new device logins to your account.

These communications are considered part of the Service. You cannot opt out of receiving critical transactional communications (aside from not using the service), because they are necessary for order fulfillment and account security.

In-App Chat Notifications: When you participate in an order’s chat (messaging between crew and vendor through PlaneCater), we send notifications to let you know when there’s a new message. For example, if a vendor asks a question about your order via chat, you might get a push notification on your phone saying “New message from Catering Co.” or an email notification if you’re offline. These ensure timely communication to get your order right. Similarly, vendors get notified of messages you send.
Push Notifications & SMS: We use Firebase Cloud Messaging for push notifications within our mobile app, and we may use SMS (text messages) for certain alerts (for instance, if a crew member does not have the app installed or as a backup for urgent alerts). Push notifications will appear on your device if you have logged into the app and allowed notifications. SMS might be used, for example, to notify a vendor who prefers texts or to send a quick update to a crew member’s phone. We only send SMS for important transactional updates, not for marketing. Standard messaging rates apply as per your carrier. You can manage push notification preferences in your app settings (e.g., you might mute non-critical pushes), but critical alerts may still be sent via SMS if necessary for safety or order completion.
No Marketing Spam: We do not send promotional emails or newsletters to our users at this time. We also do not share your contact info with third parties for their marketing. You will not receive any communications from PlaneCater that are advertisements or marketing of other services. The only exception might be if we launch a new feature or update that directly affects users, we might send a one-time informational notice – but generally, we prefer to inform you of updates through in-app notifications or upon login rather than emailing you. If this policy changes and we introduce some form of marketing communication, we will update this Privacy Policy and provide opt-in mechanisms.
Customer Support Communications: If you reach out to us for help (via email, phone, or in-app help chat), we will respond using the contact information you provided. Those communications are of course not marketing; they’re direct responses to your inquiries. We may also follow up with you after an issue is resolved to ensure things are working correctly.
Organization-Level Communications: If you belong to an organization on PlaneCater, there may be cases where we communicate with the organization’s admin or designated contact about account-wide matters (e.g., billing issues, or changes to organizational features). We rely on the contact information given for the organization. These communications are typically via email or phone.

We aim to keep communications respectful of your time and preferences. You will not be auto-subscribed to any mailing lists. If at any point you believe you are receiving unwanted communications from us, please let us know and we will investigate and honor any suppression/opt-out requests to the extent applicable.

7. Cookies and Similar Technologies

When you use the PlaneCater website (and to a lesser extent, the mobile app), we and our service providers use cookies and similar technologies to provide and enhance the Service. Here’s how we use them:

Essential Cookies (Website): These are cookies without which the site wouldn’t function properly. For example, when you log into the web portal, we set a session cookie so you remain logged in as you navigate between pages. This cookie contains a unique ID tied to your account session (not your password or personal details) and is typically deleted or expires when you log out. We may also use cookies to remember your organization selection (if your user account has access to multiple organizations) or other preferences to make your experience smoother.
Functional Cookies: We might use cookies or local storage to save user preferences like interface settings or to store temporary data (for instance, if you start filling out an order but haven’t submitted it yet, we might store the in-progress order items so that they persist if you refresh the page accidentally). These improve your experience but are not strictly necessary.
Analytics Cookies/Tools: We utilize first-party analytics to understand user interactions. On the web, this may involve a Google Analytics cookie or similar technology deployed via Firebase. These help us collect information such as page load times, how you navigate through our site, and any errors you encounter. The analytics data helps us improve site performance and design. Importantly, we have configured our analytics not to collect any unnecessary personal data – for example, we don’t record your actual input data through analytics, only events (like “button X clicked”). We also do not use third-party advertising cookies. The analytics are solely for our internal use and are not used to target ads to you.
Third-Party Cookies: The PlaneCater website has minimal third-party content. However, certain third-party integrations might set cookies. For example, if we embed a map (for airport locations) from a service like Mapbox or Google Maps, those services might set their own cookies for functionality. Similarly, Stripe might set a cookie if you interact with a Stripe payment form on our site (to remember your device or for fraud prevention). We do not allow third-party advertisers to set cookies on our site. Any third-party cookies in use are there to support core functionality (maps, payments, etc.) or basic analytics.
Mobile App Technologies: While mobile apps don’t use cookies in the same way browsers do, they use similar techniques. For instance, the PlaneCater app may store data on your device (in secure storage) to keep you logged in and to cache content for offline use. The app also uses device identifiers for push notifications (a device token from Apple or Google) and for Firebase Analytics (an instance ID) – these are not cookies, but they serve to uniquely (but anonymously) identify your app installation for delivering notifications and aggregating usage info.
Your Choices: When using the website, you can control cookies through your browser settings. You have the option to refuse or delete cookies. However, please note that if you block essential cookies, our website may not function correctly – for example, you might be unable to log in or your session might not persist. We do not currently have a complex cookie banner on our site because we do not use non-essential third-party cookies that would trigger certain jurisdictional requirements (like EU cookie consent for advertising cookies). If that changes, we will implement the appropriate consent mechanisms.
Do Not Track: “Do Not Track” (DNT) is a setting in some web browsers that signals a preference not to be tracked across sites. Our site currently does not respond to DNT signals specifically, because we do not engage in cross-site tracking of users in the first place. We also do not have third-party ads that would track you. Rest assured, we limit tracking to our own platform usage as described.

