Privacy Policy

GastroBot — crew application for restaurant operations
Last updated: 24 March 2025

This policy describes how personal and operational data are handled when you use the GastroBot mobile and desktop application (the “App”). The App is intended for authorized staff of venues that use the associated restaurant operations platform.

1. Data controller

The services connected to the App are operated in connection with BRRM (services hosted under domains such as apirestobot.brrm.eu for production use). The legal entity responsible for personal data (the “controller”) is the organization that operates your venue’s subscription and employs or authorizes you to use the App. For privacy requests specific to your workplace account, contact your venue administrator or use the contact details below.

2. What data the App processes

• Account and authentication. To sign in, you provide credentials (e.g. email and password) which are sent to our servers for verification. After login, the App may store an encrypted or encoded session on your device (including access and refresh tokens and basic profile information returned by the API) so you stay signed in until you log out.
• Remembered email. If you choose to remember your email address on the sign-in screen, it is stored locally on your device to pre-fill the form.
• Operational data. While you use the App, it exchanges data with our backend APIs for features such as tables, orders, reservations, menus, kitchen/bar queues, and related venue workflows. That data is tied to your account and venue context as required to provide the service.
• Device content (optional). If a feature uses your device camera or photo library (for example to attach images), access occurs only when you initiate that action and is subject to the permissions you grant the App on your operating system.

3. Where data is stored

• On your device: session and preferences (e.g. via platform storage such as SharedPreferences on Android) for login state and remembered email.
• On our servers: account, venue, and operational records processed through the API endpoints configured for the App (production traffic typically uses https://apirestobot.brrm.eu; non-production builds may use other designated hosts).

4. Purpose and legal basis

We process this data to provide and secure the service, authenticate users, operate venue workflows, and meet contractual obligations with the venue. Where applicable, processing may be based on contract, legitimate interests (e.g. fraud prevention, service improvement), or consent (e.g. optional device permissions), in line with local law.

5. Sharing and processors

Data is shared with infrastructure and service providers only as needed to host and operate the platform (e.g. hosting, networking), under appropriate agreements. The App does not embed third-party advertising or analytics SDKs as part of the standard open-source application package described in this repository; your venue’s deployment or future updates may change this—check release notes or your administrator.

6. Retention

Server-side retention follows the controller’s policies and legal requirements. Local session data on your device is removed when you log out or when you clear the App’s storage; uninstalling the App may remove local data depending on your platform.

7. Security

We use industry-standard measures such as TLS for data in transit. You should protect your device and credentials; do not share login details with unauthorized persons.

8. Your rights

Depending on your location (including the EEA/UK), you may have rights to access, rectify, erase, restrict, or object to certain processing, and to lodge a complaint with a supervisory authority. To exercise rights regarding personal data held by the controller, contact privacy@brrm.eu or your venue’s data protection contact (replace with the correct address for your organization).

9. Children

The App is not intended for children and is meant for professional use by authorized restaurant staff.

10. Changes

We may update this policy from time to time. The “Last updated” date at the top will change when we do. Material changes may be communicated through the App, your venue, or the publication URL where this document is hosted.

11. Contact

Questions about this policy or the GastroBot App:
Email: privacy@brrm.eu (update to your official privacy inbox)

This document is provided as a practical summary for app store listings and users. It does not constitute legal advice. Have qualified counsel review it for your jurisdiction, employment context, and actual data practices before publication.