Privacy Policy — Applebee.ai

Privacy isn't a compliance checkbox at Applebee AI — it is the product. Our entire architecture exists to ensure that your data is processed on the appliance at your location and never transmitted to us or any external server. This policy explains what we do collect, why, and the precise boundaries of the access we maintain to service the appliance.

1. Who We Are

Applebee AI is a sovereign AI platform business based in Seminole County, Florida, USA. We design, configure, deploy, and manage on-premise AI appliances installed at our clients' locations.

References to "Applebee AI," "we," "us," or "our" in this policy refer to Applebee AI. References to "you" refer to visitors to our marketing website (applebee.ai) or clients who subscribe to our appliance service.

2. Key Definitions

To avoid ambiguity, these terms are used consistently throughout this policy:

Term	Meaning
The Appliance	The physical hardware unit owned by Applebee AI and deployed at your location under a subscription agreement. The appliance remains our property at all times.
Your Data	All AI conversations, uploaded documents, system prompts, and any other content you or your team creates or processes using the appliance. This is your data exclusively — you own it in full regardless of where it is stored.
System Layer	The operating system, Docker containers, network configuration, model files, and application software that run on the appliance. This is what we maintain as part of the subscription.
Application Layer	The database and storage locations where your data resides. We have no business reason to access this layer and our operational policy expressly prohibits it.

3. The Core Principle

Your data is processed on the appliance at your location. It is never transmitted to Applebee AI, to external AI providers, or to any third-party server. The AI model runs locally. No queries leave the appliance. No conversation logs, documents, or business data are ever sent to us — not for support, not for model improvement, not for any reason.

We are fully transparent about what "fully managed" means in practice. Managing the appliance requires that we maintain system-level access to keep it updated, secure, and running. Here is exactly what that means:

What our management access covers: OS updates, security patches, model version updates, Docker container management, network and tunnel configuration, and application software updates.

What our management access does not cover — and what our operational policy and your NDA expressly prohibit: reading, copying, retaining, or otherwise accessing your conversation history, uploaded documents, system prompt contents, or any other data you have created or processed using the appliance.

We will never ask for access to your data layer. You are under no obligation to grant it. Any support request you bring to us is addressed at the system layer only, using information you choose to share with us.

This distinction matters: the privacy of your data rests on our operational discipline and your contractual NDA with us — not on a technical impossibility. We believe being precise about this is more trustworthy than overstating what the architecture alone prevents.

4. Scope of This Policy

This policy applies to:

Our public marketing website at applebee.ai and all subdomains we operate
Contact form submissions and pre-sales communications
Client onboarding, billing, and support interactions
Our ongoing management of the appliance at your location

This policy governs our data practices. How you use the appliance to process your clients' data — and your obligations to those clients — is governed by your own privacy policies and agreements, which are entirely your responsibility to establish.

5. Data We Collect — Website

Contact Form Submissions

When you submit our contact form at applebee.ai, we collect:

Name and email address (provided by you)
Your message content
Enrichment data automatically appended at submission: approximate city and region, timezone, internet service provider or organization name, browser user agent string, and preferred language setting

This information is stored in Cloudflare KV and delivered to us by email for the sole purpose of responding to your inquiry. We do not sell it, share it with marketers, or use it for any other purpose.

Retention: Contact form submissions are retained for 24 months or until you request deletion, whichever comes first.

Analytics — Statcounter

We use Statcounter to understand aggregate traffic patterns on applebee.ai. Statcounter collects standard web analytics data including page views, referrer URLs, approximate geographic location at the country and region level, browser and device type, and visit timestamps. This data is processed under Statcounter's own privacy policy.

We do not use Google Analytics, Facebook Pixel, or any behavioral advertising or retargeting technology. We do not share your browsing data with advertisers.

Retention: Per Statcounter's standard data retention policies. We do not retain raw Statcounter data independently.

What We Do Not Collect on Our Website

Cookies beyond what Statcounter sets for analytics and what Cloudflare sets for security
Payment or financial information (no e-commerce on our website)
Social login data
Data from anyone under 18 — our services are directed solely at business owners and professionals

6. Data We Collect — Client Relationship

When you subscribe to Applebee AI, we collect and maintain the following information to manage our business relationship and fulfill our service obligations:

Category	What We Collect	Why
Identity	Name, business name, title	Account management, NDA execution, invoicing
Contact	Email address, phone number, business address	Support, appliance delivery, billing communications
Financial	Billing address, payment method token (processed by our payment provider — we do not store card numbers)	Monthly subscription billing
Appliance records	Hardware serial number, appliance model, firmware and software version, deployment date, location address	Asset tracking, warranty, support, end-of-subscription hardware retrieval
Support communications	Technical issues you report to us, scoped to what you choose to share	Resolving issues at the system layer

Support interactions: When you contact us about a technical issue, you control what information you share. We will never ask for access to your conversation logs, document contents, or any data processed on the appliance. If you ever receive such a request purportedly from Applebee AI, treat it as suspicious and contact us directly.

Retention: Client relationship data is retained for the duration of your subscription plus 7 years to meet standard business record-keeping obligations. Appliance records are retained for the life of the hardware plus 3 years.

7. Your Data on the Appliance

Ownership

The appliance hardware is owned by Applebee AI and licensed to you for use during your active subscription. Your data — every conversation, document, and piece of content you create or process on the appliance — is owned entirely by you. Our ownership of the hardware confers no rights over the data stored on it.

Processing

All AI processing occurs locally on the appliance at your location:

The AI model is stored on and executed by the appliance. No queries are sent to external AI providers or to Applebee AI.
Your conversation history and documents are stored in a local database on the appliance. We hold no copy of this data.
Remote access for your team is provided via an encrypted tunnel that originates and terminates within your local network. We do not have visibility into traffic passing through it.

