Privacy Policy

Last updated: February 16, 2026

1. Data Controller

Kutlery (hereinafter "Kutlery", "we") is the data controller for personal data collected through the kutlery.app platform. For any questions regarding the protection of your data, you can contact us at: privacy@kutlery.app.

2. Data Collected

We collect the following categories of data:

  • Restaurant owner identification data: first name, last name, email address, phone number, restaurant name.
  • End customer identification data: first name, last name, email address, phone number, number of guests, reservation comments.
  • Payment data: credit card information is collected and processed directly by our payment provider Stripe. Kutlery never stores your card numbers.
  • Connection data: IP address, browser type, pages visited, access timestamps.
  • Restaurant account data: restaurant settings, opening hours, menus, time slot configuration.

3. Purposes of Processing

Your data is processed for the following purposes:

  • Reservation management: creation, confirmation, modification and cancellation of reservations.
  • No-show protection: recording card imprint via Stripe and charging in case of unjustified absence.
  • Account management: creation and administration of restaurant accounts and dashboard access.
  • Communication: sending reservation confirmations, reminders and email notifications.
  • Service improvement: anonymized usage statistics, platform performance analysis.
  • Legal obligations: compliance with our accounting, tax and regulatory obligations.

4. Legal Basis for Processing

Data processing is based on:

  • Contract performance: reservation processing, restaurant account management, payments.
  • Consent: sending marketing communications (you can withdraw your consent at any time).
  • Legitimate interest: improving our services, fraud prevention, platform security.
  • Legal obligation: retention of billing and payment data in accordance with regulations.

5. Processors and Recipients

We use technical service providers for the operation of the platform:

  • Supabase (hosting and database) — data hosted in the European Union.
  • Stripe (payment processing) — PCI DSS Level 1 certified. Stripe may transfer data outside the EU under appropriate safeguards (standard contractual clauses).
  • Transactional email provider — for confirmations and notifications.

We never sell your personal data to third parties. Data is only shared with providers strictly necessary for the operation of the service.

6. Data Retention

Data is retained for the following periods:

  • Reservation data: 3 years after the reservation date.
  • Restaurant account data: for the duration of the subscription, then 3 years after account closure.
  • Payment data: in accordance with legal obligations (10 years for billing data).
  • Connection data: 12 months.

7. Cookies

Kutlery uses cookies strictly necessary for the operation of the service (authentication, session preferences). We do not use advertising cookies or third-party tracking cookies. Authentication cookies are essential for using the platform and do not require prior consent under applicable regulations.

8. Your Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

  • Right of access: obtain a copy of your personal data.
  • Right to rectification: correct inaccurate or incomplete data.
  • Right to erasure: request deletion of your data (subject to our legal retention obligations).
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to the processing of your data based on legitimate interest.
  • Right to restriction: request suspension of your data processing in certain cases.

To exercise these rights, contact us at privacy@kutlery.app. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (French Data Protection Authority) or your local data protection authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data: encryption of data in transit (TLS) and at rest, strict access controls, secure authentication, regular security audits. Payments are fully managed by Stripe, PCI DSS Level 1 certified.

10. Changes

We may update this privacy policy to reflect changes in our practices or regulations. In case of substantial changes, we will notify you by email or through a notification on the platform. The date of the last update is indicated at the top of this page.

11. Contact

For any questions regarding this privacy policy or the processing of your personal data, contact us at: privacy@kutlery.app.