Privacy Policy

Hospry is a kitchen-management tool for restaurants: HACCP temperature logging, mise en place, recipes, stock and ordering. We are the “data controller” for the personal data described here — that means we decide why and how it's used.

Controller

Hospry ([eenmanszaak — vul handelsnaam in / fill in trading name])

Run by

[NAAM EIGENAAR / OWNER NAME]

KvK number

[KvK-NUMMER / CoC NUMBER]

Address

[ADRES / ADDRESS], Amsterdam, Nederland

Contact

privacy@hospry.app

Account data

• Your name and email address.
• Your restaurant or organisation name, and your role (owner, chef, staff).
• A password (stored encrypted by Firebase Authentication — we never see it).

Kitchen & operational data you enter

• HACCP temperature logs, corrective actions and sign-offs.
• Mise en place / prep lists and their status.
• Recipes, ingredients, costs, allergens and stock counts.
• Staff members you add, and the short PIN each uses to sign work off.

Technical data

• Basic device and browser information, and your language preference.
• Approximate, non-precise location derived from your IP address (for security and language).
• Cookies and similar storage — see our Cookie Policy for the full list and how to control them.

Under the GDPR we always have a lawful basis for using your data. Here's the plain-language version:

• To provide the service you signed up for — run your account, store your kitchen records, calculate HACCP status and food cost. Basis: performance of our contract with you.
• To keep Hospry secure, prevent abuse, and fix problems. Basis: our legitimate interest in a safe, working product.
• To send you essential service messages (e.g. security or billing notices). Basis: contract / legitimate interest.
• To improve the product and, where you've agreed, measure how the site is used. Basis: your consent (analytics) and our legitimate interest.
• To meet legal obligations, such as tax and accounting rules. Basis: legal obligation.

Hospry helps you produce HACCP records you may be legally required to keep (e.g. for an NVWA inspection). You stay responsible for the accuracy and retention of those records; Hospry is the tool that makes them, not the keeper of your legal obligations.

Some Hospry features use AI to help you understand your kitchen, order smarter and reduce waste. When you use them, the relevant data (for example a recipe, a stock count or a question you ask) is sent to our AI provider to generate a response.

• We use reputable AI providers under business agreements that prohibit them from training their models on your data.
• We don't use your kitchen data to train AI models.
• AI output can be wrong — always apply professional judgement, especially for anything food-safety related.

We do not sell your personal data, and we don't share it for other companies' advertising. We do use a small number of trusted “processors” that run parts of the service for us, under contracts that bind them to protect your data:

Hosting & database

Google Firebase (Authentication, Firestore, Storage, Cloud Functions) — stores your data on servers in the European Union.

Analytics

Google Analytics — only if you accept analytics cookies, to understand how the website is used.

AI

Our AI provider — processes the specific data you submit to an AI feature, to generate a response.

Payments

A payment provider (e.g. Stripe) once paid plans launch — to process subscriptions securely. We never store full card numbers.

We may also disclose data if the law requires it, or to protect our rights, safety or property — and we'll resist overly broad requests.

Your core data is hosted in the European Union (Google Cloud, region eur3). Where a provider needs to process data outside the EU/EEA, we rely on legal safeguards approved under the GDPR — such as the European Commission's Standard Contractual Clauses — to keep your data protected to EU standards.

• Account data: for as long as your account is active, then deleted or anonymised within a reasonable period after you close it.
• Kitchen & HACCP records: kept while you use Hospry so you can meet your own record-keeping duties; you control when to delete them, and they're removed when you close your account.
• Billing records: kept as long as tax and accounting law requires (in the Netherlands, generally seven years).
• Backups: deleted data may persist briefly in encrypted backups before being overwritten on our normal cycle.

Under the GDPR you have the right to ask us to:

• Access the personal data we hold about you, and get a copy.
• Correct anything that's wrong or incomplete.
• Delete your data (“right to be forgotten”), where there's no legal reason to keep it.
• Restrict or object to certain processing, including direct marketing.
• Receive your data in a portable format, or have it sent to another provider.
• Withdraw consent at any time, where we relied on it (e.g. analytics cookies) — without affecting what we did before.

To exercise any of these, email privacy@hospry.app. We'll respond within one month. It's free, unless a request is clearly unfounded or excessive.

• Data is encrypted in transit (HTTPS) and at rest by our hosting provider.
• Access is controlled by role (owner, chef, staff) and enforced by database security rules.
• We keep our software up to date and limit who on our side can access production data.

No system is perfectly secure, but we take reasonable, modern measures to protect your data and will notify you and the authorities if a breach legally requires it.

Hospry is a tool for businesses and their staff. It isn't intended for children, and we don't knowingly collect data from anyone under 16.

If we make material changes, we'll update the date at the top and, where appropriate, tell you in the app or by email. Continuing to use Hospry after a change means you accept the updated policy.

Questions about your privacy or this policy? Email privacy@hospry.app and we'll help.