Privacy Policy

1. Introduction

QuantumTrail s.r.o. (“Company”, “we”, “us”, or “our”) operates RestaurantHub.ai (the “Service”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

We are committed to protecting your privacy and ensuring compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Data Controller

3. Information We Collect

3.1 Information You Provide

• Account Information: Email address, name, password (encrypted)
• Restaurant Information: Restaurant name, address, phone number, business hours
• Menu Content: Menu items, descriptions, prices, images
• Payment Information: Processed securely by Stripe; we do not store full payment details

3.2 Information Collected Automatically

• Usage Data: Pages visited, features used, time spent on the Service
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, referring URLs
• Cookies: Session cookies and analytics cookies (see Section 8)

3.3 Information from Third Parties

• Google OAuth: If you sign in with Google, we receive your email and name
• Payment Processors: Transaction status and subscription information from Stripe

4. How We Use Your Information

We use the collected information for the following purposes:

• Providing and maintaining the Service
• Processing your transactions and subscriptions
• Sending transactional emails (order confirmations, password resets)
• Providing customer support
• Improving and personalizing the Service
• Analyzing usage patterns and trends
• Protecting against fraud and abuse
• Complying with legal obligations

5. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide the Service you requested
• Legitimate Interests: Improving our Service, preventing fraud, and marketing
• Consent: Where you have given explicit consent (e.g., marketing communications)
• Legal Obligation: Compliance with applicable laws and regulations

6. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Third-party companies that help us operate the Service (e.g., hosting providers, payment processors, email services)
• Business Transfers: In connection with a merger, acquisition, or sale of assets
• Legal Requirements: When required by law or to protect our rights
• With Your Consent: For any other purpose with your explicit consent

Our Service Providers Include:

• Vercel: Hosting and deployment (USA)
• Railway: Database hosting (USA)
• Stripe: Payment processing (USA)
• Resend: Email delivery (USA)
• Google: Authentication services (USA)

7. International Data Transfers

Your information may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses approved by the European Commission
• Data Processing Agreements with our service providers
• Compliance with EU-US Data Privacy Framework where applicable

8. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (authentication, security)
• Analytics Cookies: Help us understand how visitors use our Service (Vercel Analytics)

You can control cookies through your browser settings. Disabling essential cookies may affect the functionality of the Service.

9. Data Retention

We retain your personal data for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

When you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law.

10. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Request correction of inaccurate data
• Right to Erasure: Request deletion of your personal data
• Right to Restriction: Request limitation of data processing
• Right to Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time

To exercise these rights, contact us through our website. We will respond within 30 days.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Encryption of passwords using industry-standard hashing
• Regular security assessments and updates
• Access controls and authentication
• Secure data center infrastructure

12. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The “Last updated” date at the top indicates when the policy was last revised.

14. Supervisory Authority

If you are located in the EU and believe we have not adequately addressed your concerns, you have the right to lodge a complaint with a supervisory authority. In the Czech Republic:

15. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us through our website or at our registered address: