Privacy Policy

Zentable (operator of zentable.app) is the controller for the personal data of restaurant operators (account holders, billing contacts, staff invited to a workspace).

For data collected from diners on a Restaurant's customer-facing menu, the Restaurant is the controller and Zentable is the processor. Restaurants control retention, marketing consent, and data export/deletion of their diners' data. We act on the Restaurant's instructions.

Privacy contact: privacy@zentable.app.

Restaurant operators (account holders): name, work email, password hash, restaurant profile, menu data, order history (as part of running your restaurant), billing information held by Stripe, IP and basic device information for security and abuse prevention.

Diners (customers of restaurants): phone number and/or email only when you voluntarily provide it to receive a digital receipt or join a loyalty programme; order history and items added to cart; preferences (language, dietary filters); IP address (logged briefly for abuse prevention).

We do not collect diner data automatically from a QR scan. Anonymous browsing of a Restaurant's menu does not create a customer record.

• Contract performance (Art. 6.1.b): processing necessary to run the SaaS subscription, deliver orders, send order/receipt emails.
• Legal obligation (Art. 6.1.c): retaining invoices and fiscal records under Spanish tax law (Ley 11/2021, Verifactu) — typically 4–7 years depending on jurisdiction.
• Legitimate interest (Art. 6.1.f): security logging, abuse prevention, basic product analytics needed to operate the Service.
• Consent (Art. 6.1.a): marketing emails, loyalty enrolment, optional features. Always opt-in. Withdrawn at any time without affecting prior lawful processing.

Diner data belongs to the specific Restaurant you interacted with. Zentable stores it on that Restaurant's behalf, in row-level tenant-isolated tables. It is never shared across Restaurants, sold, rented, or used for advertising.

• Access: request a copy of your data.
• Rectification: correct anything inaccurate.
• Erasure / right to be forgotten (Art. 17): request anonymisation of your customer record. Note: order history and invoices linked to your record may be retained in anonymised form to satisfy fiscal law.
• Portability (Art. 20): receive your data in a structured, machine-readable format (we export JSON / CSV).
• Restriction & objection: opt out of marketing or further processing at any time.
• Complaint: lodge with your local supervisory authority. In Spain that is the Agencia Española de Protección de Datos (AEPD) —aepd.es.

Diners: contact the Restaurant directly first (they are the controller). If you can't reach them, email privacy@zentable.app and we will route the request. We respond within 30 days (extendable by two further months for complex requests, with notice).

We use essential cookies and storage only. No tracking cookies, no third-party advertising trackers, no Google/Meta pixels.

• sb-* — Supabase auth session (login state). First-party, HttpOnly, SameSite=Lax. Duration: until logout.
• zt_session — diner cart / tab recovery for the customer-facing menu. First-party, 24 hours.
• zt_cookie_consent_v1 — remembers your cookie banner choice. First-party, 1 year.
• zt_locale — language preference. First-party, 1 year.

Primary database, file storage, and authentication are hosted on Supabase (PostgreSQL + Storage), in the EU region (Frankfurt, Germany). Application servers run on Netlify with EU-region edge nodes.

A small number of sub-processors based outside the EEA are used for specific functions. Where personal data is transferred outside the EEA, it is protected by the European Commission's Standard Contractual Clauses (SCCs, 2021 modules) and supplementary technical measures (TLS in transit, encryption at rest, role-scoped access).

The following sub-processors may process personal data on our behalf:

• Supabase — database, auth, file storage. Region: EU (Frankfurt).
• Netlify — application hosting, edge delivery. Region: EU + global CDN.
• Stripe — subscription billing. Region: EU + US (SCCs in place).
• Resend — transactional email (receipts, password resets, invitations). Region: EU + US (SCCs in place).
• Sentry — error monitoring. Region: EU.
• OpenAI — AI menu import (transient image processing only). Used only when the Restaurant opts in. Images are not retained by OpenAI for training. Region: US (SCCs + processing addendum).

We notify Restaurants of new sub-processors at least 30 days before they start processing personal data, giving you a chance to object.

• Active restaurant accounts: as long as the account is active.
• Cancelled accounts: 90 days, then automatic deletion of non-fiscal data.
• Diner contact data (phone/email): kept while the Restaurant wants it; deleted on Right-to-Be-Forgotten request via POST /api/customers/forget.
• Order history & invoices: retained 4–7 years to comply with Spanish fiscal law (Ley 11/2021, Verifactu).
• Server access logs: 30 days, security only.
• Audit log of operator actions: 2 years for accountability.

We protect data with TLS 1.2+ in transit, encryption at rest in Supabase's storage, row-level-security policies for tenant isolation, password hashing via Supabase Auth (bcrypt), short-lived signed URLs for file delivery, per-tenant rate limiting, and least-privilege access for our own staff. We run nightly database backups with documented restore-test procedures.

We notify affected Restaurants of any personal-data breach without undue delay and within 72 hours of discovery, as required by GDPR Art. 33–34.

The Service is not intended for children under 14. We don't knowingly collect data from anyone under 14. If you believe a child has given us their data, contact privacy@zentable.app and we will remove it.

We'll update this page when our practices change. Material changes are notified in-app and by email at least 30 days before they take effect. The "Last updated" date at the top reflects the most recent revision.

Privacy questions or data-subject requests: privacy@zentable.app
General: hello@zentable.app