Logo

Privacy Policy

Last updated: March 24, 2026

Important Notice About Your Data

Kelner App is a non-commercial portfolio project operated by a private individual. No registered business entity is behind this service. No money is collected or processed. We strongly recommend using only fictitious data. While we handle your data in accordance with GDPR, the experimental nature of this Platform means we cannot guarantee data permanence. Your data may be deleted at any time.

1. Data Controller

The data controller is a private individual (natural person) located in Poland, who develops and maintains Kelner App for demonstration and portfolio purposes. This is a personal, non-commercial project with:

  • No registered business entity (no JDG, no Sp. z o.o., no foundation)
  • No commercial activity — zero revenue is generated
  • No data selling, sharing, or monetization of any kind

Contact: kelnerapp@proton.me

2. What Data We Collect

We collect only the minimum data necessary for the Platform to function:

Email Address

  • Required for account creation and authentication
  • Used exclusively to send one-time login codes (OTP)
  • Never used for marketing, newsletters, or promotional emails
  • Never shared with or sold to third parties

Display Name

  • Provided by you during profile setup
  • Shown to team members within your demo place

User-Generated Content

  • Menu items, categories, descriptions, and images you create
  • Place names, settings, and configurations
  • Demo orders, reservations, and table configurations

Technical Data (automatic)

  • Authentication session tokens (essential cookies)
  • Basic server logs (IP address, request timestamps) — for security and debugging only

What we do NOT collect

Payment or financial information, precise geolocation, browsing history, device fingerprints, social media profiles, or any data for profiling, advertising, or behavioral analytics.

3. Purpose of Data Processing

Your personal data is processed solely to:

  • Provide the service — account creation, authentication via OTP, and access to Platform features
  • Operate the Platform — store and display your demo content (menus, orders, etc.)
  • Ensure security — prevent abuse, unauthorized access, and technical issues

We do not process your data for marketing, profiling, automated decision-making, or any commercial purpose.

4. Legal Basis (GDPR Article 6)

We process your data based on:

  • Your consent (Article 6(1)(a) GDPR) — given when you create an account and accept the Terms of Use. You may withdraw consent at any time by deleting your account.
  • Legitimate interest (Article 6(1)(f) GDPR) — for security purposes (server logs, abuse prevention). Our legitimate interest is ensuring the Platform remains functional and secure.

5. Data Storage and Security

  • Authentication data (email, sessions) is stored by Supabase, which uses industry-standard encryption and security practices. Supabase servers are located in the EU.
  • Application data (menus, orders, configurations) is stored in SQLite databases on the Platform's server infrastructure.
  • Images are stored on the server filesystem.
  • All connections use HTTPS/TLS encryption in transit.

Important: Given the experimental and non-commercial nature of this Platform, we cannot guarantee data permanence, integrity, or backup. All data may be deleted at any time without notice due to maintenance, database resets, or project restructuring.

6. Cookies

The Platform uses only essential technical cookies required for authentication and session management. Specifically:

  • Authentication cookies — to keep you signed in (set by Supabase)
  • Session cookies — to maintain your session state

We do not use:

  • Tracking or analytics cookies
  • Advertising or retargeting cookies
  • Third-party cookies (no Google Analytics, no Meta Pixel, no similar services)

Since we use only strictly necessary cookies, no cookie consent banner is required under GDPR and the ePrivacy Directive.

7. Your Rights Under GDPR

As a data subject under GDPR (Regulation (EU) 2016/679), you have the following rights:

  • Right of access (Art. 15) — request a copy of all personal data we hold about you
  • Right to rectification (Art. 16) — correct inaccurate personal data (you can edit your name in Profile settings)
  • Right to erasure (Art. 17) — delete your account and all associated data. This is available directly in your Profile settings — no need to contact us.
  • Right to restrict processing (Art. 18) — request that we limit how we use your data
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to withdraw consent — at any time, by deleting your account

To exercise any of these rights, contact us at the email address above or use the self-service account deletion in Profile settings.

8. Data Retention

  • Email address and display name — stored until you delete your account
  • User-generated content — stored until you delete it or your account
  • Server logs — automatically deleted after 30 days
  • Authentication sessions — expire automatically per Supabase's session policy

Note: The operator reserves the right to delete all Platform data at any time due to the experimental nature of this project. In such cases, all personal data will be permanently erased.

9. Third-Party Services

The Platform uses the following third-party service:

Supabase (Authentication)

  • Purpose: account creation, email OTP authentication, session management
  • Data shared: your email address
  • Supabase servers: EU region
  • Supabase privacy policy: supabase.com/privacy

We do not share your personal data with any other third parties, advertisers, or data brokers.

10. International Data Transfers

Your data is processed and stored within the European Union (EU/EEA). Supabase infrastructure for authentication is configured for the EU region. No personal data is intentionally transferred outside the EU/EEA.

11. Children

This Platform is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us and we will delete it promptly.

12. Changes to This Policy

This Privacy Policy may be updated at any time. The updated version will be posted on this page with a new "Last updated" date. We encourage you to review this policy periodically.

13. Supervisory Authority

If you believe your data protection rights have been violated, you have the right to file a complaint with the Polish Data Protection Authority:

Urząd Ochrony Danych Osobowych (UODO)

ul. Stawki 2, 00-193 Warszawa, Poland

Website: uodo.gov.pl

14. Contact

For privacy-related questions, data access requests, or to exercise your GDPR rights, contact: kelnerapp@proton.me