Privacy policy

1. Who we are

Couverté ("we", "us", "our") provides menu and commercial intelligence to hospitality operators. Our website is couverte.io.

For privacy questions and data-protection enquiries: hello@couverte.io. The same address reaches our acting DPO.

2. Data we collect

When you submit an inquiry through the contact form, we collect:

• —Your name
• —Your email address
• —Your company or restaurant name
• —Number of locations
• —Your selected engagement tier
• —Any message you choose to include

We do not collect payment information, government identifiers, or sensitive personal data through this website. Verdict and other engagements are invoiced separately by Stripe payment link — payment-card data never touches this site.

3. How we use your data

We use the information you provide solely to:

• —Respond to your inquiry and see how we can help
• —Schedule and conduct a consultation
• —Follow up if we have not heard back
• —Improve our services based on the types of operations that contact us

We do not use your data for automated decision-making, profiling, or targeted advertising.

4. Legal basis for processing (GDPR)

Our legal basis is legitimate interest — responding to a business inquiry you started. Submitting the form asks us to reply.

For non-essential cookies (product and page analytics described in section 8), the legal basis is your consent, captured through the cookie banner described in that section. You may withdraw consent at any time.

If we send further follow-ups, we rely on the same legitimate-interest basis. You may opt out at any time by emailing us.

5. How long we retain your data

We keep inquiry data for up to 24 months from submission. If you become a client, we retain data for the engagement plus further time for records as required.

You may request deletion. See section 7.

6. Sub-processors

We use the following service providers to run the site, deliver email, and operate the product. Each is bound by a data-processing agreement consistent with GDPR.

We do not sell your data. No marketing networks, no data brokers, no ad-tech tracking.

7. Your rights

Under the GDPR you have the following rights:

• —Right of access — confirm whether we hold your data and obtain a copy.
• —Right to rectification — correct inaccurate or incomplete data.
• —Right to erasure ("right to be forgotten") — delete your data where applicable.
• —Right to restriction — limit how we process your data while a request is in review.
• —Right to object — object to processing based on legitimate interest.
• —Right to data portability — receive your data in a structured, commonly used format.
• —Right to lodge a complaint with a supervisory authority (e.g. AEPD in Spain).

To exercise any of these rights, email hello@couverte.io. We respond within 30 days and may request reasonable proof of identity before processing the request.

8. Cookies and consent

We use a small number of strictly necessary cookies that the site cannot function without — these are set without consent (GDPR / ePrivacy permits this).

For anything non-essential — product analytics inside the client portal (PostHog), and page analytics on the marketing site (Vercel Analytics) — we ask for your consent through a cookie banner powered by vanilla-cookieconsent. The banner appears on first visit; nothing non-essential loads until you accept. Cloudflare Turnstile loads only on form pages and only for bot-detection — it sets no marketing or analytics cookies.

You can change your choice at any time. Use the button below or the "Cookie preferences" link in the site footer:

9. Security

Data is transmitted over HTTPS. Database access is restricted, role-scoped, and audit-logged. We do not store payment cards on this site.

10. Changes

We may update this policy. The date above shows the latest version. Material changes may be emailed to active clients.