Saltar al contenidoSkip to content

Privacy policy

Last updated: May 13, 2026

Platillo (“we”, “us”, “the platform”) provides hosted digital menus for restaurants. This policy describes the data we collect, how we use it, and what choices restaurant owners and diners have.

What we collect

Restaurant owners (signed-in users)

  • Email address you sign up with.
  • Menu content you publish (item names, prices, photos, languages, allergens, hours, contact info).
  • Billing identifiers from Stripe when you upgrade (we don’t store card numbers — Stripe does).
  • Custom-domain configuration if you connect one.
  • Authentication session cookies issued by Supabase.

Diners (visitors to a menu)

  • Anonymous QR scan events: timestamp, the language your browser sent in the Accept-Language header, and the location ID. We don’t store IP addresses, device IDs, or any identifier that links scans across visits.
  • Standard server logs from our hosting provider (Vercel) and database provider (Supabase) — retained for a short window for debugging and security.

What we don’t collect

  • We don’t use third-party advertising trackers.
  • We don’t sell, rent, or share customer data with marketing partners.
  • We don’t fingerprint diners across menus or across visits.

How we use it

  • To operate your menu and the dashboard you use to edit it.
  • To bill you for paid plans (via Stripe).
  • To show you scan analytics (Pro and Agency tiers).
  • To investigate abuse and keep the service available.

Subprocessors

We rely on a small set of vendors. Each handles a slice of the stack and has its own privacy commitments.

  • Supabase — Postgres database, authentication, file storage.
  • Vercel — application hosting, edge CDN, analytics.
  • Stripe — payments and subscription management.
  • Resend — transactional email (invitations, password resets).

Your rights

  • You can change your email and password at any time from your account settings.
  • You can delete your account; we’ll delete your tenant data within 30 days, subject to any legal hold.
  • You can export your menu as JSON on request — write to support@platillo.app. (We’re building a self-serve export.)
  • If you’re in a jurisdiction that grants you a right to access, correction, or erasure (GDPR, LGPD, similar), email the same address with proof of identity.

Retention

We retain your tenant data while your account is active. After deletion, backups age out within 30 days. Anonymous scan events are kept for analytics — Pro and Agency tiers see the last 30 days in the dashboard; the lifetime count is the only long-retention statistic.

Cookies

We use Supabase’s authentication cookies to keep you signed in. Public menu pages don’t set tracking cookies. Vercel may set a short-lived analytics cookie for first-party page-view counts; this is aggregated and not personally identifying.

Contact

Reach us at support@platillo.app. For data-subject requests, include the email tied to your tenant so we can verify ownership.

Last updated: May 13, 2026. Back to home.