Effective date: June 19, 2026. Operator: FlowState QSR. Contact: grindstaffconnor@gmail.com.
FlowState QSR (“the App”) is a private team-management tool for the team and leadership of a restaurant. Accounts are created and managed by the restaurant’s operator. This policy explains what the App collects and how it is used.
Information we collect
- Account info: your name, username, and password (passwords are stored only as a secure one-way hash — never in plain text).
- Optional profile details you choose to add: a nickname, a profile photo, and your birthday (month and day only — no year).
- Work information you enter: goals, feedback, shout-outs, training interests, uniform & facilities requests, discipline records, safety checks (RSA/FSA), temperature logs, CEM scores, announcements, and similar operational data.
- Push token (only if you enable notifications on the iOS app): a device identifier used solely to deliver notifications to your device.
We do not collect your location, contacts, browsing history, or any advertising identifiers, and we use no third-party analytics or advertising tools.
How we use it
We use this information solely to operate the team-management tool for the store — for example, to show your goals, recognize teammates, track operational tasks, and send notifications you opt into. We do not use it for any other purpose.
How it’s shared
- Within your store: teammates see information according to their permission level (leaders and the operator can see more than team members). The operator administers the system.
- Service providers: data is stored on our hosting provider (Render). If you enable notifications, your device token and notification text are sent to Apple’s Push Notification service (APNs) only to deliver the notification.
- We do not sell your information and do not share it for advertising or cross-app/website tracking.
Tracking
The App does not track you across other companies’ apps or websites.
Data retention & deletion
Your information is kept while your account is active. To correct or delete your information, or to remove your account, contact your store operator at the email above — the operator can delete accounts and their data from within the App.
Security
Passwords are hashed, and the App is served only over encrypted (HTTPS) connections. Access is limited to logged-in members of your store.
Permissions on your device (iOS app)
- Camera & Photos: requested only if you choose to add or take a profile photo. We never access your camera or photo library otherwise.
- Notifications: requested so we can send you work notifications you opt into (a new goal, a write-up, a shout-out, or a store announcement). You can turn these off anytime in iOS Settings.
- Face ID / Touch ID: used to unlock the app and, if you turn it on, to sign you in. A revocable sign-in token (not your password) is kept in the device's encrypted Keychain and never leaves your device; you can revoke any device anytime from My Account. The biometric check happens entirely on your device — we never receive your face or fingerprint data.
The app requests no other device permissions — no location, contacts, microphone, or tracking.
Children
The App is intended for employees and is not directed to children under 13.
Changes
We may update this policy; the effective date above reflects the latest version.
Contact
Questions? Email grindstaffconnor@gmail.com.