In summary, our use of cookies and similar tech is minimal and focused on making PlaneCater work efficiently for you. We do not use them to profile you or gather data outside of your interactions with PlaneCater.

8. Data Sharing and Disclosure

PlaneCater shares personal information with third parties only in the ways that are necessary to provide our Services and as required by law. We do not sell personal information to data brokers or advertisers. Here are the categories of third parties and instances where we disclose data:

Catering Vendors (Order Fulfillment): When you place an order, we share the relevant details of that order with the chosen catering vendor so they can fulfill it. This includes your name and/or the point of contact for the order (for example, the crew captain’s name if provided), the aircraft tail number and delivery details (airport, FBO, requested delivery time), the ordered items and quantities, and any special instructions or allergies noted. If the vendor needs to contact you for coordination, we may also share a contact phone number (e.g., a crew member’s phone if provided for that purpose). Vendors only receive information for orders you have placed with them. They cannot see any of your other orders with other vendors, nor any of your payment information (aside from knowing whether an order was prepaid through the platform or marked as direct bill). Vendors are expected to use this information solely for preparing and delivering the catering and not retain or use it for other purposes outside the order. (Many vendors will have their own privacy practices as well, especially if you have a direct relationship with them outside PlaneCater.)
Your Organization and Users: If you are using PlaneCater as part of an organization (such as a flight department with multiple team members), certain data is shared among users within that organization for operational coordination. For example, an organization’s administrator can view all orders placed under the organization’s account, including who placed the order, the tail number, items, and costs. Schedulers can place orders on behalf of crew members, and those crew members can see the details of orders scheduled for their flights. Essentially, any data you input or actions you take as part of an organization account may be visible to other authorized members of that same organization. This is inherent to how the service works (enabling team collaboration). If you have a personal account not linked to others, your data isn’t shared with anyone except the vendors and service providers as described in this policy.
Service Providers (Processors): We employ trusted third-party companies to perform tasks on our behalf and help us operate the Service. These service providers only receive the information necessary for them to perform their specific services, and they are contractually obligated to protect it and use it only for our purposes. Key service providers include:
Stripe: as discussed, Stripe processes all payments. We share with Stripe the information required to charge or payout funds (order amount, payment method details, billing info). Stripe in return provides us with confirmation and partial payment data. Stripe may also run fraud detection or compliance checks with the data. (Stripe is a data processor in this context, and in some cases a separate data controller for the financial info.)
Cloud Hosting (AWS and Azure): We host our application backend, databases, and files on Amazon Web Services and Microsoft Azure cloud infrastructure (in U.S. data centers). These cloud providers store and compute on our data under our control. They have robust security measures; for example, data stored with them is encrypted at rest by default[4]. The cloud providers do not access your personal data for their own purposes – it resides on their servers, but we manage it. In essence, they are like a secure extension of our own IT environment.
Firebase (Google) Services: We use Google’s Firebase platform for several features:
Authentication: Firebase Auth manages user login and credentials (including features like password resets, and possible future use of social logins). If you log in with email and password, Firebase Auth handles verification of those credentials. If you log in via a Google account or other identity provider in the future, Firebase will facilitate that. Firebase thus processes your login email/phone and password (hashed) or auth tokens.
Analytics: Firebase Analytics collects app usage data (as described in Device and Usage Data) for our internal analysis. The data shared with Firebase may include device identifiers and event data (like “user opened Order screen”). This data is mainly aggregated for us to view usage patterns.
Cloud Messaging: Firebase Cloud Messaging is used to send push notifications to the app. It uses device tokens (unique IDs for your device) and message content (like “Order #123 is ready”) to deliver notifications. Google does not use these messages for any advertising; it simply passes them through to your device.
Crashlytics: (If used) Firebase Crashlytics helps us receive crash reports and error logs from the app. These reports could contain technical info like device model, OS version, and possibly the state of the app when it crashed (which might indirectly include user IDs or order IDs in memory).
Google (Firebase’s parent) is a data processor for us, meaning they are not allowed to use the personal data from these services for any purpose other than providing the Firebase services to us. They also have strict security and privacy controls in place.
SMS and Email Services: To send SMS texts, we may use Amazon SNS or Firebase’s SMS functionality. To send emails (for order confirmations, etc.), we might use an email delivery service (such as SendGrid or AWS SES). These services will see the content of the message and the recipient’s contact (phone or email) in order to deliver it. They are not permitted to use that info beyond sending the message. For example, if an order confirmation email goes through SendGrid, SendGrid acts as our processor to simply transmit that email to you.
Other Tools: We use various other tools in running our business that might process personal data incidentally. For instance, our customer support ticketing system will store your email if you email us, along with the conversation. Our internal communication or project management tools might, in the course of support, hold some user info (like an order number we’re investigating). We ensure any such tools and vendors are reputable and have privacy commitments in place.

