Eatourist

Last updated: February 21, 2026

Privacy Policy

Your privacy matters to us. This policy explains what data we collect, how we use it, and your rights.

1. Data We Collect

We collect the following categories of data:

  • Account data — email address and hashed password when you register.
  • Restaurant data — menu content, images, and translations you upload.
  • Analytics data — anonymous QR scan counts, device type, browser, operating system, approximate location (country/city), and preferred language when customers view your menu.
  • Usage data — standard server logs including IP addresses and request timestamps.

2. How We Use Your Data

We use collected data to:

  • Provide and operate the Eatourist service.
  • Send transactional emails (account verification, password reset).
  • Provide restaurant owners with anonymous analytics about their menu views.
  • Improve the platform and diagnose technical issues.

We do not sell your data to third parties. We do not use your data for advertising.

3. Data Storage & Security

Your data is stored on servers within the European Union or the United States, depending on your deployment region. We use industry-standard encryption (TLS) for data in transit and bcrypt hashing for passwords. Images are stored in S3-compatible object storage.

4. Cookies

We use the following cookies:

  • better-auth.session_token — authentication session cookie. Required for dashboard access.
  • NEXT_LOCALE — stores your preferred UI language (en/fr/ar). Expires in 1 year.
  • eatourist_table — stores the table ID when a customer scans a QR code. Session-scoped.

5. Your Rights (GDPR / CCPA)

Depending on your location, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your account and associated data.
  • Object to or restrict certain processing activities.
  • Data portability (receive your data in a machine-readable format).

To exercise any of these rights, contact us at privacy@eatourist.app. We will respond within 30 days.

6. Third-Party Services

We use the following third-party services to operate Eatourist:

  • Resend — email delivery for transactional emails.
  • Vercel — hosting and edge network.
  • S3-compatible storage — image storage.

7. Data Retention

We retain your account data for as long as your account is active. Analytics data (menu views) is retained for 12 months. You may request deletion of your account and all associated data at any time.

8. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered users of material changes via email. The "Last updated" date at the top of this page reflects the most recent revision.

9. Contact

For privacy-related questions or requests, contact us at privacy@eatourist.app.

Privacy Policy | Eatourist