Privacy Policy

Veno App ("we", "us", "our") is a venue management platform that provides digital menus, ordering, reservations, and related services to venue operators and their customers. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our website or services.

If you have any questions, contact us at [email protected].

Venue operators: When you register or use Veno App, we collect your name, email address, phone number, business name, and business type. We also collect usage data about how you interact with the dashboard.

Customers of venues: When a customer places an order or makes a reservation through a Veno-powered venue, we collect only the information necessary to fulfil that action (e.g. name, contact details, dietary notes). We do not build customer profiles or sell this data.

Website visitors: We collect standard server logs and, where consented to, analytics data such as pages visited and time on site.

We use personal data to:

• Provide, operate, and improve the Veno App platform
• Send transactional emails (account confirmations, order notifications, reservation updates)
• Respond to enquiries and provide support
• Send product updates and relevant communications (you can unsubscribe at any time)
• Comply with legal obligations

We do not sell your personal data to third parties.

Where applicable under GDPR, we process personal data on the following legal bases:

• Contract: to deliver the services you have signed up for
• Legitimate interests: to improve the platform and communicate relevant updates
• Consent: for marketing communications and optional cookies
• Legal obligation: where required by law

We retain personal data for as long as your account is active or as needed to provide services. If you close your account, we retain data for up to 90 days before permanent deletion, unless legal obligations require a longer period.

We work with a small number of trusted service providers to operate Veno App, including:

• Supabase — database and authentication
• Brevo — transactional email delivery
• Cloudflare — hosting, CDN, and security

All third-party providers are contractually bound to handle data securely and only for the purposes we specify.

Depending on your location, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data ("right to be forgotten")
• Object to or restrict certain processing
• Receive your data in a portable format

To exercise any of these rights, email us at [email protected]. We will respond within 30 days.

We use essential cookies to keep you signed in and maintain session state. We may also use analytics cookies where you have given consent. See our Cookie Policy for full details.

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, or misuse. All data is encrypted in transit (TLS) and at rest.

We may update this policy from time to time. We will notify registered users of material changes via email. Continued use of the service after changes constitutes acceptance.