We strive to keep the list of service providers limited and ensure they have strong data protection standards. If we change or add major processors, we may update this policy or our website to reflect that.

Business Transactions: If PlaneCater ever goes through a corporate transaction such as a merger, acquisition, sale of assets, or investment, user information could be among the transferred assets. For example, if another company acquires PlaneCater, your information would likely be transferred to that company as part of the ongoing business. In such cases, we will ensure that the new owner continues to honor the privacy commitments made in this policy. We will also provide notice (e.g., via the website or email) if a transfer like this materially affects your personal data or its usage, so you’re aware of any new entity handling your information.
Legal and Safety Disclosures: We may disclose personal information outside of our platform if we believe in good faith that such disclosure is necessary to:
Comply with Laws or Legal Process: If we receive a valid subpoena, court order, or other legal mandate, we may have to share the requested data. For instance, if a government agency lawfully demands records of orders (perhaps as part of an investigation), we will comply after verifying the request’s legitimacy. We will attempt to notify you of any such request if we are legally allowed to do so.
Enforce our Rights: We might share data as needed to enforce our Terms of Service or other agreements, or to collect unpaid fees. For example, if a user has defrauded the platform, we might share relevant information with law enforcement or debt collection agencies.
Protect Users and Third Parties: If necessary, we may share information to protect the rights, property, or safety of our users, vendors, or others. For instance, if you report that you believe a vendor’s actions were unlawful, we might provide details to authorities.
Emergency Situations: If someone’s health or safety is at risk (e.g., a severe allergic reaction situation where medical personnel need to know what was ordered), we would share information in an emergency to assist, though such cases are rare and would typically be handled by the crew/vendor on scene rather than our data.

In all cases of sharing, we minimize the data disclosed to what is relevant and necessary. We also ensure appropriate safeguards are in place. For example, when sharing with service providers, we use data processing agreements to ensure they handle data in line with privacy laws and our policies.

