Draft pending legal review. Sections in [brackets] require your input. This is not legal advice.

Privacy Policy

Last updated: [EFFECTIVE DATE]

1. Who we are

This policy explains how [COMPANY LEGAL NAME] (“Copovo”, “we”, “us”), registered at [REGISTERED ADDRESS], processes personal data. For any privacy question or to exercise your rights, contact us at [privacy@copovo.com].

Copovo provides QR ordering, reservations, and an AI phone receptionist to hospitality venues. For data that venues collect from their own customers through Copovo, the venue is the data “controller” and Copovo acts as its “processor”. For our own prospects and website visitors, Copovo is the controller.

2. The data we collect

  • Customers of venues: name, email, phone, and the contents of your orders and reservations (items, table, party size, special requests).
  • Prospective clients: name, email, phone, company/venue name submitted via our demo or contact forms.
  • Callers to the AI receptionist: phone number and call recordings/transcripts (where enabled by the venue).
  • Website visitors: if you accept analytics cookies, anonymous usage data. Analytics are off by default until you opt in.

3. How and why we use it

  • To take and fulfil orders and reservations (performance of a contract).
  • To operate the AI receptionist and respond to enquiries (legitimate interests / contract).
  • To contact prospective clients who asked for a demo (legitimate interests / consent).
  • To understand and improve our website, only with your consent (analytics cookies).

4. How long we keep it

We do not keep personal data longer than necessary:

  • Orders: personal details are anonymised after 24 months; anonymised transaction records are kept longer where required for tax/accounting.
  • Reservations: deleted after 24 months.
  • Prospect/lead data: deleted after 12 months if you do not become a client.
  • AI call recordings/transcripts: deleted after 90 days.
  • Demo form submissions: stored as prospect/lead data and covered by the lead retention period above.

5. Who we share it with

We use trusted service providers (“sub-processors”) to run Copovo:

  • Supabase — database & authentication
  • Vercel — hosting & (consented) analytics
  • Resend — transactional email
  • Retell — AI phone receptionist
  • Upstash — rate limiting
  • Sentry — error monitoring (EU region; no personal data intentionally collected)

We do not sell your personal data. [Confirm whether any data is transferred outside the UK/EEA and the safeguards used.]

6. Your rights

Subject to law, you can request access to your data, correction, deletion, restriction, portability, or object to processing. To make a request, email [privacy@copovo.com]. We will respond within the legal time limit. We act on verified erasure and access requests using internal tooling that covers all our systems.

7. Cookies & analytics

We use only essential cookies by default. Optional analytics cookies load only if you accept them. You can change your choice any time via “Cookie settings” in the footer.

8. Complaints

If you are in the UK and have a concern we cannot resolve, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk. [If operating in the EU, name the relevant supervisory authority.]

9. Changes

We may update this policy; material changes will be posted here with a new date.

← Back to home

Copovo
The future of hospitality.
Privacy Policy