Last updated · 26 mai 2026

Privacy Policy

This page explains what data we process when you use Zest, why, on which legal basis, for how long, and how to exercise your rights under the GDPR.

1. Data controller

The data controller is the operator of the Zest service. For any GDPR-related request:

• Email: albertoit66@gmail.com
• Postal address: <raison sociale et adresse postale à compléter>

2. What we process and why

2.1 Public restaurant page (clients)

• Anonymous visit identifier (ec_anon cookie) — UUID stored in a httpOnly cookie for 90 days. Lets us count unique returning visitors and dedupe reviews. Set only after you consent via the banner.
• Menu view event — restaurant id, anonymous id, hashed user-agent, timestamp. Used to measure scan-to-app conversion. Logged only after consent.
• AI sommelier requests — the dish/wine context and your free-text question are sent to OpenAI (USA) to produce a pairing. We do not store your question after the response is returned.
• Reviews — rating (1–5), optional free-text comment, locale, hashed user-agent, anonymous id. Used to display feedback to the restaurateur.

2.2 Admin / restaurateur

• Account — email, hashed password, role, restaurant assignment. Used to authenticate.
• Sessions — opaque session id, role, restaurant id, expiry. Email is not duplicated; it is joined on demand from the users table.
• AI activity logs — type of action, tokens consumed, duration, success/failure. Used for usage analytics and cost reporting.

3. Legal basis

• Consent (Art. 6(1)(a) GDPR) — for the analytics cookie ec_anon and the menu_view event.
• Performance of a contract (Art. 6(1)(b)) — for the admin account and the menu service itself.
• Legitimate interest (Art. 6(1)(f)) — for security logs (hashed IP, anti brute-force), AI cost tracking and aggregated KPIs computed from already-consented analytics.

4. Retention

• Analytics events (restaurant_analytics): 90 days, then purged automatically.
• ec_anon cookie: 90 days rolling, deleted on consent withdrawal.
• Customer reviews (app_reviews): up to 24 months, then purged automatically. You can also delete your own review at any time from the rating widget.
• Admin sessions: 24 hours (or 30 days with “remember me”), expired sessions purged every 6 h.
• Soft-deleted items (corbeille): 7 days, then permanently removed.
• Uploaded images: kept until the restaurateur deletes them. EXIF/GPS metadata is stripped on upload.

5. Sub-processors / third parties

• OpenAI, L.L.C. (United States) — generative AI for the sommelier feature and admin AI tools. Data sent: dish/wine context and your free-text question. Standard Contractual Clauses apply.
• Hosting provider — server and database hosting (EU). <à préciser : nom du prestataire>

The Inter font used on the interface is self-hosted — no request is made to Google Fonts and no IP address is shared with Google when loading the site.

6. Your rights

You have the right to access, rectify, erase, restrict or object to the processing of your data, and the right to data portability. You may also lodge a complaint with the French data protection authority (CNIL, cnil.fr).

To exercise these rights, email albertoit66@gmail.com. For your reviews, the in-app “delete my review” button is the fastest path.

7. Cookies and tracking

We set one cookie for analytics (ec_anon, 90 days, anonymous identifier) only after explicit consent via the banner. Strictly necessary cookies (locale preference, admin session, CSRF, consent record) do not require consent.

You can change your choice at any time using the button below — the banner will reappear on your next restaurant page load.

Reset my cookie preferences

8. International transfers

Requests to OpenAI involve a transfer to the United States. We rely on the European Commission's Standard Contractual Clauses as a transfer mechanism.

9. Changes

We may update this policy. The “Last updated” date at the top reflects the latest revision.

← Back to homepage