Furthermore, PlaneCater does not share or sell personal information for marketing or advertising purposes. You will not find your data being brokered or used by third parties to send you ads. We maintain a strict focus on using your information only to serve you and run our platform.

9. Data Retention

How long do we keep your data? We retain personal data for as long as it is needed to provide our Services and for legitimate business or legal purposes. The retention periods can vary depending on the type of data and the context of its provision:

Account Data: If you have an account with us, we retain your account information (like your profile and login credentials) as long as your account is active. If you or your organization decides to delete your account, we will delete or anonymize personal information associated with you, subject to the exceptions below. However, if an account remains inactive but not deleted, we currently retain the data indefinitely (so that if you come back, your account is still there). We do not yet have an automatic deletion policy for dormant accounts, but we may introduce one in the future and will update this policy accordingly.
Order and Flight Data: We keep records of orders and related flight details indefinitely by default. This is because flight departments and users often find it useful to reference past orders (for re-ordering the same items, expense accounting, or addressing any service quality issues). Unless you request deletion, your past order history remains available to you and your organization. If an organization that you belong to is terminated or deletes its account, we will delete or anonymize the order data associated with that organization as part of that process (again, except for data we must retain for legal reasons like financial records).
Chat Messages: Communications through our platform (chat between crew and vendors, or any direct messages) are stored as part of the order record and retained similarly. This is important for maintaining context on orders (e.g., if later there’s a question about what was agreed with the vendor via chat). If you request deletion of your account, chat messages you sent may be deleted or anonymized in our system, but note that the other party (e.g., the vendor) might still retain a copy in their account’s history. We treat chat content like order data for retention purposes.
Payment Records: We retain transaction information (amounts, payment method used, Stripe transaction IDs, etc.) as part of financial records potentially for a significant period (at least several years) to comply with accounting rules, tax regulations, and anti-fraud record-keeping. Even if an account is deleted, we may retain payment records associated with that account in our offline archives or databases as required by law or our legitimate interests (for example, maintaining proof of revenue for tax filings). However, those records would not be readily accessible to a user once the account is deleted, and they would only be used as needed for audits or legal obligations.
Direct Communications: If you emailed our support or had a support ticket, we may retain those communications for a period of time to ensure we have history of support interactions (which helps in providing better service if you contact us again, and for training or quality assurance). Typically, support emails might be retained indefinitely in our email archives, unless you specifically request we delete certain communications and it’s feasible to do so.
Legal Holds: If we are under a legal obligation to retain data (for example, a preservation order in litigation, or information relevant to an investigation), we will retain that data until we are legally permitted to delete it. This can override other retention decisions (meaning we might keep certain data longer than normal if required).
Deletion and Anonymization: When you request deletion of data or when we decide to purge data that is no longer needed, we will securely remove it from our production systems. However, please note that backups and archives may still retain copies of data for some additional time. Our backups are cycled and encrypted; personal data in backups will eventually be overwritten or destroyed in the normal course of backup rotation. We do not use backup data for active operations — it is only there for disaster recovery. Thus, if something remains in a backup for a period, it’s not accessible to run-of-the-mill queries or employees, except if needed for restoration.
Indefinite Retention Policy (Subject to Change): At this time, PlaneCater’s policy is to retain data indefinitely unless a deletion is requested. We have chosen this approach to prioritize continuity for our users (e.g., making repeat orders easy, keeping records for your convenience) and due to the relatively small scale of data per user. We may, however, in the future implement automated retention limits (for example, auto-deleting chat messages after a certain number of years, or removing accounts that have been inactive for, say, 5+ years). If we implement such changes, we will update this Privacy Policy and, if required, notify users.
User Deletion Requests: If you wish to have your personal data deleted, you can make a request (see Your Legal Rights and Choices below). Upon such a request and verification of identity, we will delete or anonymize your personal information from our active databases. However, as noted, we might keep minimal information as needed for legal compliance (e.g., noting that “user X’s account was deleted on Y date” or retaining payment records minus personal identifiers).

