Privacy Notice
Last updated: 7/10/2026
1. Who We Are
This Privacy Notice is provided by Cuore Di Caffe Ltd, a company registered in Malta ("we", "us", "our"), the provider of the Restauranteur software service. We act as the data controller for personal data collected through our service under the EU General Data Protection Regulation (GDPR) and the Maltese Data Protection Act.
2. Data We Collect
We collect the following categories of personal data:
- Identity & Contact: Name, email address, and business name.
- Account Data: Login credentials, role assignments, and account preferences.
- Business Data: Sales records, invoices, stock data, staff information, roster entries, and financial summaries you input into the platform.
- Usage Data: App activity logs, feature usage, and error reports.
- Device & Technical: IP address, browser type, device identifiers, and operating system.
3. Purposes of Processing
We process your personal data for the following purposes:
- Account creation & service provision: To create and maintain your account and provide the Restauranteur platform. (Legal basis: contract performance)
- Customer support: To respond to your questions and resolve issues. (Legal basis: contract performance / legitimate interests)
- Security & fraud prevention: To protect our service and users from unauthorised access and fraud. (Legal basis: legitimate interests / legal obligation)
- Product improvement: To analyse usage patterns and improve features. (Legal basis: legitimate interests)
- Marketing: To send updates and offers, where you have consented. (Legal basis: consent)
4. Data Sharing
We share personal data with the following categories of recipients:
- Service providers: Hosting providers, analytics services, and customer support tooling.
- Merchant of Record: Paddle.com, for processing payments, managing subscriptions, handling tax compliance, and invoicing.
- Professional advisers: Legal and accounting professionals, when necessary.
- Authorities: Where required by applicable law or regulation.
5. Data Retention
We retain your personal data for as long as your account is active, plus a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymise it.
6. Your Rights
Depending on your location, you may have the following rights:
- Access — request a copy of your personal data.
- Rectification — request correction of inaccurate data.
- Erasure — request deletion of your data in certain circumstances.
- Restriction — request limitation of processing in certain circumstances.
- Portability — receive your data in a portable format.
- Objection — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent.
To exercise your rights, contact us through the support channels within the Restauranteur app. We aim to respond within one month.
7. Security
We implement appropriate technical and organisational measures to protect your data, including encryption in transit, access controls, and regular security reviews.
8. Cookies
We use essential cookies to maintain your session and enable core functionality. We may use analytics cookies to understand how users interact with our service. You can manage cookie preferences through your browser settings.
9. International Transfers
Your data may be stored and processed in countries outside your own. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions, to protect your data.
10. Changes to This Notice
We may update this Privacy Notice from time to time. Material changes will be communicated via email or within the app. The "Last updated" date at the top of this page indicates when it was most recently revised.
11. Contact
If you have any questions about this Privacy Notice or how we handle your data, please contact us through the support channels within the Restauranteur app.