Privacy Policy.

How Stavio handles data — written in plain language, not legalese.

Last updated: June 12, 2026 · Effective immediately for all users.

1. Who we are

Stavio (operated by an independent restaurant operator based in New York, NY, USA) provides AI hospitality tools for restaurants, including a multilingual menu chat, a smart review/reward loop, an AI staff trainer, and analytics dashboards. This Privacy Policy explains what we collect, why, and your choices.

Contact: hello@stavio.ai

2. What we collect

From restaurant owners (our customers)

• Account info: email address, restaurant name, slug, tier.
• Payment info: handled entirely by Stripe — we do not store card numbers.
• Restaurant content: menu data you upload (PDF and structured fields), service rules, custom messages.
• Operational data: staff trainer access codes, review configuration URLs, usage timestamps.

From restaurant guests (your customers)

• Anonymous session ID: a random UUID stored in the guest's browser. Not linked to any name, email, or phone.
• Chat conversations: the questions guests ask the menu chat and the AI's responses, plus the language detected.
• Inferred preferences: dietary tags (vegan, halal, etc.) extracted from chat questions, used only to personalize subsequent visits.
• Dishes tried: only when a guest voluntarily taps dishes in the post-meal share flow.
• Optional contact info: if a guest leaves a private review with their email or phone for follow-up. Never collected without their explicit input.
• Private feedback text: when a guest submits unhappy feedback through the share flow.

Automatic technical data

• IP address and basic request headers (used by Netlify and Supabase for routing and security).
• Browser localStorage (for anonymous session continuity and your sign-in token).
• Standard server logs — not used for tracking individuals across sites.

3. How we use it

• To run the service: answer guest questions, train staff, route reviews, generate insights.
• To improve the AI: chat data is sent to Anthropic (Claude) to generate replies. Anthropic processes and does not retain the data for model training (per their enterprise terms).
• To bill you: Stripe receives only the info needed for payment processing.
• For analytics in your workspace: aggregated patterns from your own restaurant only.
• To respond to support requests: if you email hello@stavio.ai.

4. Who else processes data

We use a small set of carefully chosen sub-processors:

• Supabase (US data center) — database and authentication.
• Netlify (US/global edge) — hosting and serverless functions.
• Anthropic (US) — AI model inference (Claude).
• Stripe (US) — payment processing.
• Resend (US) — transactional email delivery (welcome emails, lead notifications, owner alerts).
• Google (US) — Google Business Profile API (only when the owner connects their profile via OAuth). See section 5 — Google API services and Limited Use.
• Twilio (US) — voice and SMS routing for the Smart Concierge phone line (only when the owner enables the add-on).
• ElevenLabs (US) — multilingual voice synthesis for the AI phone agent (only when the owner enables the Smart Concierge add-on).

Each operates under their own enterprise data-protection terms and is contractually obligated not to use your data for their own purposes.

5. Google API services and Limited Use

When a restaurant owner connects their Google Business Profile to Stavio (an optional feature accessed through the workspace), we request OAuth access to a narrow set of Google APIs so that owner-approved updates can be published to the public listing.

Scopes we request

• https://www.googleapis.com/auth/business.manage — to read the owner's verified locations and publish owner-approved Posts (text, photos, calls-to-action) to the listing they choose.

What we access and store

• The Google account ID, location ID, and business name of the connected profile — stored so we can publish on the owner's behalf.
• The owner's OAuth refresh token — stored encrypted at rest and used only to refresh expired access tokens.
• The text and images of Posts the owner explicitly approves for publishing — sent to Google's Posts API and not retained by Stavio after publish-confirmation.

We do not read the contents of the owner's Gmail, Drive, Calendar, Photos, Contacts, or any other Google service. We do not request those scopes.

Limited Use commitment

Stavio's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only use Google user data to provide the user-facing features the owner activated (publishing approved Posts to their Business Profile).
• We do not transfer Google user data to third parties except as necessary to provide or improve those features, or as required by law.
• We do not use Google user data for serving ads, including retargeting, personalized, or interest-based advertising.
• Humans do not read Google user data unless we have the owner's explicit consent for specific messages, it is necessary for security or to comply with applicable law, or the data is aggregated and used for internal operations in accordance with the Google API Services User Data Policy.

Owner control

• An owner can disconnect their Google Business Profile from Stavio at any time via the workspace. On disconnect, we revoke the OAuth tokens with Google and delete the stored account / location / refresh-token rows within 7 days.
• An owner can also revoke Stavio's access directly at myaccount.google.com/permissions.
• Every Post Stavio publishes is shown to the owner in a draft state first and only goes live after the owner clicks "Publish." Stavio does not auto-publish.

6. Data retention

• Restaurant accounts: kept while your account is active. We delete on request within 30 days, or 90 days after subscription cancellation.
• Guest sessions and chat conversations: kept for 90 days by default. Owners can delete them anytime via the workspace.
• Private feedback rows: kept until the owner deletes them.
• Backup snapshots: Supabase retains rolling backups for up to 7 days before they're overwritten.

7. Your rights

You can:

• Access the data we hold about you — email hello@stavio.ai with the subject "Data access request".
• Correct inaccurate data via your workspace, or by emailing us.
• Delete your account and all associated data — workspace owners can request full deletion. Restaurant owners can also wipe all guest sessions for their restaurant in one click via the Repeat Guests panel.
• Export your data in a portable format (JSON) — request via email.
• Object to processing for any reason — email us.

If you're in the EU/UK, you have rights under GDPR; if you're in California, under CCPA. We honor both regardless of location.

8. Cookies and similar technologies

We use the minimum needed:

• Sign-in token: stored locally in your browser to keep you signed in. Cleared when you sign out.
• Anonymous guest session ID: a per-restaurant UUID stored in localStorage on the guest's device. Powers the Memory feature. Not transmitted to third parties.
• No third-party tracking cookies. We don't use Google Analytics, Facebook Pixel, or any cross-site trackers.

9. International transfers

Data is stored on US-based servers (Supabase US East). Guests outside the US: by using the service, you consent to transfer of data to the US for processing under standard contractual clauses with our sub-processors.

10. Security

We use industry-standard encryption in transit (TLS 1.2+) and at rest. Database access is scoped via row-level security so each restaurant can only see its own data. We never email passwords (we use magic links instead). If we discover a security incident affecting your data, we'll notify you within 72 hours.

11. Children

Stavio is not intended for users under 13. We don't knowingly collect data from children. If you believe a child has interacted with our service, contact us and we'll delete it.

12. Changes to this policy

We may update this policy as the service evolves. Significant changes will be emailed to active customers and posted at the top of this page. Continued use after changes means you accept the updated policy.

13. Contact

Questions, requests, or concerns: hello@stavio.ai