In summary, our aim is to keep data only as long as necessary. We value your trust and will not retain data longer than we need to. If you have specific concerns about our retention of certain data, please reach out to us and we will do our best to accommodate reasonable requests in line with our legal obligations.

10. Data Security

PlaneCater implements a variety of security measures to safeguard your personal information. We understand the sensitive nature of flight operations and payment data and treat security as a top priority.

Encryption in Transit: All communications between your device (web browser or mobile app) and our servers are encrypted using industry-standard HTTPS/TLS encryption. This means that when you log in, place orders, send messages, or otherwise transmit information, it’s encrypted so that third parties cannot eavesdrop on the content. You can verify this by looking for “https://” and a lock icon in your browser address bar when using our web app. Similarly, our mobile app connects via secure channels.
Encryption at Rest: Our databases and storage systems are hosted on Amazon Web Services and Microsoft Azure cloud platforms in the U.S. These providers automatically encrypt data stored on disk (data “at rest”) using strong encryption algorithms and managed encryption keys[4]. In other words, any personal data in our database is encrypted at the storage level by default. We do not apply additional custom encryption on each data field at the application level (since our system needs to read/write data for normal operations), but we rely on the cloud providers’ built-in encryption and our strict access controls to keep your stored data secure. This means that even if someone were to obtain a hard drive from our cloud servers, they would not be able to read the data without the encryption keys (which are managed securely by the cloud platforms).
Application Security & Access Control: Within the PlaneCater application, we enforce role-based access control and data partitioning. An organization’s data is isolated so that another organization cannot access it. Vendors can only see information pertaining to orders they are fulfilling. Our API and application code include checks to ensure that a user requesting data has permission to access it. We regularly review our code for security vulnerabilities and keep our software and frameworks up to date with security patches.
Authentication and Account Security: Passwords are stored hashed using a strong algorithm (never in plaintext). We may employ additional security features such as login attempt throttling (to prevent brute-force attacks) and optional two-factor authentication (2FA) for accounts. We encourage users to use strong, unique passwords for PlaneCater. We also monitor for suspicious login activity; if detected, we may require re-authentication or notify the user. Session tokens (which keep you logged in) are securely generated and stored (and they expire after a period or upon logout). If you are an organization admin, we advise using the provided tools to manage your users rather than sharing accounts, to maintain accountability and security.
Employee and Contractor Access: Access to personal data within PlaneCater is limited to authorized personnel who need it to perform their job (principle of least privilege). For example, our customer support team may need to view your account or order details to help you with an issue, but they will not have unnecessary access to data they don’t require. All employees and contractors with potential access to personal data are required to adhere to confidentiality obligations and our internal privacy and security policies[3]. We conduct background checks where appropriate and train our team on data security practices regularly.
Network and System Security: We use firewalls and network segmentation to protect our servers. Administrative access to servers is tightly controlled and requires secure authentication (e.g., SSH keys or VPN with MFA). We deploy anti-malware and monitor for intrusions on our infrastructure. Our databases are configured with security in mind – for instance, they are not directly exposed to the internet, only accessible through our application layer and specific secure channels.
Payment Data Protection: As noted in Payment Processing, we do not handle raw credit card numbers. By delegating to Stripe, we reduce the risk exposure of handling payment data. The limited payment info we do store (last4, expiry, etc.) is not sufficient for a malicious actor to misuse. Additionally, Stripe tokens and IDs are useless outside of our Stripe account context (and our Stripe account itself is protected with its own security and access controls).
Monitoring and Auditing: We actively monitor our systems for potential security events. This includes keeping logs of important actions, using automated tools to detect anomalies, and conducting periodic security audits and penetration testing (either internally or with external specialists). If we discover any issues or weaknesses, we address them promptly. We also comply with any security reporting obligations and may engage independent audits as our platform grows.
Incident Response: Despite all precautions, no system can be 100% secure. We have an incident response plan in place. In the event of a data breach or security incident, we will promptly notify affected users and, if applicable, regulatory authorities as required by law. We will also take immediate action to mitigate the breach and prevent further unauthorized access. This may include invalidating sessions, requiring password resets, temporarily suspending parts of the service, etc., depending on the situation. We are transparent about security incidents and will inform you of what happened, what data might be affected, and the steps we are taking.

