Privacy Policy

1. Data controller

The data controller is Mickandco, registered office at 89 TER rue Edouard Vaillant, 92300 Levallois Perret, France, SIRET 521 573 352 00031, publication director: Mickael Nosel.

For any question regarding personal data and to exercise your GDPR rights, contact us at: contact@covero.fr.

2. Scope of this Policy

Covero processes personal data in two distinct contexts, governed by different legal frameworks:

• (A) Sole controller — marketing and onboarding. Covero acts as sole data controller for personal data collected directly via this website (covero.fr): contact form, ROI calculator, quotation requests, sign-up flow before account provisioning, mailing list, and any direct interaction with our commercial team.
• (B) Joint controller with each Restaurant — Platform operations. For personal data processed through the SaaS Platform on behalf of and together with each Restaurant (reservations, end-customer profiles, payments, loyalty, communications, etc.), Covero acts as joint controller with the Restaurant within the meaning of Article 26 of the GDPR. The detailed allocation of responsibilities is set out in section 6 below.

3. Data processed by Covero as sole controller

In the context defined in section 2(A), Covero collects only the data you voluntarily provide:

• Identity: first name, last name, civility
• Contact: email, phone number
• Professional information: company name, restaurant name, role, address
• Free-text content of contact and quotation requests
• Technical data necessary to operate the website: IP address, browser, device, language, navigation logs (subject to the Cookie Policy)

4. Data processed in joint controllership with each Restaurant

In the context defined in section 2(B), the following categories of personal data may be processed through the Platform. This list is exhaustive of categories; the exact data processed depends on the modules each Restaurant has activated.

• Restaurant administrators and staff: identity, professional email, hashed password, role and permissions, sign-in logs, MFA settings, IP addresses of administrative actions.
• End customers of the Restaurant: first name, last name, email, phone number, civility, allergies and dietary preferences (which may include sensitive data within the meaning of Article 9 GDPR — processed solely on the Restaurant's instructions), reservation history, loyalty status, internal notes added by the Restaurant, profile photo where applicable.
• Payment data: Covero does not store bank card numbers, CVV, or any payment instrument data. Payments are processed end-to-end by Stripe (PCI-DSS Level 1 certified) or, for Restaurants that have activated it, SumUp. Covero only retains payment intent identifiers, amounts, statuses, payment timestamps, and refund references for accounting and reconciliation purposes.
• Operational data: table reservations, orders, kitchen tickets, deliveries, gift cards, audit logs of administrative actions, communication histories (transactional emails and SMS sent on behalf of the Restaurant).

5. Joint controllership arrangement (Article 26 GDPR)

For the data described in section 4, Covero and each Restaurant act as joint controllers. The essential terms of this arrangement, made available to data subjects in accordance with Article 26(2) GDPR, are as follows.

5.1 Allocation of responsibilities

• The Restaurant determines the primary purposes of processing (managing its reservations, its customer base, its menu, its loyalty program, etc.) and is solely responsible for ensuring the lawfulness of the data it uploads or causes to be collected via the Platform. The Restaurant warrants that it has obtained any required consent or has another valid legal basis for collecting and entrusting personal data to Covero.
• Covero determines the technical means (architecture, hosting, sub-processors, security measures) and certain ancillary purposes: aggregate and de-identified statistics, product improvement, fraud prevention, security monitoring, no-show prediction models, and AI features available across the Platform.

5.2 Use of de-identified data

Covero may, in accordance with Article 6(1)(f) GDPR (legitimate interest), use the data processed in joint controllership in aggregated and de-identified form (i.e., where individual data subjects can no longer be identified) for the following purposes: statistics and benchmarks, research and product improvement, training of artificial intelligence and machine learning models, fraud prevention, and the publication of industry insights. This use survives the termination of the contract with a Restaurant and the deletion of individual personal data. De-identification is performed in accordance with the state of the art so that re-identification is reasonably impossible.

