Kitchen Toolkit documentation
Kitchen Toolkit — Employee Monitoring Deployment Guide
docs/legal/employee-monitoring-deployment-guide.md
# Kitchen Toolkit — Employee Monitoring Deployment Guide _Last updated: 2026-03-22_ [source: docs/legal/employee-monitoring-deployment-guide.md] - This guide exists because Kitchen Toolkit can record timestamps, device IDs, tenant/restaurant identifiers, and request IP metadata around logs and admin actions. If a customer assigns devices to named staff or uses the records for accountability or performance-management workflows, that customer may need its own staff notice or consultation process. [source: pages/api/uploadLog.js][source: docs/legal/terms-of-service.md][source: pages/faq.jsx] - Kitchen Toolkit is documented as assistive tooling only, not as a replacement for management judgment, food-safety programs, or legal compliance review. Customers should therefore decide deliberately whether they are using KT records for operational coaching only or for person-specific employment decisions. [source: docs/legal/terms-of-service.md][source: pages/faq.jsx] ## When this guide matters - Use this guide whenever devices are person-assigned, shared logs are tied back to named workers, or managers use timestamps/device history to evaluate attendance, responsiveness, or accountability. [source: pages/faq.jsx][source: pages/api/uploadLog.js] - If devices stay location-based and the customer only uses KT for equipment/log workflow records without tying activity to named workers, the deployment may still warrant an internal policy note but usually presents a lower employee-monitoring burden. [source: pages/api/uploadLog.js][source: docs/legal/terms-of-service.md] ## Repo-backed data points to disclose | KT behavior | What the repo proves today | Why customers should consider disclosing it | | --- | --- | --- | | Manual/device log submissions | Device and manual log uploads store tenant/restaurant IDs, device IDs, timestamps, client-provided timezone, request IP address, HMAC signature, and log payload. | Managers may be able to infer who submitted a record from the device assignment or location context. | | Admin/device access controls | Admin sessions and device signatures are scoped and authenticated, which means records can be tied to a specific authorized admin or provisioned device. | Customers using those records for accountability should explain that operational systems keep authenticated activity history. | | Exports and retention | Admins can export tenant logs and adjust retention/deletion settings. | Customers should set expectations about how long records stay available internally and who can export them. | [source: pages/api/uploadLog.js][source: docs/legal/security-and-infrastructure.md][source: pages/api/exportTenantData.js][source: docs/reference/retention-policy.md] ## Deployment checklist 1. Decide whether any device, account, or workflow is person-assigned rather than purely location/equipment based. [source: pages/faq.jsx][source: pages/api/uploadLog.js] 2. Decide whether KT records will be used only for operational follow-up or also for person-specific disciplinary/performance review. [source: docs/legal/terms-of-service.md][source: pages/faq.jsx] 3. If staff can be identified, prepare a written notice or policy addendum before rollout that explains what is logged, why it is logged, who can access it, and how long the records are kept. [source: pages/api/uploadLog.js][source: docs/reference/retention-policy.md] 4. Review any union, works-council, HR, or local labor-law process that applies to the site before enabling named-device or accountability-heavy workflows. The repo does not prove those jurisdiction-specific requirements, so customers need their own review path. [source: docs/legal/terms-of-service.md] ## Template customer notice > Kitchen Toolkit is used in this location to record kitchen operations such as task/log completion, temperatures, device status, and related timestamps. Depending on how the site assigns devices or accounts, these records may be linked to a specific station, shift, or employee. Authorized managers and administrators may review the records for operational follow-up, food-safety workflow management, troubleshooting, audit preparation, and related supervision. Record retention and access are controlled through our Kitchen Toolkit admin settings and related internal policies. [source: pages/api/uploadLog.js][source: docs/reference/retention-policy.md][source: docs/legal/terms-of-service.md] ## Last verified - Last verified: 2026-03-22 after re-reading the FAQ accountability language, the manual/device log payload schema, export/deletion controls, and the current ToS disclaimers. [source: pages/faq.jsx][source: pages/api/uploadLog.js][source: pages/api/exportTenantData.js][source: docs/reference/retention-policy.md][source: docs/legal/terms-of-service.md]