Legal
Privacy Policy
Last updated: 2026-05-20
At a glance
The short version of what we collect and why.
- We store the minimum we need to run the service: account details, business data you enter, usage logs.
- We never sell your data. No ad networks, no behavioural targeting, no data brokers.
- AI suggestions are processed by specialised inference providers. Prompts are sent but not used to train their public models.
- You can export or delete your data any time from Settings.
- Hosted in EU data centres. Detailed sub-processor list is available in the signed DPA after signup.
Who we are
What we collect
We collect only what is necessary to deliver the service:
- Account data — email, display name, optional photo, chosen password (hashed, never stored in plaintext), authentication tokens.
- Business data — company name, venue type, menu items, inventory items, recipes, stock movements, sales orders, shift records, photos of receipts you upload.
- Usage logs — pages accessed, timestamps, IP address (shortened), browser user-agent, error traces. Used for debugging and abuse prevention.
- Billing data — handled by our payment processor. We store your customer ID, plan and invoice metadata. Full card numbers never touch our servers.
- AI interactions — prompts you generate (menu photos, recipe requests, chat queries), response metadata, and counters for quota enforcement.
- Device data (optional) — if you enable push notifications we store a device-bound push token. If you enable voice stocktakes, audio is processed in the browser and not stored.
Why we process it (lawful basis)
- Contract performance (Art. 6(1)(b) GDPR) — to provide the features you signed up for.
- Legitimate interest (Art. 6(1)(f) GDPR) — to secure the service, detect abuse, improve features, and operate the business.
- Legal obligation (Art. 6(1)(c) GDPR) — to keep invoices and billing records as required by tax law (typically 6-8 years depending on country).
- Consent (Art. 6(1)(a) GDPR) — for optional features like marketing emails or cookies that are not strictly necessary. You can withdraw consent anytime.
Who processes it for us
We use trusted infrastructure providers, grouped here by purpose:
- EU-hosted database, authentication and object storage — primary application data and uploaded assets, kept in EU regions where available.
- EU-hosted frontend hosting and edge delivery — serves the web application.
- BMF-certified Cloud-TSE provider — manipulation-proof signing of tax-relevant transactions in line with KassenSichV.
- Payment processor (forthcoming) — card and bank-transfer processing; full card data stays on the processor’s PCI-DSS Level 1 infrastructure and never touches our servers.
- AI inference providers — text, vision and voice models. Prompts are transient; per current provider policies, API traffic is not used to train public models.
- Transactional email provider — welcome, password reset, receipts.
- Application monitoring provider — anonymised error traces. Personal identifiers are scrubbed before transmission.
All processors are bound by data processing agreements (DPAs) and, where data leaves the EU, Standard Contractual Clauses and supplementary technical measures as required by Schrems II. A current, named list of sub-processors is provided to every Verantwortlicher as part of the signed DPA (Art. 28 DSGVO) inside the application.
International transfers
How long we keep it
- Account data — for the life of your account, plus up to 30 days after deletion to allow restore requests.
- Business / operational data — while your account is active; exported or deleted on termination.
- Billing records — up to 8 years, as required by applicable tax law.
- Logs — typically 30-90 days.
- Marketing emails — until you unsubscribe.
Your rights under GDPR
- Access — get a copy of your data.
- Rectification — correct inaccurate data.
- Erasure — request deletion ("right to be forgotten"), subject to retention obligations.
- Restriction — limit how we process your data.
- Portability — receive your data in a structured, machine-readable format.
- Object — stop processing based on legitimate interest, including profiling.
- Withdraw consent — any time, without affecting prior lawful processing.
- Lodge a complaint with a supervisory authority (e.g. BfDI in Germany, Garante in Italy, UODO in Poland, AZOP in Croatia).
Most of these can be done directly from the Settings page. For anything else, email privacy@vetka.io. We respond within 30 days.
Security
- Transport-level encryption (HTTPS/TLS) on every request.
- Encryption at rest for all database and object-storage data (provider-managed keys, AES-256).
- Row-Level Security at the database layer — one venue cannot read another venue's data, enforced server-side.
- Role-based access control inside the venue — staff see only what their permissions allow.
- Audit logs for sensitive operations (user role changes, stocktake closures, financial exports).
- Regular dependency scans and security patches.
No system is perfectly secure. If you notice a vulnerability, please report it responsibly to security@vetka.io.
Cookies & similar technologies
Children
AI-specific notes
- Menu photos you upload are sent to a vision model to extract structured items. The model returns JSON only; the photo is then stored on our Cloud Storage and you can delete it from the menu page.
- Recipe suggestions, upsell hints, and variance summaries are generated on demand by text models. Prompts include dish names, inventory names and recent stock data, but do not include staff personal details beyond a user ID.
- Voice features (stocktakes, daily menu, table orders, reservations and shift entry) record a short audio clip when you tap the mic and send it to our server, which uses a speech-to-text provider to transcribe it. The clip is used only for transcription and is not stored by us — only the resulting text is kept. Disable voice mode from AI Settings if that is a concern.
- You can disable AI features entirely from Management → AI Settings.
Data exports & deletion
Changes to this policy
Contact
This policy is provided in English. A translation may be available for convenience; the English version prevails in case of conflict.