Legal
Privacy Policy.
How Stavio handles data — written in plain language, not legalese.
Last updated: April 27, 2026 · Effective immediately for all users.
1. Who we are
Stavio (operated by an independent restaurant operator based in New York, NY, USA) provides AI hospitality tools for restaurants, including a multilingual menu chat, a smart review/reward loop, an AI staff trainer, and analytics dashboards. This Privacy Policy explains what we collect, why, and your choices.
Contact: hello@stavio.app
2. What we collect
From restaurant owners (our customers)
- Account info: email address, restaurant name, slug, tier.
- Payment info: handled entirely by Stripe — we do not store card numbers.
- Restaurant content: menu data you upload (PDF and structured fields), service rules, custom messages.
- Operational data: staff trainer access codes, review configuration URLs, usage timestamps.
From restaurant guests (your customers)
- Anonymous session ID: a random UUID stored in the guest's browser. Not linked to any name, email, or phone.
- Chat conversations: the questions guests ask the menu chat and the AI's responses, plus the language detected.
- Inferred preferences: dietary tags (vegan, halal, etc.) extracted from chat questions, used only to personalize subsequent visits.
- Dishes tried: only when a guest voluntarily taps dishes in the post-meal share flow.
- Optional contact info: if a guest leaves a private review with their email or phone for follow-up. Never collected without their explicit input.
- Private feedback text: when a guest submits unhappy feedback through the share flow.
Automatic technical data
- IP address and basic request headers (used by Netlify and Supabase for routing and security).
- Browser localStorage (for anonymous session continuity and your sign-in token).
- Standard server logs — not used for tracking individuals across sites.
What we DON'T collect:
No biometric data (no face recognition). No cross-site tracking cookies. No PII linked to anonymous guest sessions. No selling, sharing, or renting of any data with marketers.
3. How we use it
- To run the service: answer guest questions, train staff, route reviews, generate insights.
- To improve the AI: chat data is sent to Anthropic (Claude) to generate replies. Anthropic processes and does not retain the data for model training (per their enterprise terms).
- To bill you: Stripe receives only the info needed for payment processing.
- For analytics in your workspace: aggregated patterns from your own restaurant only.
- To respond to support requests: if you email hello@stavio.app.
4. Who else processes data
We use a small set of carefully chosen sub-processors:
- Supabase (US data center) — database and authentication.
- Netlify (US/global edge) — hosting and serverless functions.
- Anthropic (US) — AI model inference (Claude).
- Stripe (US) — payment processing.
- FormSubmit (forwarding service) — partner application submissions only.
Each operates under their own enterprise data-protection terms and is contractually obligated not to use your data for their own purposes.
5. Data retention
- Restaurant accounts: kept while your account is active. We delete on request within 30 days, or 90 days after subscription cancellation.
- Guest sessions and chat conversations: kept for 90 days by default. Owners can delete them anytime via the workspace.
- Private feedback rows: kept until the owner deletes them.
- Backup snapshots: Supabase retains rolling backups for up to 7 days before they're overwritten.
6. Your rights
You can:
- Access the data we hold about you — email hello@stavio.app with the subject "Data access request".
- Correct inaccurate data via your workspace, or by emailing us.
- Delete your account and all associated data — workspace owners can request full deletion. Restaurant owners can also wipe all guest sessions for their restaurant in one click via the Repeat Guests panel.
- Export your data in a portable format (JSON) — request via email.
- Object to processing for any reason — email us.
If you're in the EU/UK, you have rights under GDPR; if you're in California, under CCPA. We honor both regardless of location.
7. Cookies and similar technologies
We use the minimum needed:
- Sign-in token: stored locally in your browser to keep you signed in. Cleared when you sign out.
- Anonymous guest session ID: a per-restaurant UUID stored in localStorage on the guest's device. Powers the Memory feature. Not transmitted to third parties.
- No third-party tracking cookies. We don't use Google Analytics, Facebook Pixel, or any cross-site trackers.
8. International transfers
Data is stored on US-based servers (Supabase US East). Guests outside the US: by using the service, you consent to transfer of data to the US for processing under standard contractual clauses with our sub-processors.
9. Security
We use industry-standard encryption in transit (TLS 1.2+) and at rest. Database access is scoped via row-level security so each restaurant can only see its own data. We never email passwords (we use magic links instead). If we discover a security incident affecting your data, we'll notify you within 72 hours.
10. Children
Stavio is not intended for users under 13. We don't knowingly collect data from children. If you believe a child has interacted with our service, contact us and we'll delete it.
11. Changes to this policy
We may update this policy as the service evolves. Significant changes will be emailed to active customers and posted at the top of this page. Continued use after changes means you accept the updated policy.
12. Contact
Questions, requests, or concerns: hello@stavio.app
Note:
This is the v1 of our Privacy Policy, written in plain language. As Stavio scales internationally, we may engage outside counsel to expand region-specific disclosures (Turkey KVKK, EU GDPR Article 30 records, etc.). The principles above won't change — we'll just say them more thoroughly.