Last updated: July 1, 2026
Privacy Policy
Transparency is the foundation of trust. This policy explains what data we collect, why, and how we protect it.
1. Who we are
The data controller for your personal data is:
GTC SELECT GRUP SRLStr. Comarnic 59, Bucharest, Romania
Tax ID: 39138255
contact@tablette.ro
+40 751 954 687
We process your data in accordance with Regulation (EU) 2016/679 (GDPR), Romanian Law no. 190/2018, and any other applicable national data protection legislation.
2. Data we collect
2.1 Data provided by platform users (restaurants)
- Account data: name, email address, phone number, restaurant name, address.
- Billing data: billing address, VAT number (if applicable). Card data is processed exclusively by Stripe and is never stored by us.
- Uploaded content: product photos, logos, menu descriptions.
- Usage data: actions in the admin panel, preferences, settings.
- Technical data: IP address, browser type, OS, access logs.
2.2 Data of restaurant end-customers (guests)
Through tablets and QR menus, the following may be collected:
- Anonymous session data (session ID, menu viewed, products selected).
- Orders and dietary preferences (including selected allergens).
- AI chat conversation history (if enabled by the restaurant).
- Preferred language and UI interactions.
In this context, the restaurant is the data controller for guest data, and GTC SELECT GRUP SRL acts as data processor. This relationship is governed by a Data Processing Agreement (DPA) available on request at contact@tablette.ro.
2.3 Automatically collected data (marketing & analytics)
- Browsing data on tablette.ro via PostHog (analytics) and Sentry (error monitoring).
- Aggregated platform usage data, with no individual user identification.
3. Purposes of processing
| Purpose | Details |
|---|---|
| Service delivery | Account creation and management, admin panel access, order and payment processing. |
| Billing and accounting | Invoice issuance, subscription management, debt recovery. |
| Service communications | Order confirmations, payment alerts, renewal notices, technical updates. |
| Technical support | Diagnosing and resolving technical issues reported by users. |
| Product improvement | Analysing usage behaviour (aggregated or anonymised data) to optimise the platform. |
| Security | Detecting unauthorised access, fraud prevention, abuse monitoring. |
| Legal obligations | Compliance with accounting, tax, and competent authority requirements. |
| Direct marketing | Sending information about new features or offers — exclusively with your explicit consent and with the ability to unsubscribe at any time. |
4. Legal basis
- Contract performance (Art. 6(1)(b) GDPR) — processing necessary to deliver the contracted services (account, billing, orders).
- Legal obligation (Art. 6(1)(c) GDPR) — compliance with tax and accounting requirements applicable in Romania.
- Legitimate interests (Art. 6(1)(f) GDPR) — platform security, fraud prevention, aggregated analysis for product improvement.
- Consent (Art. 6(1)(a) GDPR) — direct marketing, non-essential cookies. Consent may be withdrawn at any time without affecting the contract.
5. Recipients & international transfers
5.1 Main sub-processors
| Provider | Role | Data location |
|---|---|---|
| Supabase | Database, authentication, file storage | EU (AWS eu-central-1) |
| Vercel | Web application hosting | EU / USA |
| Stripe | Payment processing | USA (standard contractual clauses) |
| Resend | Transactional email | USA (standard contractual clauses) |
| Anthropic | Claude API (AI features) | USA (standard contractual clauses) |
| PostHog | Product analytics | EU (eu.posthog.com) |
| Sentry | Error monitoring | USA (standard contractual clauses) |
Transfers to the USA are carried out on the basis of Standard Contractual Clauses (SCCs) approved by the European Commission under Art. 46(2)(c) GDPR.
5.2 Other disclosures
We do not sell your data. We may disclose data to competent authorities only where legally required.
6. Retention periods
| Data category | Retention period |
|---|---|
| Active account data | Duration of contract + 30 days (export window) |
| Billing data and accounting documents | 10 years (legal obligation under Romanian Accounting Law no. 82/1991) |
| Order history | 3 years from the order date |
| AI sessions (guest chat) | 90 days, then automatically deleted |
| Access and security logs | 12 months |
| Marketing data (with consent) | Until consent withdrawal or unsubscribe |
Upon expiry of the above periods, data is permanently deleted or irreversibly anonymised.
7. Your rights
As a data subject you have the following rights under GDPR:
- Right of access (Art. 15) — receive a copy of the data we hold about you.
- Right to rectification (Art. 16) — correct inaccurate or incomplete data.
- Right to erasure (Art. 17) — request deletion of your data where there is no longer a legal basis for processing.
- Right to restriction (Art. 18) — limit the way we process your data in certain situations.
- Right to data portability (Art. 20) — receive data you have provided in a structured, machine-readable format.
- Right to object (Art. 21) — object to processing based on our legitimate interest or for direct marketing purposes.
- Withdrawal of consent — at any time, without retroactive effect, where processing is based on consent.
Requests may be sent to contact@tablette.ro. We respond within 30 calendar days. If you believe your rights are being infringed you may lodge a complaint with the Romanian Data Protection Authority (ANSPDCP) — www.dataprotection.ro.
9. Minors
The Tablette platform is intended exclusively for persons aged 18 or over. We do not knowingly collect personal data from minors. If we become aware that we have collected such data, we will delete it immediately. If you have concerns, please contact us at contact@tablette.ro.
10. Changes
We reserve the right to update this Privacy Policy. Any material changes will be communicated by email at least 14 days before they take effect. The date of the last update is indicated in the header of this document.
The most recent version is always available at tablette.ro/privacy.
11. Contact & DPO
To exercise your rights, or for any questions or concerns about the processing of your personal data, please contact us:
GTC SELECT GRUP SRL — Data ProtectionStr. Comarnic 59, Bucharest, Romania
contact@tablette.ro
+40 751 954 687
If you are not satisfied with our response, you have the right to lodge a complaint with the ANSPDCP:
B-dul G-ral. Gheorghe Magheru 28–30, Sector 1, Bucharest · www.dataprotection.ro
The Romanian version of this Privacy Policy is the legally binding version. The English version is provided for informational purposes only.
© 2026 GTC SELECT GRUP SRL. All rights reserved.