Privacy Policy

Last updated: March 2026

1. Controller

The controller responsible for data processing on this website is:

Philipp Bergmann
Waiblinger Straße 59
70734 Fellbach, Germany
Email: hello@qarte.app

2. Data We Collect

When you use Qarte, we collect the following categories of data:

  • Account data: Email address, name, and password hash when you create an account.
  • Restaurant data: Menu content, categories, items, prices, and images you upload to the platform.
  • Usage data: QR code scans (anonymised), page views, and feature interactions to improve the service.
  • Technical data: IP address, browser type, device type, and operating system collected automatically via server logs.

3. How We Use Your Data

We process your data for the following purposes:

  • Providing and maintaining the Qarte platform and your digital menus.
  • Authenticating your account and managing access permissions.
  • Generating analytics and insights about menu performance.
  • Processing payments for subscriptions and print orders.
  • Communicating service updates, security notices, and support responses.

4. Legal Basis (GDPR)

We process personal data based on:

  • Contract performance (Art. 6(1)(b) GDPR): To provide the services you signed up for.
  • Legitimate interest (Art. 6(1)(f) GDPR): To improve our platform, prevent fraud, and ensure security.
  • Consent (Art. 6(1)(a) GDPR): For optional analytics and marketing communications, which you can withdraw at any time.

5. Third-Party Services

We use the following third-party services to operate Qarte:

  • Supabase (authentication and file storage) — hosted in the EU.
  • Vercel (hosting and deployment) — edge network with EU presence.
  • Stripe (payment processing) — PCI DSS compliant.

We do not sell, rent, or trade your personal data to third parties.

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we remove your personal data within 30 days, except where retention is required by law (e.g. invoicing records for tax purposes).

7. Your Rights

Under GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate or incomplete data.
  • Request erasure of your data (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability — receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where processing is consent-based.

To exercise any of these rights, contact us at hello@qarte.app.

8. Cookies

Qarte uses essential cookies for authentication and session management. We do not use advertising or tracking cookies. Analytics cookies are only set with your consent.

9. Data Security

We implement industry-standard security measures including encrypted connections (TLS), hashed passwords, role-based access control, and regular security reviews to protect your data against unauthorised access, loss, or misuse.

10. Contact

If you have questions about this privacy policy or want to exercise your data rights, please contact us at hello@qarte.app.