Privacy Policy
Effective: 30 April 2026 · Version 2.0
This policy explains what personal data Opnclo collects, why, who we share it with, how long we keep it, and how you can exercise your rights - including downloading or deleting all your data with one click from your account settings.
- 1. Who we are
- 2. Our roles under GDPR
- 3. Data we collect
- 4. Legal bases
- 5. How long we keep it
- 6. Sub-processors and sharing
- 7. International transfers
- 8. AI features and model training
- 9. Cookies and tracking
- 10. Your rights
- 11. Security and breach notification
- 12. Children
- 13. Changes to this policy
- 14. Contact and complaints
1. Who we are
"Opnclo" refers to the operator of the website opnclo.com and the application at app.opnclo.com (together, the "Service"). The Service lets restaurants and hospitality professionals create and publish digital menus, manage reservations, and analyse guest behaviour.
Identity and contact details of the operator are published in our Legal notice. For any privacy matter, write to privacy@opnclo.com.
2. Our roles under GDPR
Opnclo plays two distinct roles depending on the data:
- Data controller - for personal data we collect about our customers (the restaurateur or hospitality professional who creates an Opnclo account) and about visitors to opnclo.com and app.opnclo.com.
- Data processor - for personal data that our customers collect through the Service about their own guests (for example, names, emails and phone numbers entered into the reservation widget by restaurant guests). The customer is the controller of that data; Opnclo processes it on their documented instructions in accordance with our Data Processing Agreement, available on request.
3. Data we collect
We only collect what we need to operate the Service. Concretely:
| Category | Examples | Purpose |
|---|---|---|
| Account data | Email, password (hashed by Supabase Auth), name, locale, signup timestamp | Create and secure your account |
| Restaurant data | Name, slug, address, GPS coordinates, phone, opening hours, menu photos, social links, multilingual descriptions | Operate the public menu and reservation pages you publish |
| Menu content | Categories, items, prices, descriptions, allergen and dietary tags, images, AI-generated translations | Render your menu |
| Reservation data | Guest name, email, phone, party size, special requests, custom fields, reservation history | Process and remind your guests of their bookings (we are processor here, you are controller) |
| Billing data | Stripe customer ID, subscription ID, plan, billing address, status | Process payments via Stripe |
| Usage data | Logins, feature usage, IP address, user-agent, request timestamps (in server logs) | Operate the Service and prevent abuse |
| Guest analytics | QR scans, menu views, item views, session timing | Show your aggregate analytics dashboard |
| Support data | Emails sent to contact@opnclo.com or privacy@opnclo.com | Respond to your requests |
We do not collect or store payment card numbers. Card details are handled exclusively by Stripe (PCI-DSS Level 1).
4. Legal bases
Each processing activity relies on one of the following GDPR Article 6 bases:
- Contract (Art. 6.1.b) - to provide and operate the Service you subscribed to.
- Legitimate interests (Art. 6.1.f) - to secure the Service, prevent abuse, monitor performance, and produce aggregate analytics for restaurateurs.
- Consent (Art. 6.1.a) - only when explicitly required (for instance, when you connect your Google Business Profile via OAuth, or for any future optional marketing emails). You can withdraw consent at any time without affecting prior processing.
- Legal obligation (Art. 6.1.c) - to keep accounting records, respond to lawful requests, or comply with tax law (notably 10-year invoice retention under Portuguese commercial and tax law).
The complete record of our processing activities (Article 30 register) is maintained internally and available to supervisory authorities on request.
5. How long we keep your data
| Data | Retention |
|---|---|
| Account, restaurant, menu and settings data | Until you delete your account. On deletion, an automatic cascade purges all rows. Backups expire within 7 days. |
| Reservation and guest profile data | 36 months after the last interaction with the guest. Restaurateurs may shorten this individually. |
| Guest analytics events | 24 months at row level, then aggregated. |
| Billing data | 10 years after the last invoice (Portuguese tax and commercial law obligation). |
| Support emails | 24 months after the last exchange. |
| Server access logs | 30 days. |
6. Sub-processors and sharing
We rely on a small set of carefully vetted third-party providers to deliver the Service. The complete and current list, with the data each one processes, the hosting region, and the link to their Data Processing Agreement, is published at opnclo.com/sub-processors and updated whenever it changes.
We will give at least 30 days' notice by email before adding a new sub-processor or changing the role of an existing one, so you can object and terminate your subscription if you disagree.