5.3 Single point of contact

For any request submitted by an end customer of a Restaurant for the exercise of GDPR rights (access, rectification, erasure, portability, etc.), the single point of contact in the first instance is the Restaurant that collected the data. The end customer is informed of this allocation through the privacy policy of the Restaurant's public website (which Covero generates from a customizable template). Covero may, on a discretionary basis or at the Restaurant's request, assist with handling such requests; this assistance does not transfer the legal obligation to respond, which remains with the Restaurant.

5.4 Information of data subjects

Each Restaurant is responsible for informing its end customers of the joint controllership with Covero. To facilitate compliance, Covero provides each Restaurant with template privacy notices accessible from its public website.

6. Purposes and legal bases

• Marketing and prospecting — answering contact requests, sending commercial information about Covero's services. Legal basis: consent or legitimate interest of Covero in promoting its business.
• Performance of the SaaS contract with each Restaurant — account creation, authentication, hosting and operation of all features of the Platform. Legal basis: performance of a contract.
• Joint controllership operations — reservations, customer-relationship management, payments, loyalty, communications. Legal basis: performance of a contract (between the Restaurant and its end customer) and joint controllership arrangement.
• Security, fraud prevention and audit — sign-in logs, audit trails of sensitive actions, anomaly detection, prevention of payment fraud. Legal basis: legitimate interest of Covero and of the Restaurants.
• Aggregate statistics, product improvement and AI — see section 5.2. Legal basis: legitimate interest of Covero, with implementation of appropriate de-identification safeguards.
• Compliance with legal obligations — accounting, invoicing, fiscal record-keeping, response to lawful requests from authorities. Legal basis: legal obligation.

7. Sub-processors

To operate the Platform, Covero engages the following sub-processors. The list is updated as the technical infrastructure evolves; substantial changes are notified to Restaurants in accordance with section 7.2.

7.1 Current sub-processors

• OVH SAS (France, EU) — hosting of the application servers, databases, MinIO object storage and incoming email mailboxes.
• Vercel Inc. (United States, with EU regions available) — hosting and delivery of the public marketing website. Frankfurt region used. Standard Contractual Clauses ("SCC") applied.
• Stripe Payments Europe Ltd. (Ireland, EU) and Stripe, Inc. (United States) — payment processing, including the Stripe Connect program for Restaurants. Stripe is certified under the EU-US Data Privacy Framework ("DPF") and applies SCCs for transfers outside the EU.
• SumUp Limited (Ireland and Germany, EU) — alternative payment processor available to Restaurants that activate it.
• Twilio Sendgrid Inc. (United States) — transactional email delivery (booking confirmations, password resets, notifications). SCCs applied.
• Twilio Inc. (United States) — SMS delivery and, for Restaurants that activate the Phone Assistant module, telephony. SCCs applied.
• Functional Software Inc. (Sentry) (United States) — error monitoring and application performance monitoring. SCCs applied. PII scrubbing implemented in our integration to remove authentication tokens, headers and known sensitive patterns before any event reaches Sentry's servers.
• Google LLC (United States) — Google Tag Manager, used solely for analytics on the marketing website and only after the visitor has given consent through the cookie banner. SCCs applied.
• Meta Platforms Ireland Ltd. and Meta Platforms Inc. (United States) — Facebook Pixel for marketing analytics, only after consent. SCCs applied.
• Anthropic PBC, Deepgram Inc., ElevenLabs Inc. (United States) — AI services used by the optional Phone Assistant module (large language model, speech-to-text, text-to-speech). Engaged only for Restaurants that activate this module. SCCs applied. Conversation transcripts processed in transient memory and not retained for model training by these providers in their enterprise tiers.

7.2 Changes to the list of sub-processors

Covero reserves the right to add, replace or remove sub-processors as the Service evolves. Any substantial change will be notified to active Restaurants at least thirty (30) days in advance. The Restaurant may object to the change for legitimate reasons by writing to contact@covero.fr within that period; in the absence of timely opposition, the change is deemed accepted. Where Covero cannot reasonably accommodate a legitimate opposition, the Restaurant may terminate its subscription on the conditions set out in the General Terms of Sale.

