Privacy Policy

1. Controller

[Full company name and address — see Imprint]

2. What we process

Marketing site visits

Standard server logs (IP, user-agent, timestamp) for site delivery. Legal basis: Art. 6 (1) (f) GDPR.

Demo flow (AI menu extraction)

When you upload a menu in the demo we process:

• The restaurant name and address you enter
• The uploaded file (PDF, image, or menu URL)
• Your email address, if you provide one for further demos
• Your IP for rate limiting

Retention: Demo uploads are auto-deleted after 7 days unless you sign up.

Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in abuse prevention).

3. Subprocessors

• Vercel Inc. — site hosting (EU region: Frankfurt)
• Anthropic PBC — AI menu extraction (US, covered by SCCs + DPA)
• Cloudflare R2 — uploaded-menu storage (EU)
• Upstash Inc. — rate limiting + ephemeral session data (EU)
• Resend — transactional confirmation email (EU)

[Subprocessor list to be reviewed by counsel and kept current]

4. Cookies & local storage

We set no cookies and no local storage before you take an action on the page. No third-party tracking, no Google Analytics, no advertising pixels.

When you start the demo we set a single signed session cookie containing only a random ID.

5. Your rights

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure (Art. 17 GDPR)
• Restriction (Art. 18 GDPR)
• Portability (Art. 20 GDPR)
• Objection (Art. 21 GDPR)
• Complaint with the supervisory authority

Contact: privacy@gastroloop.de.

6. Data Protection Officer

[To be appointed before going to production with paying customers]