Complete transparency about how we protect and use your personal data in compliance with GDPR and LGPD
Karu Software is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our restaurant management platform.
This policy complies with the European Union's General Data Protection Regulation (GDPR) and Brazil's General Data Protection Law (LGPD), ensuring the highest standards of data protection.
| Data Controller | Karu Software |
| Jurisdiction | Portugal (European Union) |
| Data Storage | Germany (European Union) |
| Data Protection Officer | Available through contact form |
As a company based in the European Union, we strictly follow GDPR guidelines for data protection.
We only collect data necessary to provide and improve our services. All data is processed with appropriate legal basis:
| Category | Examples | Purpose | Legal Basis |
|---|---|---|---|
| Account Data | Name, email, phone, company | Account creation and management, communication | Contract performance |
| Operational Data | Recipes, staff, sales | Platform functionality, reporting | Contract performance |
| Payment Data | Billing information, transaction history | Payment processing, billing | Contract performance |
| Technical Data | IP address, access logs, usage data | Security, optimization, technical support | Legitimate interest |
We use trusted providers to ensure the best experience and security. All have compliance certifications:
| Service | Purpose | Location | Compliance |
|---|---|---|---|
| Supabase | Primary database and authentication | Germany (EU) | GDPR |
| Stripe | Secure payment processing | United States | SCC |
| Google Analytics | Usage analysis and optimization | United States | SCC |
| Clerk | Authentication and user management | United States | SCC |
| Sentry | Error monitoring and performance | United States | SCC |
Strict Policy: We never sell, rent, or share your personal data with third parties for commercial purposes.
You have comprehensive rights over your personal data. You can exercise these rights at any time:
| Right | Description |
|---|---|
| Access | Request a copy of all personal data we process about you |
| Rectification | Correct inaccurate or incomplete personal data |
| Erasure | Request deletion of your personal data ('right to be forgotten') |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing of your data for direct marketing purposes |
| Withdraw Consent | Withdraw consent at any time when processing is based on consent |
We implement strict technical and organizational security measures to protect your data against unauthorized access, alteration, disclosure, or destruction:
To exercise your rights or clarify questions about this policy, contact us through our secure contact form.