8. International data transfers

Some sub-processors listed above are established outside the European Union. For each such transfer, Covero relies on one or more of the following safeguards in accordance with Chapter V of the GDPR:

• The EU-US Data Privacy Framework ("DPF"), where the recipient is certified.
• The Standard Contractual Clauses ("SCC") adopted by the European Commission, supplemented where necessary by additional technical and organizational measures.
• Recipient infrastructure located in EU regions (where available, e.g. Vercel Frankfurt).

A copy of the safeguards applicable to a specific transfer can be requested at contact@covero.fr.

9. Data retention

Personal data is retained only for as long as necessary for the purposes for which it was collected, or for any longer period required by applicable law:

• Active Restaurant accounts and associated data: for the duration of the contractual relationship.
• Inactive accounts: up to one (1) year after the last documented activity, then anonymized or deleted.
• End-customer data of a Restaurant: retention period set by the Restaurant, within the limits Covero technically enforces; default 3 years from the last reservation for prospecting-eligible data.
• Accounting and invoicing data: 10 years (French Commercial Code).
• Security and audit logs: up to 1 year.
• Marketing prospecting data: up to 3 years from the last contact.
• De-identified aggregate statistics derived from joint-controllership data: retained without time limit, in accordance with section 5.2.

Beyond these periods, certain data may be archived in restricted-access form for the purpose of defending Covero's rights in legal proceedings, in accordance with applicable limitation periods.

10. Security measures

Covero implements technical and organizational measures appropriate to the risks and to the state of the art, including:

• Encryption in transit (HTTPS / TLS) on all endpoints.
• Encryption at rest of the production database and object storage.
• Hashing of administrator passwords using bcrypt.
• Short-lived signed JSON Web Tokens with refresh-token rotation and revocation.
• Audit trail of sensitive administrative actions.
• Encrypted database backups, with off-site replication.
• Rate limiting and abuse prevention on public endpoints.
• Optional multi-factor authentication for administrators.
• Strict separation of customer data through tenant-scoped database queries.
• Secrets management via Docker Swarm secrets in production.

However, no security measure can guarantee absolute protection. Restaurants and their administrators acknowledge this limitation, agree to use the Platform diligently (in particular by keeping their credentials confidential), and undertake to notify Covero promptly of any actual or suspected security incident at contact@covero.fr.

11. Your rights

Subject to the conditions set out in the GDPR and the French Data Protection Act, you have the right to:

• Access your personal data and obtain a copy of it.
• Request rectification of inaccurate or incomplete data.
• Request the erasure of your data within the limits of applicable law.
• Object to processing based on legitimate interest, on grounds relating to your particular situation.
• Obtain restriction of processing in the cases provided by law.
• Data portability for data you have provided yourself.
• Withdraw your consent at any time, where processing is based on consent.
• Define guidelines for the fate of your data after death.

How to exercise your rights

For data processed by Covero as sole controller (section 2(A)), send your request to contact@covero.fr, with proof of identity if reasonably required. Covero will reply within one (1) month, possibly extended by two (2) months for complex requests, in accordance with Article 12 GDPR.

For data processed in joint controllership with a Restaurant (section 2(B)), the single point of contact in the first instance is the Restaurant that collected your data, in accordance with section 5.3. You may nevertheless contact Covero, which will then transmit your request to the relevant Restaurant.

12. Complaint to a supervisory authority

Without prejudice to any other remedy, you have the right to lodge a complaint with the French data protection authority (Commission Nationale de l'Informatique et des Libertés — CNIL): 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — www.cnil.fr.

13. Updates to this Policy

Covero may update this Policy at any time to reflect changes in the Platform, in our sub-processors, or in applicable law. Substantial changes are notified to active Restaurants at least thirty (30) days in advance, by email to the administrative contact and / or by visible notice on the Platform. Continued use of the Service after that period constitutes acceptance of the updated Policy. Restaurants that do not accept the changes may terminate their subscription on the conditions set out in the General Terms of Sale.

The current version is dated April 7, 2026. Earlier versions can be obtained on request.