1. Who We Are
Vorrei ("Vorrei", "we", "us", or "our") operates the platform accessible at vorrei.io — an all-in-one digital platform designed for restaurants, salons, studios, retail shops, and other local businesses to manage menus, bookings, orders, and their online presence.
Vorrei acts as the data controller for personal data collected directly from visitors to our website and from business operators who register accounts with us.
For data processed on behalf of a business operator about their end customers (e.g., a restaurant's diners who make a booking), Vorrei acts as a data processor under the instructions of that business operator (the data controller).
For any privacy enquiries, contact us at: mail@vorreix.com
2. Data We Collect
2.1 Data You Provide Directly
- Account registration: Name, email address, password (hashed), business name, business type, and country.
- Business profile: Business address, phone number, logo, operating hours, social media handles, and any content you upload (menus, product images, descriptions).
- Billing information: Subscription plan details. Payment card data is handled exclusively by our PCI-DSS-compliant payment processors (Stripe or Razorpay) — we never store full card numbers on our servers.
- Communications: Messages you send us via our contact form, email, or support channels, including the content and metadata of those communications.
- Demo requests: Name, email, business name, and any additional information submitted through our demo booking form.
2.2 Data Collected Automatically
- Usage data: Pages visited, features used, session duration, button clicks, and navigation paths within the platform.
- Device & technical data: IP address, browser type and version, operating system, screen resolution, device identifiers, and referring URLs.
- Log data: Server logs including request timestamps, error logs, and access logs retained for security and debugging purposes.
- Cookies and similar technologies: See Section 10 for full details on cookies.
2.3 Data from Third Parties
- Payment processors: Stripe and Razorpay provide us with transaction status, billing reference IDs, and fraud signals. They do not share full card data with us.
- Analytics providers: Aggregated, anonymised data about site traffic and usage patterns.
- OAuth providers: If you sign in via Google or another OAuth provider, we receive your name, email address, and profile picture as permitted by your account settings with that provider.
2.4 End Customer Data (Business Operator Responsibility)
When a business using Vorrei collects data from their customers (e.g., names and contact details for reservation management), Vorrei processes that data as a data processor under the instructions of the business operator. The business operator is responsible for ensuring they have a lawful basis to collect and share that data with Vorrei.
3. How We Use Your Data
We use personal data for the following purposes:
- Service delivery: To create and manage your account, provide the Vorrei platform features, process payments, and fulfil your subscription.
- Platform improvement: To analyse usage patterns, fix bugs, develop new features, and optimise performance.
- Security: To detect, investigate, and prevent fraudulent transactions, abuse, or other harmful activities.
- Communications: To send transactional emails (password resets, billing receipts, booking confirmations), product updates, and — where you have opted in — marketing communications.
- Legal compliance: To meet our legal and regulatory obligations, including responding to lawful requests from public authorities.
- Customer support: To respond to your queries, diagnose technical issues, and provide assistance.
- AI features: Where you use AI-powered features (e.g., AI menu import, AI poster generator), your uploaded content may be processed by AI models to perform the requested task. We do not use your content to train external AI models without your explicit consent.
We do not sell, rent, or otherwise trade your personal data to third parties for their own marketing purposes.
4. Legal Basis for Processing (GDPR)
If you are in the European Economic Area (EEA), United Kingdom, or another jurisdiction with similar requirements, we rely on the following legal bases:
| Processing purpose | Legal basis |
|---|---|
| Account creation and service delivery | Performance of a contract (Art. 6(1)(b) GDPR) |
| Billing and payment processing | Performance of a contract (Art. 6(1)(b) GDPR) |
| Fraud detection and platform security | Legitimate interests (Art. 6(1)(f) GDPR) |
| Product analytics and improvement | Legitimate interests (Art. 6(1)(f) GDPR) |
| Marketing communications | Consent (Art. 6(1)(a) GDPR) — you can withdraw at any time |
| Legal obligations (e.g., tax records) | Legal obligation (Art. 6(1)(c) GDPR) |
6. International Data Transfers
Vorrei operates globally and your data may be stored and processed in countries outside your country of residence, including countries outside the EEA. Where we transfer personal data from the EEA to third countries, we ensure appropriate safeguards are in place, including:
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Transfer to countries with an adequacy decision from the European Commission; or
- Other legally recognised transfer mechanisms as applicable.
You may request a copy of the relevant transfer safeguards by contacting us at mail@vorreix.com.
7. Data Retention
We retain your personal data for as long as necessary to:
- Maintain your active account and provide the services you have requested;
- Comply with our legal obligations (e.g., financial records are retained for up to 7 years for tax purposes);
- Resolve disputes and enforce our agreements.
Upon account deletion, we delete or anonymise your personal data within 30 days, subject to the retention periods required by law. Backups may retain copies for up to an additional 90 days before they are purged automatically.
Aggregated, anonymised data (from which individuals cannot be identified) may be retained indefinitely for analytical purposes.
8. Your Rights
Depending on your location, you may have the following rights regarding your personal data. We honour all of these rights and will respond to verifiable requests within 30 days.
- Right to access: Request a copy of the personal data we hold about you.
- Right to rectification: Ask us to correct inaccurate or incomplete data.
- Right to erasure ("right to be forgotten"): Request deletion of your personal data where there is no legitimate reason for us to continue processing it.
- Right to restrict processing: Ask us to temporarily halt processing of your data in certain circumstances.
- Right to data portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
- Right to object: Object to processing based on legitimate interests or for direct marketing purposes.
- Right to withdraw consent: Where processing is based on consent, withdraw that consent at any time without affecting prior processing.
- Right to lodge a complaint: File a complaint with your local data protection authority (for EEA residents, this is the supervisory authority in your country of residence).
To exercise any of these rights, email us at mail@vorreix.com. We may ask you to verify your identity before processing your request.
9. Security
We implement industry-standard technical and organisational security measures to protect your data, including:
- Encryption of data in transit using TLS 1.2 or higher;
- Encryption of sensitive data at rest using AES-256;
- Role-based access controls limiting who within Vorrei can access personal data;
- Regular security assessments and penetration testing;
- Incident response procedures and breach notification protocols in accordance with applicable law.
Despite these measures, no system is completely secure. In the event of a data breach affecting your rights and freedoms, we will notify you and applicable authorities as required by law.
11. Children's Privacy
Vorrei is not directed to children under the age of 16. We do not knowingly collect personal data from anyone under 16. If you are a parent or guardian and believe your child has provided us with personal data, please contact us immediately at mail@vorreix.com and we will delete that information promptly.
12. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will:
- Update the "Effective date" at the top of this page;
- Send an email notification to registered account holders where the changes materially affect their rights; and
- In some cases, seek your renewed consent where required by law.
We encourage you to review this policy periodically. Your continued use of Vorrei after a change takes effect constitutes your acceptance of the updated policy.
13. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out:
Vorrei — Privacy Team
Email: mail@vorreix.com
Platform: vorrei.io
We aim to respond to all privacy-related enquiries within 30 business days.