In summary, we employ strong safeguards to protect your data. However, it’s also important for users to play a role: protect your account credentials, use unique passwords, and be cautious when sharing information. If you ever suspect any security issue or unauthorized access related to PlaneCater, please contact us immediately so we can investigate and assist.

Your Legal Rights and Choices

Depending on where you reside, you may have certain rights regarding your personal information. PlaneCater is committed to honoring applicable data protection rights and giving you control over your information. Below, we outline various rights that might be available to you and how you can exercise them. (Even if some of these rights are not formally granted under the laws in your jurisdiction, we will try to accommodate requests as a courtesy, within reason.)

Access Your Information: You have the right to request a copy of the personal data we hold about you and to obtain information about how it is processed. This is sometimes called a “Data Subject Access Request.” We can provide you with a summary of the information, which typically includes things like your profile details, order history, and communications. For most users, much of this information is already available by logging into your account (you can see your profile and past orders), but you can formally request a comprehensive export. To make such a request, contact us (see Contact Us at the end of this policy). We will verify your identity and then provide the data in a commonly used format (such as PDF or CSV files) as applicable.
Correct or Update Your Information: We strive to keep your information accurate and up to date. If you notice that any personal data we have is incorrect or incomplete, you have the right to request that we correct it. Many basic details (like your name, contact info) can be updated directly by you through your account settings. If you need to correct something that you cannot edit (for example, an order detail after it’s completed, or an internal record), you can reach out to us and we will handle the correction if feasible. We may need to ask for supporting info for certain changes (for instance, if you want to correct a name due to a legal name change, we might require proof).
Delete Your Information: You can request deletion of your personal data (also known as the “right to be forgotten” in some laws). This can be done by requesting account deletion. If you ask us to delete your account, we will remove or anonymize personal information associated with your account. Be aware of the consequences: you will lose access to the account and its data (order history, etc.), and any pending services will be canceled if you choose to delete immediately. As mentioned in Data Retention, there may be certain information we retain even after deletion (e.g., transaction records without personal identifiers, or data we’re required to keep for legal reasons). If that’s the case, we will inform you. Otherwise, we will strive to erase your data from our active systems. To prevent any misuse, we will likely require a verified request (you should send the deletion request from the email associated with your account or otherwise verify ownership).
Data Portability: For information you have provided to us, you may have the right to obtain it in a structured, commonly used, machine-readable format, and you have the right to transmit that data to another service (if it’s technically feasible). In practicality, this overlaps with the Access request – we can provide you with files of your data, which you could then provide to another provider if needed.
Object to Processing: If we ever process your information based on our legitimate interests or for direct marketing (which we currently do not for marketing), you have the right to object to that processing. For example, if we were analyzing user data to develop a new feature and you didn’t want your data included in that analysis, you could object. If such a scenario arises, we will assess the objection and stop or limit processing unless we have a compelling reason not to (in which case we’d inform you). Since we do not do any marketing profiling, the most likely grounds for objection would be if you disagree with some analytics usage – in which case, one option is to opt-out of analytics by using browser settings or contacting us to see if we can exclude your data.
Restrict Processing: You have the right to request that we restrict (pause) processing of your data in certain circumstances – for instance, while a complaint or request is being resolved. If you contest the accuracy of data, or you believe our processing is unlawful but you don’t want full deletion, or you have objected and are awaiting our evaluation, you can ask for restriction. During restriction, we would store your data but not actively use it (besides storing it securely). We would lift the restriction only after resolving the issue or with your consent (except for necessary uses like legal defense).
Withdraw Consent: In cases where we rely on your consent to process data (most of our processing is actually based on contract – providing the service you asked for – or legitimate interests, but if there are any areas we rely on consent, such as perhaps sending optional surveys or integrating with your device location), you have the right to withdraw that consent at any time. For example, if you gave consent for us to use your device’s location to find nearby vendors, you can withdraw it by disabling location access for the app. Withdrawing consent will not affect the lawfulness of processing that happened before the withdrawal. Also, if certain features require consent, they may not work for you after consent is withdrawn (e.g., disabling location means you’ll have to manually input locations for search).
California Privacy Rights: If you are a California resident, the California Consumer Privacy Act (CCPA) and subsequent amendments (like CPRA) provide specific rights, many of which overlap with the above. In particular, California residents can request: (1) to know the categories and specific pieces of personal information we have collected about them, the categories of sources, the business purpose for collection, and any third parties with whom we shared it; (2) deletion of their personal information (with similar exceptions for legal requirements); and (3) to opt-out of any “sale” of personal information. PlaneCater does not sell personal information as defined under CCPA (we don’t exchange data for money or valuable consideration with third parties in that way). If you are a California resident and write to us with a request, please indicate that in your request so we can treat it under CCPA guidelines. Also, California’s “Shine the Light” law allows residents to request certain information about our disclosure of personal info to third parties for their direct marketing purposes – we engage in no such disclosures.
EU/UK Data Subject Rights: If you are in the European Union, UK, or a similar jurisdiction, you have the above-mentioned rights under the General Data Protection Regulation (GDPR) or equivalent laws. That includes the right to lodge a complaint with your supervisory authority if you believe we have violated your data protection rights. While PlaneCater primarily operates in the US and may not actively target the EU, we still respect these principles and would address requests in the spirit of the GDPR.