Our Management Access

As part of the fully managed service, we maintain system-level access to the appliance to perform updates, security patches, model upgrades, and configuration changes. This access is:

Scoped to the system layer — the OS, containers, model files, and application software
Conducted only as needed for maintenance purposes
Prohibited by operational policy and your NDA from touching the application data layer
Never used to read, copy, retain, or transmit your conversation history, documents, or any other data you have created

We do not install telemetry, usage reporting, or any call-home functionality in the product. The appliance does not transmit data about your usage patterns to us.

End of Subscription

When your subscription ends, we will arrange retrieval of the appliance. Before retrieval, you are responsible for exporting any data you wish to retain — we will provide reasonable notice and assistance. Upon retrieval, the appliance is securely wiped according to NIST SP 800-88 guidelines before redeployment or disposal. After wiping, no data of yours remains on any hardware in our possession.

8. How We Use the Data We Collect

We use the limited data described above for the following purposes only:

Responding to inquiries — contact form submissions are used solely to follow up with you
Delivering and supporting the service — client data is used to provision and manage your appliance, process billing, and provide technical support
Asset management — appliance records are used to track hardware we own throughout its deployment lifecycle
Business records and legal compliance — invoices, contracts, and NDA records retained per legal requirements
Aggregate website traffic analysis — Statcounter analytics help us improve the website; this data is not tied to individuals for marketing purposes
Security — detecting and preventing fraud or abuse in connection with our website and business operations

We do not use your data for advertising, behavioral profiling, AI model training, or any purpose not listed above.

9. Who We Share Data With

We share personal data only with the following service providers, and only to the extent necessary for them to deliver their service to us:

Provider	Purpose	Data Shared
Cloudflare	Website infrastructure, form storage, DNS, security	Website visitor IP addresses (proxied), form submission content
Brevo	Transactional email delivery	Your email address and contact form content, for delivery to us
Statcounter	Website analytics	Standard web analytics data — see Statcounter's privacy policy
Payment processor	Subscription billing	Billing name, address, and payment method — processed per PCI-DSS standards. We do not receive or store card numbers.
Shipping carrier	Appliance delivery and retrieval	Delivery name and address only

We do not sell personal data. We do not share personal data with data brokers, advertisers, or analytics platforms beyond what is described above. We do not share data across clients.

10. Legal Basis for Processing

Contract performance — processing necessary to deliver the service you have subscribed to, including billing, appliance management, support, and hardware logistics
Legitimate interests — operating our website, understanding aggregate traffic, and responding to business inquiries, where these interests are not overridden by your privacy rights
Legal obligation — retaining records required by applicable law
Consent — where you have submitted a contact form or opted into communications

11. Your Rights

Depending on your location, you may have the following rights with respect to personal data we hold about you:

Access — request a copy of the personal data we hold
Correction — request correction of inaccurate data
Deletion — request deletion, subject to legal retention obligations
Portability — request your data in a machine-readable format
Objection — object to processing based on legitimate interests
Withdrawal of consent — withdraw consent at any time where we rely on it, without affecting prior processing

Note that rights requests apply to personal data we hold about you in our systems. Your data on the appliance is under your exclusive control — you do not need to make a request to us to access, export, or delete it.

To exercise any of these rights, contact us via our contact form. We will respond within 30 days at no charge.

12. Security

All data in transit between your team and the appliance is encrypted via TLS 1.2 or higher
Access to client records is restricted to authorized personnel, protected by multi-factor authentication
Our website and infrastructure are served through Cloudflare with DDoS protection and encrypted tunneling
Payment card numbers are never stored by us — payment processing is handled entirely by our PCI-DSS compliant payment provider
Our internal systems operate behind a zero-trust network with no open inbound ports
Appliances retrieved at end of subscription are wiped to NIST SP 800-88 standards before any reuse or disposal

In the event of a data breach affecting personal information we hold, we will notify you in accordance with applicable law.

13. Cookies

Our website uses a minimal number of cookies:

Statcounter analytics cookie — differentiates unique visits for aggregate traffic reporting. Not an advertising cookie. Does not track you across other websites.
Cloudflare security cookies — set automatically to protect against bot traffic. Strictly necessary for site security.

We do not use advertising cookies, tracking pixels, or any third-party marketing technology. Disabling analytics cookies through your browser settings will not affect your ability to use our website.

14. Children's Privacy

Our services are directed exclusively at business owners and professionals. We do not knowingly collect personal data from anyone under 18. If you believe a minor has submitted information to us, please contact us and we will delete it promptly.

15. International Users

Applebee AI is based in the United States and currently serves clients in the United States. If you access our website from outside the US, your information will be processed in the United States under Cloudflare's standard data processing terms.

If we expand to serve clients in the European Economic Area, United Kingdom, or other jurisdictions with comprehensive data protection laws, we will implement appropriate transfer mechanisms and update this policy accordingly.

If you wish to exercise rights under GDPR, CCPA/CPRA, or similar frameworks, please contact us. We will honor applicable rights regardless of whether technical thresholds require us to, because it is the right thing to do.

16. Changes to This Policy

We will update this policy when our practices change. Material changes will be communicated to active clients by email at least 30 days before taking effect.

One commitment will never change without your explicit, advance, written consent: your data will never be transmitted from the appliance to us or any external server. If we were ever to change that, we would treat it as a fundamental change to the product requiring your affirmative agreement — not a routine policy update.

17. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data:

Privacy Contact

Applebee AI
Seminole County, Florida, USA

Contact us via our contact form

We aim to respond to all privacy-related requests within 5 business days and to resolve them within 30 days.