Authenticate you securely

Communicate service updates

Manage team permissions

Comply with GDPR consent requirements

Send marketing emails (only if you opt-in)

Manage multi-user restaurant teams

Control access based on roles

Track team activity for security

Process payments and manage subscriptions

Track usage against plan limits

Generate invoices

Comply with tax regulations

Generate AI-powered recommendations

Match customer preferences to dishes

Provide accurate allergen warnings

Calculate nutritional information

Enable semantic menu search

Display recommendations on your website

Provide you with business intelligence dashboards

Improve AI recommendation algorithms

Optimize menu performance suggestions

Help you identify trending dishes

Calculate ROI of recommendations

Detect and prevent fraud

Investigate security incidents

Monitor for unauthorized access

Troubleshoot technical issues

Ensure service reliability

Prove GDPR compliance if audited by data protection authorities

Demonstrate we honored your deletion request

Prevent fraud (can't claim "you never deleted my data")

✅ Provide AI-powered dish recommendations to your restaurant customers

✅ Generate analytics dashboards and business insights

✅ Manage your restaurant profile, menus, and team members

✅ Process payments and manage subscriptions via Stripe

✅ Enable website embed functionality with your custom branding

✅ Track token usage and enforce plan limits

✅ Analyze usage patterns to improve recommendation accuracy

✅ Train and optimize AI algorithms (using anonymized data)

✅ Develop new features based on aggregate usage trends

✅ A/B test recommendation strategies

✅ Research restaurant industry trends

✅ Send essential service notifications (account changes, security alerts, billing issues)

✅ Provide customer support and technical assistance

✅ Send marketing emails about new features and tips (only if you opt-in)

✅ Notify you of Terms/Privacy Policy changes

✅ Detect and prevent fraud, abuse, and unauthorized access

✅ Investigate security incidents and suspicious activity

✅ Comply with tax obligations (7-year retention of financial records)

✅ Respond to law enforcement requests with proper legal authority

✅ Protect our legal rights and user safety

✅ Maintain GDPR deletion audit trail

❌ We DO NOT sell your data to third parties

❌ We DO NOT share data with competitors

❌ We DO NOT use your data for unrelated advertising

❌ We DO NOT share individual customer dining data (analytics are restaurant-level only)

❌ We DO NOT share your data with data brokers

✅ Law enforcement with proper legal authority (court order, subpoena)

✅ Regulatory investigations or audits

✅ Court orders or legal processes

✅ Protection of our legal rights or user safety

✅ Prevention of fraud or illegal activity

✅ Emergency situations (immediate harm prevention)

Your data may transfer to the acquiring company

Same privacy protections will apply

You'll be notified of any ownership change

In transit: TLS 1.2+ encryption for all data transfers

At rest: Industry-standard encryption for stored data

Passwords: Never stored in plain text (bcrypt hashing)

Role-based access: Team members only see what they need

Multi-factor authentication: Optional for extra security

Principle of least privilege: Staff access limited to job requirements

API keys: Secure tokens for embed/integration authentication

24/7 security monitoring for threats

Intrusion detection systems

Regular security audits and penetration testing

Incident response procedures

Automated threat alerts

Regular software updates and patches

Firewall protection

DDoS mitigation

Secure backup procedures with encryption

Database access logging

Regular privacy and security training

Background checks for employees with data access

Confidentiality agreements

EU (Romania) - Primary location

US (Vercel hosting, OpenAI, Stripe, Cloudinary, Resend)

Standard Contractual Clauses (SCCs): For EU → non-EU transfers

Adequacy Decisions: Where EU Commission approves country's data protection

Encryption: Data encrypted in transit and at rest regardless of location

Data Processing Agreements: With all international service providers

Compliant with EU-US Data Privacy Framework (if applicable)

Or using Standard Contractual Clauses (SCCs)

Same security standards apply everywhere

Authentication: Keep you logged in securely

Security: CSRF protection, session management

Functionality: Remember your dashboard preferences

Feature usage and interaction patterns

Popular dashboard sections and tools

User flows and navigation paths

Performance metrics and error rates

❌ Third-party analytics cookies (Google Analytics, Facebook Pixel, etc.)

❌ Advertising cookies or retargeting pixels

❌ Cross-site tracking cookies

❌ Social media tracking pixels (beyond Google Sign-In button)

Browser Settings: You can block/delete essential cookies, but this will prevent login

Google Sign-In: Uses Google cookies per Google's privacy policy (only if you choose this login method)

Do Not Track: We respect browser DNT signals where feasible