DE EN FR

Privacy Policy

1. Data Controller

The data controller responsible for data processing is:

WECONN3CT GmbH
Frankenweg 109
53604 Bad Honnef
Germany

Email: info@ordable.io
Phone: +49 (0) 162 4521879

2. Overview of Our App

This Privacy Policy applies to the use of:

App Name: ORDABLE
App Type: Restaurant Management & Online Ordering System

3. What Data We Collect

3.1 Customer Data

When using our ordering functions, the following data is collected:

First name and last name
Phone number (required field)
Email address (optional)
Delivery address (for delivery orders)
Order history and total spending
Loyalty points
Reviews and comments

3.2 Employee and Admin Data

For use of the restaurant management system:

Name, email address, phone number
Password (stored encrypted)
Profile picture URL
User role and access rights

3.3 Automatically Collected Data

When using our services, the following is automatically collected:

IP address (via server connection)
User agent / browser information
Access timestamps

4. Legal Bases for Processing

The processing of your personal data is based on the following legal bases:

Contract Fulfillment (Art. 6 para. 1 lit. b GDPR): Processing for the execution of orders and provision of our services
Legitimate Interests (Art. 6 para. 1 lit. f GDPR): To improve our services and ensure IT security
Consent (Art. 6 para. 1 lit. a GDPR): If you have consented to certain processing activities (e.g., push notifications)

5. Location Data

Our app does not directly access GPS data or location features of your device. For delivery orders, the delivery address is manually entered by you. The entered postal code is used to calculate the delivery zone and delivery fees.

6. App Permissions (Android)

The Android app requires the following permissions:

Permission	Purpose
INTERNET	Network communication with our servers
RECEIVE_BOOT_COMPLETED	Automatic start after device reboot (kiosk mode)
WAKE_LOCK	Keep screen active during use
SYSTEM_ALERT_WINDOW	Overlay notifications for new orders

7. Authentication and Login

Login is done via email address and password. We use Supabase's authentication service. Email verification is required. Session data is stored in your browser's LocalStorage.

We do not offer social logins (Google, Facebook, etc.).

8. External Services and Data Transfers

To provide our services, we use the following external service providers:

Service	Purpose	Data Transferred
Supabase	Backend, database, authentication	All user and order data
Resend	Email delivery (order confirmations)	Email, name, order details, address
Google Fonts	Font provision	IP address

8.1 Supabase (Backend & Database)

We use Supabase as our backend infrastructure and database. Supabase acts as a data processor in accordance with Art. 28 GDPR. Data processing is based on a data processing agreement.

8.2 Resend (Email Service)

For sending order confirmations and notifications, we use the Resend email service. Resend acts as a data processor in accordance with Art. 28 GDPR.

8.3 Google Fonts

Our website uses fonts from Google Fonts. When accessing our pages, a connection to Google servers is established, whereby your IP address is transmitted. Google is certified under the EU-US Data Privacy Framework.

For more information, see Google's Privacy Policy: https://policies.google.com/privacy

9. Tracking and Analytics

We do not use tracking tools. Our app does not use Google Analytics, Firebase Analytics, advertising trackers, or any other third-party tracking tools.

10. Local Storage (LocalStorage)

Our app uses LocalStorage (not classic cookies) to store:

Authentication session (login state)
Favorited menu items
PWA installation status
Printer and sound settings (for restaurant operators only)

This data is stored exclusively locally on your device and is not transmitted to third parties.

11. Notifications

With your permission, we can send you push notifications. We use the browser's Web Notification API for this purpose. Activation only occurs with your express consent. Notifications inform about new orders and status changes.

We do not use Firebase Cloud Messaging or comparable external push services.

12. Payment Processing

Currently, no online payment processing is implemented in our app. Payments are made directly at the restaurant (cash or card payment on-site). Should we introduce online payments in the future, we will update this Privacy Policy accordingly and use PCI-DSS compliant payment service providers.

13. Data Security

We implement comprehensive technical and organizational measures to protect your data:

HTTPS encryption: All data transmissions are encrypted
Password hashing: Passwords are not stored in plain text
Row Level Security (RLS): Database access controlled at row level
Role-based access controls: Access only according to user role

14. Data Disclosure to Third Parties

Your data is disclosed exclusively to the following recipients:

Supabase: Data processing as data processor
Resend: Email delivery as data processor
Google: Font provision (IP address only)
Restaurant operators: Access to customer orders for order fulfillment

No disclosure to: Advertising networks, social media, or data brokers.

15. Storage Duration

We store your personal data only as long as necessary for the purposes for which it was collected:

Order data: 10 years (legal retention obligation)
Customer account data: Until account deletion
Server log files: Maximum 30 days

After the storage period expires, your data will be deleted or anonymized.

16. Your Rights

You have the following rights regarding your data stored with us:

Right of Access (Art. 15 GDPR)

You have the right to receive free information about the data stored about you and a copy of this data at any time.

Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data.

Right to Erasure (Art. 17 GDPR)

You have the right to request the deletion of your data stored with us, unless legal retention obligations prevent this.

Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of the processing of your data.

Right to Data Portability (Art. 20 GDPR)

You have the right to receive your data in a structured, commonly used, and machine-readable format or to request transmission to another controller.

Right to Object (Art. 21 GDPR)

You have the right to object to the processing of your data at any time for reasons arising from your particular situation.

Right to Withdraw Consent

If processing is based on your consent, you can withdraw it at any time with effect for the future.

Right to Lodge a Complaint

You have the right to lodge a complaint with a data protection supervisory authority. The supervisory authority responsible for us is:

State Commissioner for Data Protection and Freedom of Information North Rhine-Westphalia
Kavalleriestr. 2-4
40213 Düsseldorf
Germany
www.ldi.nrw.de

17. Contact for Privacy Inquiries

For questions about data protection or to exercise your rights, please contact us at:

Email: info@ordable.io
Phone: +49 (0) 162 4521879

18. Currency of this Privacy Policy

This Privacy Policy is currently valid and has the status of January 2025.

Due to the further development of our app and services or due to changed legal requirements, it may become necessary to change this Privacy Policy. The current version can always be found on this page.

← Back to Home