Privacy Policy

For restaurants (owners + staff): name, email, password hash, restaurant profile, menu data, order history, billing information (via Stripe).

For diners (customers of restaurants): phone number and/or email (only when you voluntarily give it to receive a receipt or join loyalty), order history, preferences (language, dietary filters), IP address (logged briefly for abuse prevention).

We do not collect diner data automatically from the QR scan — only when you explicitly provide it in the checkout flow.

Diner data belongs to the specific restaurant you interacted with. Zentable stores it on that restaurant's behalf (data processor role). It is never shared across restaurants, sold, or used for advertising.

• Access: request a copy of your data
• Rectification: correct anything inaccurate
• Deletion: request full removal ("right to be forgotten")
• Portability: receive your data in a machine-readable format
• Objection: opt out of marketing at any time
• Complaint: lodge with your local supervisory authority (in Spain: AEPD)

Contact the restaurant directly, or hello@zentable.app as a backup.

We use essential cookies only: a session cookie for login, a session cookie for in-restaurant tab recovery (zt_session, 24h), a cookie consent preference (zt_cookie_consent_v1). No tracking cookies, no third-party analytics.

All data is hosted on Supabase (PostgreSQL + Storage), in the EU region (Frankfurt). Stripe processes billing information. OpenAI processes menu images transiently when you use AI menu import (the image is not retained).

• Active restaurant accounts: as long as the account is active
• Cancelled accounts: 90 days, then automatic deletion
• Diner data: kept as long as the restaurant wants it (they control)
• Order history: 7 years (Spanish fiscal requirement)

Privacy questions: hello@zentable.app