Last updated: July 1, 2026

Privacy Policy

Transparency is the foundation of trust. This policy explains what data we collect, why, and how we protect it.

1. Who we are

The data controller for your personal data is:

GTC SELECT GRUP SRL
Str. Comarnic 59, Bucharest, Romania
Tax ID: 39138255
contact@tablette.ro
+40 751 954 687

We process your data in accordance with Regulation (EU) 2016/679 (GDPR), Romanian Law no. 190/2018, and any other applicable national data protection legislation.

2. Data we collect

2.1 Data provided by platform users (restaurants)

  • Account data: name, email address, phone number, restaurant name, address.
  • Billing data: billing address, VAT number (if applicable). Card data is processed exclusively by Stripe and is never stored by us.
  • Uploaded content: product photos, logos, menu descriptions.
  • Usage data: actions in the admin panel, preferences, settings.
  • Technical data: IP address, browser type, OS, access logs.

2.2 Data of restaurant end-customers (guests)

Through tablets and QR menus, the following may be collected:

  • Anonymous session data (session ID, menu viewed, products selected).
  • Orders and dietary preferences (including selected allergens).
  • AI chat conversation history (if enabled by the restaurant).
  • Preferred language and UI interactions.

In this context, the restaurant is the data controller for guest data, and GTC SELECT GRUP SRL acts as data processor. This relationship is governed by a Data Processing Agreement (DPA) available on request at contact@tablette.ro.

2.3 Automatically collected data (marketing & analytics)

  • Browsing data on tablette.ro via PostHog (analytics) and Sentry (error monitoring).
  • Aggregated platform usage data, with no individual user identification.

3. Purposes of processing

PurposeDetails
Service deliveryAccount creation and management, admin panel access, order and payment processing.
Billing and accountingInvoice issuance, subscription management, debt recovery.
Service communicationsOrder confirmations, payment alerts, renewal notices, technical updates.
Technical supportDiagnosing and resolving technical issues reported by users.
Product improvementAnalysing usage behaviour (aggregated or anonymised data) to optimise the platform.
SecurityDetecting unauthorised access, fraud prevention, abuse monitoring.
Legal obligationsCompliance with accounting, tax, and competent authority requirements.
Direct marketingSending information about new features or offers — exclusively with your explicit consent and with the ability to unsubscribe at any time.

5. Recipients & international transfers

5.1 Main sub-processors

ProviderRoleData location
SupabaseDatabase, authentication, file storageEU (AWS eu-central-1)
VercelWeb application hostingEU / USA
StripePayment processingUSA (standard contractual clauses)
ResendTransactional emailUSA (standard contractual clauses)
AnthropicClaude API (AI features)USA (standard contractual clauses)
PostHogProduct analyticsEU (eu.posthog.com)
SentryError monitoringUSA (standard contractual clauses)

Transfers to the USA are carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46(2)(c) GDPR.

5.2 Other disclosures

We do not sell your data. We may disclose data to competent authorities only where legally required.

6. Retention periods

Data categoryRetention period
Active account dataDuration of contract + 30 days (export window)
Billing data and accounting documents10 years (legal obligation under Romanian Accounting Law no. 82/1991)
Order history3 years from the order date
AI sessions (guest chat)90 days, then automatically deleted
Access and security logs12 months
Marketing data (with consent)Until consent withdrawal or unsubscribe

Upon expiry of the above periods, data is permanently deleted or irreversibly anonymised.

7. Your rights

As a data subject you have the following rights under GDPR:

  • Right of access (Art. 15) — receive a copy of the data we hold about you.
  • Right to rectification (Art. 16) — correct inaccurate or incomplete data.
  • Right to erasure (Art. 17) — request deletion of your data where there is no longer a legal basis for processing.
  • Right to restriction (Art. 18) — limit the way we process your data in certain situations.
  • Right to data portability (Art. 20) — receive data you have provided in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on our legitimate interest or for direct marketing purposes.
  • Withdrawal of consent — at any time, without retroactive effect, where processing is based on consent.

Requests may be sent to contact@tablette.ro. We respond within 30 calendar days. If you believe your rights are being infringed you may lodge a complaint with the Romanian Data Protection Authority (ANSPDCP)www.dataprotection.ro.

8. Cookies & tracking

8.1 Essential cookies

We use strictly necessary cookies for authentication (Supabase Auth sessions are stored in HTTP-only cookies) and platform operation. These do not require consent.

8.2 Analytics cookies

PostHog collects anonymised data about tablette.ro usage (pages visited, session duration, events). These cookies are only activated with your consent, expressed via the cookie banner shown on first visit.

8.3 reCAPTCHA cookies

The contact form uses Google reCAPTCHA v3 to prevent spam. Google may set cookies for this purpose. See Google's Privacy Policy for details.

8.4 Managing preferences

You can change your cookie preferences at any time via the cookie banner or directly through your browser settings.

9. Minors

The Tablette platform is intended exclusively for persons aged 18 or over. We do not knowingly collect personal data from minors. If we become aware that we have collected such data, we will delete it immediately. If you have concerns, please contact us at contact@tablette.ro.

10. Changes

We reserve the right to update this Privacy Policy. Any material changes will be communicated by email at least 14 days before they take effect. The date of the last update is indicated in the header of this document.

The most recent version is always available at tablette.ro/privacy.

11. Contact & DPO

To exercise your rights, or for any questions or concerns about the processing of your personal data, please contact us:

GTC SELECT GRUP SRL — Data Protection
Str. Comarnic 59, Bucharest, Romania
contact@tablette.ro
+40 751 954 687

If you are not satisfied with our response, you have the right to lodge a complaint with the ANSPDCP:
B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, Bucharest · www.dataprotection.ro

The Romanian version of this Privacy Policy is the legally binding version. The English version is provided for informational purposes only.

© 2026 GTC SELECT GRUP SRL. All rights reserved.