Privacy Policy
Last updated: February 24, 2026
1. Data Controller
The data controller responsible for the processing of personal data on this platform pursuant to the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the German Federal Data Protection Act (Bundesdatenschutzgesetz, "BDSG") is:
RestaurantAIFaruk Orman
24105 Kiel, Germany
Email: ofolabs@gmail.com
We are not required to appoint a Data Protection Officer (DPO) under Art. 37 GDPR or § 38 BDSG, as fewer than 20 persons are regularly engaged in the automated processing of personal data. You may direct all data protection inquiries to the email address above.
2. Overview of Data Processing
We process personal data only to the extent necessary to provide our Service and comply with legal obligations. The following categories of data are collected:
| Category | Data | Legal Basis (GDPR) | Purpose |
|---|---|---|---|
| Account data | Email, display name, phone number, profile photo URL | Art. 6(1)(b) — contractual necessity | Account creation, authentication, communication |
| Payment data | Stripe customer ID, subscription plan, billing period (we do not store card numbers, bank details, or billing addresses) | Art. 6(1)(b) — contractual necessity | Subscription billing, credit purchases |
| Content data | Restaurant information (name, address, description, hours), menu items (name, price, description, category), uploaded food images, AI-enhanced images, 3D models | Art. 6(1)(b) — contractual necessity | Providing the core Service functionality |
| AI processing data | AI job records (type, status, input/output URLs, credits used, timestamps) | Art. 6(1)(b) — contractual necessity | Managing AI feature requests, credit tracking, error handling |
| Social data | Comments (visitor name, text), likes (hashed visitor identifier), feedback (visitor name, email, rating, message) | Art. 6(1)(f) — legitimate interest (restaurant engagement) | Restaurant visitor engagement features |
| Technical data | IP address, browser user agent, request timestamps | Art. 6(1)(f) — legitimate interest (security) | Security, rate limiting, abuse prevention |
| Error data | Error stack traces, request context (anonymized, no PII) | Art. 6(1)(f) — legitimate interest (service reliability) | Bug detection and service reliability |
| Usage counters | Aggregated counts only: total likes, comments, and menu items per website (no individual visitor tracking or page view analytics) | Art. 6(1)(f) — legitimate interest (service improvement) | Dashboard statistics for restaurant owners |
Note on legitimate interest (Art. 6(1)(f)): Where we rely on legitimate interest, we have conducted a balancing test and determined that our interests do not override your fundamental rights and freedoms. You may object to processing based on legitimate interest at any time (see Section 9).
3. Detailed Processing Activities
3.1 Account Registration & Authentication
When you create an account, we collect your email address and (optionally) a display name, phone number, and profile photo. You may also sign in via Google OAuth. Authentication is handled by Firebase Authentication (Google LLC), which stores your email, hashed password, OAuth tokens, and email verification status. Your last login timestamp is updated at most once per hour for security monitoring.
3.2 Content Management
Restaurant information and menu items you create are stored in Cloud Firestore. Images you upload (food photos, menu photos) are stored in Firebase Storage. All user-provided text inputs are validated and sanitized (HTML-escaped) before storage to prevent cross-site scripting. Content you publish is publicly accessible via your restaurant website URL.
3.3 Payment Processing
Payments are processed exclusively by Stripe, Inc. We never receive or store your credit card number, CVV, or full billing address. We store only your Stripe customer ID, subscription plan, billing period, and credit balance in our database. Stripe processes your payment method, billing address, and transaction details under their own privacy policy.
3.4 AI-Powered Features
When you use AI features, your uploaded images are sent to third-party AI providers for processing (see Section 5 for full disclosure under the EU AI Act). AI processing is initiated only by your explicit action. We do not use your data to train AI models.
3.5 Social Features (Visitors)
Restaurant visitors (not account holders) may submit comments, likes, and feedback on published restaurant websites:
- Comments: Visitor name and comment text are stored. Comments require website owner approval before becoming public. Rejected comments are deleted after 90 days.
