Privacy policy

Location and GDPR compliance

BuonMenu is based in Italy and data is hosted mainly in Europe. When we transfer data outside Europe we always make sure that the companies are compliant with EU privacy laws: all our service providers are GDPR compliant.

Data we hold

BuonMenu stores data about:

  1. Visitors (i.e. the users who visit BuonMenu and read the menus)
  2. Restaurants (i.e. the customers that sign up to BuonMenu in order to publish a menu)

Data held on visitors

We don't collect personal data from visitors. However, as all websites do, we may collect some log information and stats required for debugging, security and development in general.

Data held on restaurants

BuonMenu collects account information for each user, including:

Data persistence and rectification

Restaurants can use the account features to remove or update their data.

Backups and logs can have a duration up to 1 year.

Access to data and portability

You can access to your account and copy your data at any time.

Data usage

Data collected is used for:

Consent

Restaurant consent is explicitly provided because they perform actions on BuonMenu.

Visitors also accepts this policy by using our service.

Data protection and security

We care about security and we follow best practices to reduce the risk of data breaches.

Data breaches will be notified to our registered users within 72 hours, after having become aware of it.

Data processors

Data is collected and manipulated both on our own devices and on third-party servers. Our web application is hosted on Heroku. Data is also stored on Amazon Web Services. We also use many different services suited for specific purposes, for example: Cloudflare for security and DDoS mitigation, Sendgrid for emails, G Suite for support emails, Logz.io for logs, Chargebee for invoicing, Stripe for payments.

Analytics and cookies

As most websites do, we use cookies for technical reasons.

Beside that we use third party services (Google Analytics) for analytics. Data collected by those services is anonymized (IP anonymization) and it is not merged with data from other sources (i.e. it is used only for analytics and not shared to other services like Adwords).

Data controller

Data holder is AbstractBrain srls unipersonale (P. IVA: 02516920036), located in Via G. B. Palletta, 11, 28865 Crevoladossola (VB), Italy.

Inside the company, the Data Protection Officer is Marco Colli, born in Domodossola, the 27th of february 1991 and residing in Crevoladossola (VB), Italy.