Beyond these sub-processors, we share personal data only when legally compelled (court order, regulatory request) or to defend our legal rights. We do not sell personal data, ever.
7. International transfers
Our database, file storage and authentication are hosted in the European Union (Supabase, EU regions). Some providers - notably Stripe, Anthropic, Google Maps Platform, and Google Cloud (Gemini) - process data in the United States. These transfers are governed by the European Commission's Standard Contractual Clauses and, where applicable, supplementary measures. Details for each provider are in our sub-processors list.
8. AI features and model training
The Service uses third-party AI models for two purposes only:
- Menu OCR and translation - Google Gemini (vision + text). When you upload a menu photo or PDF, the bytes are sent to Gemini to extract the structured content.
- Menu enrichment - Anthropic Claude. Item names and descriptions may be sent to suggest dietary tags or improved descriptions, which you review before publishing.
Inputs are not used to train Google or Anthropic models, per the API terms of both providers (Gemini API Terms; Anthropic Commercial Terms / DPA). We do not feed personal data to AI models beyond what is strictly required to deliver the feature you triggered.
9. Cookies and tracking
Opnclo's marketing site (opnclo.com) and product app (app.opnclo.com) use only essential first-party cookies and local storage: session token, current restaurant selection, language preference. These are required for the Service to function and do not require consent under the ePrivacy Directive.
We do not use Google Analytics, Facebook Pixel, Hotjar, Posthog, Mixpanel, or any other third-party analytics or advertising tracker on this site. Aggregate guest analytics inside the Service (QR scans, menu views) are first-party and stored in our own database.
If we ever introduce a third-party tracker, we will deploy a compliant consent banner before enabling it.
10. Your rights
Under the GDPR you have the right to:
- Access a copy of your data - Article 15.
- Receive your data in a structured, machine-readable format - Article 20 (portability).
- Rectify inaccurate data - Article 16 (you can edit most fields directly in the Service; for anything else, write to us).
- Erase your data - Article 17.
- Restrict or object to certain processing - Articles 18 and 21.
- Withdraw consent at any time, where processing is based on consent.
- Lodge a complaint with a supervisory authority - see section 14.
- Download my data - generates a complete JSON export of every row tied to your account (profile, all restaurants, menus, QR codes, reservations, guest profiles, analytics).
- Delete my account - permanently erases your account and everything associated, cancels active Stripe subscriptions, and sends a confirmation email. Effect is immediate.
For all other requests, write to privacy@opnclo.com. We respond within one month, extendable by two months for complex requests as permitted by Article 12.3 of the GDPR.
Reservation guests: if you booked through an Opnclo-powered widget and want to access, modify or erase your data, please contact the restaurant directly - they are the data controller for your information. Opnclo will assist them on request.
11. Security and breach notification
We protect your data with industry-standard measures: TLS 1.2+ encryption in transit, encryption at rest provided by our infrastructure providers, hashed passwords, JWT-based authentication with rate limiting on signup/login, ownership re-checks server-side on every authenticated endpoint, automatic dependency vulnerability scanning, and regular security reviews of the codebase.
No system is perfectly secure. In the event of a personal data breach, we will notify the competent supervisory authority within 72 hours of becoming aware of it, and notify affected users without undue delay if the breach is likely to result in a high risk to their rights and freedoms, in accordance with Articles 33 and 34 of the GDPR.
12. Children
The Service is intended for professional use by restaurateurs and hospitality businesses, and is not directed at children under 16. We do not knowingly collect personal data from children. Reservation data may incidentally relate to minors when a guest books a table for a family - in that case the booking adult provides the information; we keep it minimal and treat it under the same safeguards.
13. Changes to this policy
We may update this policy when we change features, add a sub-processor, or to clarify language. Material changes will be announced by email at least 30 days before they take effect. The version number and effective date at the top of this page indicate the current revision.
14. Contact and complaints
Privacy contact. privacy@opnclo.com - we read every message and reply personally.
Lead supervisory authority. Opnclo's operator is established in Portugal, so the lead authority is the CNPD - Comissão Nacional de Proteção de Dados, Av. D. Carlos I, 134 - 1.º, 1200-651 Lisboa, Portugal - www.cnpd.pt. You may also lodge a complaint with the data protection authority of your country of residence within the EU - for example the CNIL in France (www.cnil.fr) or your local DPA.