- Likes: A pseudonymous visitor identifier is derived server-side by hashing the visitor's IP address and browser user agent (SHA-256, truncated). This prevents duplicate likes without storing the raw IP address. A random visitor ID and like state are also stored in the visitor's browser localStorage for UI purposes.
- Feedback: Visitor name, email, rating, and message are stored. Feedback automatically expires after 180 days.
Social feature submissions are protected by Cloudflare Turnstile (CAPTCHA) and rate limiting.
3.6 Security & Rate Limiting
We use Upstash Redis for distributed rate limiting. Hashed IP addresses and request counts are stored temporarily in Redis to enforce rate limits (e.g., 60 requests per minute). This data is ephemeral and not used for tracking or profiling.
4. Third-Party Service Providers (Data Processors)
We use the following third-party services to operate the platform. Data processing agreements (DPAs) are in place with each provider pursuant to Art. 28 GDPR:
| Service | Provider & Country | Purpose | Data Transferred |
|---|---|---|---|
| Firebase Auth | Google LLC, USA | User authentication & identity | Email, password hash, OAuth tokens, email verification status |
| Cloud Firestore | Google LLC, USA | Application database | Account data, content data, social data, AI job records, analytics counters |
| Firebase Storage | Google LLC, USA | File storage | Uploaded images, AI-enhanced images, generated 3D models, profile photos |
| Stripe | Stripe, Inc., USA | Payment processing & billing | Payment method, billing address, email (processed by Stripe; we store only Stripe customer ID) |
| RunwayML | Runway AI, Inc., USA | AI image enhancement (Gen4 Image) | Composited food images (temporary, not retained beyond processing) |
| fal.ai | Fal AI, Inc., USA | Background removal (BiRefNet) & 3D model generation (Hunyuan3D) | User-uploaded food images (temporary, not retained beyond processing) |
| OpenAI | OpenAI, LLC, USA | Menu text extraction (GPT-4o Vision) | User-uploaded menu photographs (sent as base64, not retained beyond processing) |
| Netlify | Netlify, Inc., USA | Hosting, CDN, edge functions, image optimization | IP address, request metadata, custom domain configuration |
| Sentry | Functional Software, Inc., USA | Error monitoring & performance tracking | Error stack traces, request context (PII excluded by configuration, 10% transaction sampling) |
| Upstash | Upstash, Inc., USA | Distributed rate limiting (Redis) | Hashed IP addresses, request counts (ephemeral) |
| Cloudflare Turnstile | Cloudflare, Inc., USA | Bot protection (CAPTCHA) | IP address, browser signals, challenge response token |
5. AI Processing & Transparency (EU AI Act)
In compliance with Regulation (EU) 2024/1689 (the EU AI Act), in particular Art. 50 on transparency obligations for deployers of AI systems, we disclose the following:
| Feature | AI Provider & Model | Purpose | Input Data | Output |
|---|---|---|---|---|
| Image Enhancement | RunwayML (Gen4 Image) | Generate enhanced food photographs with professional backgrounds | User-uploaded food image (after background removal) | AI-generated image (synthetic content) |
| Background Removal | fal.ai (BiRefNet) | Remove image backgrounds as preprocessing step | User-uploaded food image | Transparent PNG image |
| 3D Model Generation | fal.ai (Hunyuan3D v3.1) | Generate 3D model of a dish from a photograph | User-uploaded food image | AI-generated 3D model (.glb format) |
| Menu Extraction | OpenAI (GPT-4o Vision) | Extract menu item text (names, prices, descriptions) from photos | User-uploaded menu photograph (base64) | Structured text data (returned for user review before saving) |
Important disclosures:
- AI-enhanced images and 3D models are AI-generated synthetic content pursuant to Art. 50(2) of the EU AI Act. Enhanced images are produced by generative AI and may not represent the actual appearance of the dish.
- AI processing is initiated only by your explicit action (clicking "Enhance", "Generate 3D", or "Scan Menu"). No automated AI processing occurs without user initiation.
