Privacy Policy

Cuvero is operated by Q10 Labs, a company registered in Belgium under company number BE 1034.312.582. In this policy, “we”, “us”, and “Cuvero” refer to Q10 Labs. We provide a QR-based guest-page service for hospitality venues — letting owners manage menus, ordering, reservations, feedback, and public links from one dashboard.

• Owners

  people who create an account and manage a venue on Cuvero.

• Guests

  people who scan a venue's QR code or visit a public guest page.

• Visitors

  anyone browsing the Cuvero marketing site.

For owners

• Account data

  name, email, sign-in identifiers, and profile data handled by our authentication provider (Clerk).

• Venue data

  venue name, address, hours, menus, photos, settings, and any content you choose to publish.

• Billing data

  subscription status and payment metadata handled by Stripe. Card details are entered on Stripe's hosted checkout and never reach our servers.

• Usage data

  dashboard activity, error logs, and rate-limit signals used to operate and secure the service.

For guests

• Order data

  items, table context, totals, and the email or payment identifier required to process a Stripe checkout.

• Reservation requests

  name, email, optional phone, party size, requested time, and any notes you submit.

• Feedback

  ratings, optional comments, and optional contact details you submit.

• Technical data

  minimal request metadata (IP, user agent) used for fraud prevention, abuse limits, and basic analytics.

For visitors

We collect basic analytics about page views and performance through Vercel Analytics. We do not use cross-site advertising cookies.

• Provide the service

  show menus, accept orders, route reservation requests, and deliver feedback to the right venue.

• Billing

  manage owner subscriptions, payment status, and receipts through Stripe.

• Security

  detect abuse, rate-limit requests, prevent fraud, and protect owner accounts.

• Communications

  service emails (sign-in, billing, reservation confirmations, support replies). We do not send marketing emails without consent.

• Improvement

  aggregate, non-identifying analytics to improve the product.

Where the GDPR or UK GDPR applies, we rely on:

• Contract

  to provide the dashboard, guest pages, and ordering you signed up for.

• Legitimate interests

  to keep the service secure, prevent abuse, and operate the business in a proportionate way.

• Legal obligation

  to retain billing and tax records as required by law.

• Consent

  where specifically requested (for example, optional analytics in jurisdictions that require it).

We share data only with vendors that help us run the service. They act as processors and are bound to use the data only for the agreed purposes.

• Clerk

  owner authentication and account management.

• Stripe

  owner subscription billing and guest payment processing (Stripe Connect). Card data is collected and stored by Stripe.

• Vercel

  hosting, edge delivery, and analytics for the website and dashboard.

• Neon

  managed PostgreSQL database hosting.

• Vercel Blob

  storage for menu photos and hero images uploaded by owners.

• Resend

  transactional email delivery (e.g., support replies, reservation notices).

We do not sell personal information and we do not share it with third parties for their own marketing.

Our service providers may process data in the United States and other countries. Where required, transfers from the EEA or UK are covered by standard contractual clauses or equivalent safeguards offered by those providers.

We keep account and billing records for as long as the account is active, plus the period required for tax, accounting, and audit obligations. Guest data is held only as long as needed for the relevant venue interaction:

• Reservation requests

  contact details are automatically redacted after a short retention window once the request is resolved.

• Feedback

  free-text comments and contact details are automatically redacted on a recurring schedule.

• Support requests

  personal details are redacted after the matter is closed.

• Customer orders

  the customer email and payment identifier are redacted once they are no longer needed for refunds or disputes.

• Rate-limit logs

  kept only for a short rolling window.

Backups follow the same schedule and are overwritten over time. Specific retention durations are configurable per venue and may change as the product evolves.

Depending on where you live, you may have the right to access, correct, delete, restrict, or object to the processing of your personal information, and to data portability.

Owners can edit most account and venue data directly from the dashboard. Guests and owners can also send requests to support@cuvero.app. In Belgium, you can lodge a complaint with the Belgian Data Protection Authority (dataprotectionauthority.be); elsewhere in the EEA or UK, with your local supervisory authority.

Cuvero is not directed at children under 16, and we do not knowingly collect personal information from them. If you believe a child has provided personal information, contact us and we will delete it.

We use a small number of essential cookies to keep owners signed in, remember preferences, and protect against abuse. We do not use third-party advertising cookies. Analytics is limited to privacy-respecting Vercel Analytics.

We use industry-standard transport encryption (HTTPS), hosted authentication, and access controls to protect data. No method of transmission or storage is perfectly secure; if a breach occurs, we will notify affected users as required by law.

We may update this policy from time to time. Material changes will be announced on this page with an updated “Last updated” date. Continued use of the service after a change means you accept the updated policy.

For any privacy question or request, write to support@cuvero.app.