Exercising Your Rights: To exercise any of these rights, please contact us at the email or address provided in Contact Us. Please clearly describe your request – e.g., “I want to access my data” or “Please delete my account and all associated data.” For your security, we will need to verify your identity before fulfilling certain requests (we don’t want to delete the wrong person’s data or give your data to an impersonator). Verification typically will involve contacting you through your registered email or asking you to confirm details that only you would know. We will respond as soon as possible, generally within 30 days, unless an extension is allowed and necessary (in which case we’ll inform you).

There is no charge for making a request, although if a request is manifestly unfounded or excessive (e.g., repetitive requests), we might charge a reasonable fee or refuse it – but we’ll explain why if that happens.

Also, note that these rights are not absolute. There are exceptions – for example, if you request deletion, we might retain certain data if required by law. If we refuse any part of a request, we will explain our reasoning.

Finally, we currently handle these requests manually via support. We do not have automated self-service portals for privacy requests (no “click here to download your data” yet, for example). We will do our best to accommodate you through our support channels as efficiently as possible.

International Data Transfers

PlaneCater is headquartered in the United States, and the majority of our infrastructure is based in the U.S. If you are using our Services from outside the U.S., please be aware that your personal information will be transferred to and stored on servers in the United States (and potentially processed in other countries if our service providers operate there, but primarily the data will reside in the U.S.).

Different countries have different data protection laws. The U.S. may not provide the same level of legal data protection as your home country (for instance, European data protection law is generally more stringent than U.S. law). However, to ensure an adequate level of protection, we take the following approach:

Contractual Safeguards: If you are in a region like the European Economic Area (EEA), UK, or Switzerland, we will rely on approved legal mechanisms to transfer your data internationally. This typically means that our Terms of Service (or a separate agreement, if applicable) incorporate Standard Contractual Clauses (SCCs) as defined by the EU/UK, which are legal commitments to protect your data to EU standards even after transfer. Many of our service providers (like Google and Amazon) also include SCCs in their Data Processing Addendums for customers like us, extending those protections.
Data Protection Measures: Regardless of location, PlaneCater applies the security measures described in Data Security to all user data. We don’t lower our standards for non-U.S. users; all data gets the same robust encryption and protection.
Privacy Frameworks: We monitor developments in international data transfer frameworks (like the EU-U.S. Data Privacy Framework that was introduced, replacing the old Privacy Shield). If applicable, we may certify or align with such frameworks to facilitate compliant transfers. We have not at this time formally joined any specific framework, but we ensure compliance through the methods above.
Your Consent: By using PlaneCater and providing information to us, you consent to the transfer of your personal information to the United States and other jurisdictions as described. We will of course handle that information as laid out in this Privacy Policy, wherever it is processed.

