Privacy policy

Location and GDPR compliance

BuonMenu is based in Italy and data is hosted mainly in Europe. When we transfer data outside Europe we always make sure that the companies are compliant with EU privacy laws: all our service providers are GDPR compliant.

Data we hold

BuonMenu stores data about:

1. Visitors (i.e. the users who visit BuonMenu and read the menus)
2. Restaurants (i.e. the customers that sign up to BuonMenu in order to publish a menu)

Data held on visitors

We don't collect personal data from visitors. However, as all websites do, we may collect some log information and stats required for debugging, security and development in general.

Data held on restaurants

BuonMenu collects account information for each user, including:

• Basic information like name and email address
• Billing information required for invoices and payments (we rely on third-party services that are PCI compliant)
• Data required for publishing or technical purposes
• Log information required for debugging, security and development in general

Data persistence and rectification

Restaurants can use the account features to remove or update their data.

Backups and logs can have a duration up to 1 year.

Access to data and portability

You can access to your account and copy your data at any time.

Data usage

Data collected is used for:

• account and billing
• publication and technical purposes in general
• logs and analytics, in order to improve BuonMenu
• sending account alerts or news about BuonMenu to our users.

Consent

Restaurant consent is explicitly provided because they perform actions on BuonMenu.

Visitors also accepts this policy by using our service.

Data protection and security

We care about security and we follow best practices to reduce the risk of data breaches.

Data breaches will be notified to our registered users within 72 hours, after having become aware of it.

Data processors

Data is collected and manipulated both on our own devices and on third-party servers. Our web application is hosted on Heroku. Data is also stored on Amazon Web Services. We also use many different services suited for specific purposes, for example: Cloudflare for security and DDoS mitigation, Sendgrid for emails, G Suite for support emails, Logz.io for logs, Chargebee for invoicing, Stripe for payments.

Analytics and cookies

We care about privacy and we don't use tracking cookies or similar technologies.

Our website uses only technical cookies that are strictly required for the correct functioning of the website.

You can clear all your cookie preferences and all data stored on your device at any time by using your browser preferences to clear browsing data.

Data controller

Data holder is AbstractBrain srls unipersonale (P. IVA: 02516920036), located in Via G. B. Palletta, 11, 28865 Crevoladossola (VB), Italy.

Inside the company, the Data Protection Officer is Marco Colli, born in Domodossola, the 27th of february 1991 and residing in Crevoladossola (VB), Italy.