Kitchen Toolkit documentation

Kitchen Toolkit — Employee Monitoring Deployment Guide

docs/legal/employee-monitoring-deployment-guide.md

# Kitchen Toolkit — Employee Monitoring Deployment Guide

_Last updated: 2026-03-22_ [source: docs/legal/employee-monitoring-deployment-guide.md]

- This guide exists because Kitchen Toolkit can record timestamps, device IDs, tenant/restaurant identifiers, and request IP metadata around logs and admin actions. If a customer assigns devices to named staff or uses the records for accountability or performance-management workflows, that customer may need its own staff notice or consultation process. [source: pages/api/uploadLog.js][source: docs/legal/terms-of-service.md][source: pages/faq.jsx]
- Kitchen Toolkit is documented as assistive tooling only, not as a replacement for management judgment, food-safety programs, or legal compliance review. Customers should therefore decide deliberately whether they are using KT records for operational coaching only or for person-specific employment decisions. [source: docs/legal/terms-of-service.md][source: pages/faq.jsx]

## When this guide matters

- Use this guide whenever devices are person-assigned, shared logs are tied back to named workers, or managers use timestamps/device history to evaluate attendance, responsiveness, or accountability. [source: pages/faq.jsx][source: pages/api/uploadLog.js]
- If devices stay location-based and the customer only uses KT for equipment/log workflow records without tying activity to named workers, the deployment may still warrant an internal policy note but usually presents a lower employee-monitoring burden. [source: pages/api/uploadLog.js][source: docs/legal/terms-of-service.md]

## Repo-backed data points to disclose

| KT behavior | What the repo proves today | Why customers should consider disclosing it |
| --- | --- | --- |
| Manual/device log submissions | Device and manual log uploads store tenant/restaurant IDs, device IDs, timestamps, client-provided timezone, request IP address, HMAC signature, and log payload. | Managers may be able to infer who submitted a record from the device assignment or location context. |
| Admin/device access controls | Admin sessions and device signatures are scoped and authenticated, which means records can be tied to a specific authorized admin or provisioned device. | Customers using those records for accountability should explain that operational systems keep authenticated activity history. |
| Exports and retention | Admins can export tenant logs and adjust retention/deletion settings. | Customers should set expectations about how long records stay available internally and who can export them. |

[source: pages/api/uploadLog.js][source: docs/legal/security-and-infrastructure.md][source: pages/api/exportTenantData.js][source: docs/reference/retention-policy.md]

## Deployment checklist

1. Decide whether any device, account, or workflow is person-assigned rather than purely location/equipment based. [source: pages/faq.jsx][source: pages/api/uploadLog.js]
2. Decide whether KT records will be used only for operational follow-up or also for person-specific disciplinary/performance review. [source: docs/legal/terms-of-service.md][source: pages/faq.jsx]
3. If staff can be identified, prepare a written notice or policy addendum before rollout that explains what is logged, why it is logged, who can access it, and how long the records are kept. [source: pages/api/uploadLog.js][source: docs/reference/retention-policy.md]
4. Review any union, works-council, HR, or local labor-law process that applies to the site before enabling named-device or accountability-heavy workflows. The repo does not prove those jurisdiction-specific requirements, so customers need their own review path. [source: docs/legal/terms-of-service.md]

## Template customer notice

> Kitchen Toolkit is used in this location to record kitchen operations such as task/log completion, temperatures, device status, and related timestamps. Depending on how the site assigns devices or accounts, these records may be linked to a specific station, shift, or employee. Authorized managers and administrators may review the records for operational follow-up, food-safety workflow management, troubleshooting, audit preparation, and related supervision. Record retention and access are controlled through our Kitchen Toolkit admin settings and related internal policies. [source: pages/api/uploadLog.js][source: docs/reference/retention-policy.md][source: docs/legal/terms-of-service.md]

## Last verified

- Last verified: 2026-03-22 after re-reading the FAQ accountability language, the manual/device log payload schema, export/deletion controls, and the current ToS disclaimers. [source: pages/faq.jsx][source: pages/api/uploadLog.js][source: pages/api/exportTenantData.js][source: docs/reference/retention-policy.md][source: docs/legal/terms-of-service.md]