If you are uncomfortable with your data being stored in the U.S., please know that unfortunately we cannot provide the Service without that transfer, as our servers are U.S.-based. We welcome any questions or concerns you have regarding international transfers and will gladly provide additional information on how we safeguard your data across borders.

International Data Transfers

PlaneCater is not intended for use by children. Our Services are designed for professionals in aviation (such as pilots, flight attendants, schedulers) and catering vendors, and generally for adults. We do not knowingly collect personal information from anyone under the age of 13. If you are under 13, you should not use PlaneCater or provide any information to us. If we become aware that we have inadvertently received personal data from a child under 13, we will delete that information as quickly as possible.

For minors between 13 and 18, our Service is still not directed at this audience. A minor should only use PlaneCater if they are doing so with the involvement of a parent or guardian and it’s appropriate (though realistically, it’s rare a minor would need to use our platform). We expect users to be of legal age to form contracts (e.g., place orders and agree to terms). If you are a parent or guardian and you learn that your minor child has created an account or provided us with personal information without your consent, please contact us and we will take steps to remove the data and terminate the child’s account.

We comply with laws like the Children’s Online Privacy Protection Act (COPPA) in the United States, which impose requirements on collecting data from children under 13. Thus, we do not solicit or knowingly store any such data. Our registration process will either request a birthdate or have age verification steps if we ever open up a consumer-facing portal that could attract minors, but again, our business context makes child users unlikely.

Changes to this Privacy Policy

We may update or modify this Privacy Policy from time to time to reflect changes in our business, technology, legal requirements, or for other operational reasons. If we make changes, we will do so transparently:

Version Updates: The “Last Updated” date at the top of this policy will change whenever we make a material update. Older versions of our Privacy Policy may be archived for reference.
Notification of Changes: If changes are significant, we will provide a prominent notice. This could be via email to registered users (using the email address on your account), an in-app notification, or a banner/alert on our website. For example, if we were to start collecting new types of personal data or use data in a new way not covered by this current policy, we would inform you and, if required, obtain your consent.
Reviewing Changes: We encourage you to review this Privacy Policy periodically. If you continue to use PlaneCater after a revised Privacy Policy has been posted, it means you accept the changes. Of course, if the changes require explicit consent (for example, if a new law requires us to get your consent to something), we will obtain that.
Material Changes Definition: What constitutes a “material” change? Generally, if we change how we handle your data in a way that you might reasonably want to know about, we consider that material. E.g., changing our data retention policy to automatically delete data sooner would be something to communicate; starting to share data with a new category of third party (say we integrated with a new partner) would also be material. On the other hand, minor textual changes for legal clarity or changes that don’t affect how your data is used might not be flagged with an explicit notice (aside from updating the date).

We take your privacy seriously and will not reduce your rights under this Privacy Policy without your consent. If you do not agree with the changes in an updated Privacy Policy, you should discontinue use of our Services and may request us to delete your data.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or any aspect of your personal data as it relates to PlaneCater, please reach out to us. We are here to help and aim to address any issues promptly and transparently.

Contact Information:

Email: privacy@planecater.com (This is our dedicated address for privacy inquiries. You can also contact support@planecater.com for general issues, but for privacy-specific matters, the privacy@ inbox is monitored by the team responsible for data protection.)
Mailing Address: PlaneCater, Inc. – Privacy Department, 82 Mill St, Bloomfield, NJ, USA

When contacting us with a privacy question or request, please provide sufficient detail for us to understand and respond. If you are making a rights request (e.g., asking for a copy of your data or deletion), please indicate the request clearly and be prepared to verify your identity.

We will do our best to respond to all legitimate inquiries within a reasonable timeframe. In most cases, you will hear back from us within 30 days or sooner. If you don’t hear back, please send a follow-up – it’s possible an email went astray.

Thank you for trusting PlaneCater with your catering needs. We value your privacy and are committed to safeguarding your personal information while providing you with a convenient and efficient service.