Privacy Policy
Last updated: 24 June 2026 · Version 2.0 · Română
Summary: VerifyEat hosts your digital menu on verifyeat.app. We do not sell data or use ad trackers. QR guests browse anonymously. Mac app is local-first unless you use Cloud Hosting or web admin.
1. Who we are
VerifyEat is operated by Catalin Ionut Portan, Bern, Switzerland. Contact: privacy@verifyeat.app
2. GDPR roles
- VerifyEat = Controller for your account (email, password hash, billing).
- Restaurant = Controller for menu/allergen content shown to guests.
- VerifyEat = Processor for data we host on your behalf — see DPA.
3. Data we collect
Account & menu (SaaS)
- Email, password hash (PBKDF2-SHA256), restaurant profile, menus, products, ingredients, allergens, photos (R2).
- Cloud API tokens (hash only), QR scan counts (aggregated).
Pro Orders
- Table label, order lines, allergen snapshots, staff notes, kitchen/bar tickets.
- Pro v1: guests do not submit orders from their phone — no guest name/phone collected.
AI (on explicit action)
- Product/menu text sent to OpenAI via Cloudflare; usage counters retained, not full response archives.
- Subject lift in browser: local ONNX processing — image not sent during cutout.
Mac app (local)
- Data stays on Mac unless you publish to cloud or use AI.
- Live Preview: temporary local Wi‑Fi server only.
We do NOT collect
- Google Analytics, Meta Pixel, ad tracking, guest profiling on QR menus, card numbers (Apple handles App Store).
4. Cookies
Essential only on verifyeat.app: verifyeat_session, verifyeat_lang. Details: Cookie policy.
5. Storage & subprocessors
Cloudflare (D1, R2, KV, Pages) — primary region WEUR. OpenAI for AI. See Subprocessors.
6. Retention
Active account until deletion at account/delete (+ 30 days backups). Pro order history deleted with account.
7. Your rights
Access, rectification, erasure, portability, restriction, objection, complaint to FDPIC / your supervisory authority.