Privacy Policy

Kairos S.L. ("the Company") is the data controller for personal data collected through this platform.

Company details:

• Legal name: Kairos S.L.

• Tax ID (CIF): B19837715

• Registered address: Torrent de l'Olla 121, 08012 Barcelona, Spain

• Contact: legal@kairos.rest

This service is intended exclusively for business operators aged 18 or over. Kairos does not knowingly collect data from minors.

We collect the following data when you use our platform:

Account data:

• Full name

• Email address

• Password (encrypted and managed by Clerk)

Restaurant operational data:

• Sales figures (tickets, revenue, billing)

• Operational and business performance metrics

• Venue name and location

App usage data:

• Pages visited and features used

• Error logs and technical events

• IP address and device information

To deliver the service, we share data with the following technology providers acting as data processors:

• Clerk — identity and authentication management (USA) · clerk.com/privacy

• Neon / PostgreSQL — cloud database storage (USA/EU)

• Vercel — hosting and deployment infrastructure (USA/EU)

• Sentry — error monitoring and application tracing (USA)

• Upstash — rate limiting (USA/EU)

All sub-processors are bound by Data Processing Agreements (DPAs) and comply with GDPR. We do not sell or share data with third parties for advertising purposes.

Some of our technology providers are based in or process data in the United States or other countries outside the European Economic Area (EEA). All such transfers are carried out with appropriate safeguards under GDPR Chapter V:

• Standard Contractual Clauses (SCCs) adopted by the European Commission (Implementing Decision EU 2021/914), binding Clerk, Vercel, Sentry and Upstash for US transfers.

• EU–US Data Privacy Framework (DPF) where the provider holds valid certification.

To request details of the specific safeguards in place, email legal@kairos.rest.

We retain your data for as long as your account is active. After subscription cancellation:

• Restaurant operational data is kept for **30 days** to allow export.

• After that period, it is permanently deleted from our systems.

• Billing records are retained for **5 years** in accordance with Spanish tax law.

As a data subject, you have the following rights under GDPR and the Spanish LOPDGDD:

• Access: Obtain confirmation of whether we process your data and receive a copy.

• Rectification: Correct inaccurate or incomplete data.

• Erasure ("right to be forgotten"): Request deletion of your data when it is no longer necessary.

• Portability: Receive your data in a structured, machine-readable format.

• Restriction: Request suspension of processing in certain circumstances.

• Objection: Object to processing based on legitimate interest.

To exercise your rights, email legal@kairos.rest with the subject "GDPR Rights Request" and a copy of your ID document.

You also have the right to lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es, or with your national supervisory authority.

We use strictly necessary technical cookies for platform operation (session, authentication) and first-party analytics cookies to improve the service.

We do not use third-party tracking or advertising cookies.

We apply appropriate technical and organisational measures to protect your data: TLS encryption in transit, encryption at rest, role-based access control, and periodic security audits.

We may update this policy to reflect changes in our practices or applicable law. We will notify you by email at least 30 days in advance of any material changes.

Last updated: May 2025