- We do not use your data to train AI models. Images are sent to the AI providers solely for the requested processing task.
- The AI providers process images temporarily and do not retain them beyond the processing request, subject to each provider's data processing terms.
- Extracted menu text is returned to you for review and manual confirmation before being saved. The AI system does not make autonomous decisions about your menu content.
6. International Data Transfers
Several of our service providers are located in the United States. Data transfers to the USA are safeguarded by the following mechanisms pursuant to Art. 44–49 GDPR:
- EU-US Data Privacy Framework (DPF): Google (Firebase), Stripe, and Cloudflare are certified under the EU-US Data Privacy Framework. Transfers to these providers are based on the European Commission's adequacy decision of 10 July 2023 (Commission Implementing Decision (EU) 2023/1795) pursuant to Art. 45 GDPR.
- Standard Contractual Clauses (SCCs): For providers not certified under the DPF (including RunwayML, fal.ai, and others), or as a supplementary safeguard, we rely on Standard Contractual Clauses pursuant to Art. 46(2)(c) GDPR as adopted by Commission Implementing Decision (EU) 2021/914.
You may obtain information about the specific safeguards applicable to each transfer by contacting us at ofolabs@gmail.com.
7. Cookies & Local Storage
In accordance with § 25 of the German Telecommunications Telemedia Data Protection Act (TTDSG) and Art. 5(3) of the ePrivacy Directive (2002/58/EC), we use only technically necessary cookies and local storage entries. These are exempt from the consent requirement under § 25(2) TTDSG because they are strictly necessary for providing the service you explicitly requested.
| Name / Type | Purpose | Duration | Provider |
|---|---|---|---|
| Firebase Auth token | Maintain authenticated user session | 1 hour (auto-refreshed by Firebase SDK) | Google (Firebase) |
| cf_clearance (cookie) | CAPTCHA bot protection verification | Session | Cloudflare |
| sidebar_expanded (localStorage) | Remember dashboard sidebar open/closed state | Persistent | First-party |
| rai_visitor_id (localStorage) | Anonymous visitor identifier for like tracking UI state | Persistent | First-party |
| rai_liked_items (localStorage) | Track which menu items the visitor has liked (client-side UI) | Persistent | First-party |
We do not use advertising cookies, tracking cookies, analytics cookies, or any third-party marketing pixels. No cookie consent banner is required because all storage is strictly necessary for the operation of the Service.
8. Provision of Personal Data
The provision of your email address and account data is a contractual requirement necessary for using the Service. Without this data, we cannot create your account or provide the Service. The provision of payment data (via Stripe) is required only for paid subscription plans. All other data (display name, phone number, profile photo, restaurant content) is provided voluntarily.
9. Data Subject Rights
Under the GDPR (Regulation (EU) 2016/679) and the BDSG, you have the following rights:
- Right of access (Art. 15 GDPR, § 34 BDSG) — obtain a copy of your personal data and information about its processing
- Right to rectification (Art. 16 GDPR) — correct inaccurate data (available via your profile settings)
- Right to erasure (Art. 17 GDPR, § 35 BDSG) — delete your account and all associated data via account settings (cascade deletion of all websites, menus, images, AI jobs, and comments)
- Right to restriction (Art. 18 GDPR) — restrict processing in certain circumstances (e.g., while contesting accuracy)
- Right to data portability (Art. 20 GDPR) — receive your data in a structured, commonly used, machine-readable format (see Section 12)
- Right to object (Art. 21 GDPR, § 36 BDSG) — object to processing based on legitimate interest at any time, on grounds relating to your particular situation. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests
- Right not to be subject to automated decisions (Art. 22 GDPR) — see Section 10 below
- Right to withdraw consent (Art. 7(3) GDPR) — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing
To exercise these rights, contact us at ofolabs@gmail.com. We will respond within one month as required by Art. 12(3) GDPR. This period may be extended by two further months for complex requests, in which case we will inform you within the first month.
10. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal effects or significantly affects you within the meaning of Art. 22 GDPR. We do not profile users based on behavior, purchase history, or AI feature usage. The following automated processes exist but do not constitute automated decision-making under Art. 22:
- Rate limiting: Automated request throttling based on IP address for security and abuse prevention
- Plan enforcement: Automatic checks against subscription limits (website count, menu items, credit balance) as part of contractual service delivery
- CAPTCHA verification: Automated bot detection via Cloudflare Turnstile during registration and social feature submissions
- Credit deduction: Automatic charge of AI credits upon user-initiated AI processing requests (refunded automatically if processing fails)
- Subscription lifecycle: Automatic downgrade upon payment failure (after a 7-day grace period) and automatic unpublishing of excess websites upon plan downgrade
11. Right to Lodge a Complaint
You have the right to lodge a complaint with a data protection supervisory authority pursuant to Art. 77 GDPR. The competent supervisory authority for our business in Kiel, Schleswig-Holstein is:
Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein (ULD)Holstenstraße 98, 24103 Kiel, Germany
Website: www.datenschutzzentrum.de
You may also contact the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
12. Data Retention & Portability
| Data Category | Retention Period | Basis |
|---|---|---|
| Account data | Until account deletion (inactive free accounts auto-deleted after 180 days) | Contractual necessity |
| Content data (websites, menus, images) | Until you delete the content or your account | Contractual necessity |
| AI job records | 90 days (auto-expired via Firestore TTL) | Legitimate interest (debugging) |
| Social data — comments | Until deleted by website owner; rejected comments auto-deleted after 90 days | Legitimate interest |
| Social data — feedback | 180 days (auto-expired via Firestore TTL) | Legitimate interest |
| Social data — likes | Until associated website is deleted (orphaned likes cleaned by scheduled job) | Legitimate interest |
| Payment records (Stripe customer ID) | 6 years after account deletion | Legal obligation (§ 147 AO, § 257 HGB — German tax and commercial law) |
| Error logs (Sentry) | 90 days | Legitimate interest |
| Webhook event records | 30 days (auto-expired via Firestore TTL) | Legitimate interest (idempotency) |
Data portability (EU Data Act): In accordance with Regulation (EU) 2023/2854 (the EU Data Act), you may request an export of your data in a structured, commonly used, and machine-readable format. This includes your account information, restaurant website data, menu items, and uploaded images. To request a data export, contact us at ofolabs@gmail.com. We will not charge excessive fees for data export and will provide the data within a reasonable timeframe.
13. Children's Privacy
The Service is not directed at children under 16. We do not knowingly collect personal data from children under 16. If we become aware that a child under 16 has provided personal data, we will take steps to delete that information promptly in accordance with Art. 8 GDPR and § 25 TTDSG.
14. Security Measures
We implement appropriate technical and organizational measures to protect your personal data pursuant to Art. 32 GDPR, including:
- HTTPS/TLS encryption for all data in transit
- Encryption at rest via Google Cloud infrastructure (Firebase/Firestore)
- Content Security Policy (CSP) headers to prevent cross-site scripting attacks
- Input sanitization and HTML escaping on all user-generated content
- Rate limiting (Upstash Redis with in-memory fallback) to prevent abuse and brute-force attacks
- CAPTCHA (Cloudflare Turnstile) on registration and social feature submissions to prevent automated abuse
- Firebase Security Rules and server-side ownership checks for access control
- Cryptographic hashing (SHA-256) for visitor identifiers instead of storing raw IP addresses
- Constant-time comparison (crypto.timingSafeEqual) for secret validation to prevent timing attacks
- Stripe webhook signature verification for payment event authentication
15. Changes to This Policy
We may update this privacy policy to reflect changes in our practices or applicable law. The "last updated" date at the top indicates the most recent revision. Material changes will be communicated to registered users via email at least 30 days in advance. Previous versions are available upon request.
16. Contact
For privacy-related inquiries or to exercise your data subject rights:
Faruk Orman24105 Kiel, Germany
Email: ofolabs@gmail.com
See also our Terms of Service and Imprint.