Privacy Policy

Last updated: 2026-01-15

ordercode GmbH ("we", "us", "our") operates the ordercode platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.

On this page

1. Data Controller

The data controller responsible for your personal data is:

ordercode GmbH, Musterstraße 1, 1010 Vienna, Austria. Email: privacy@ordercode.at

2. Data We Collect

We collect the following categories of personal data:

Account Data

Name, email address, phone number, company name, billing address.

Usage Data

IP address, browser type, operating system, pages visited, time spent, referral source.

Order Data

Order details, delivery addresses, payment information (processed by our payment provider).

Communication Data

Messages sent through our contact form, support tickets, email correspondence.

4. Purpose of Processing

  • Providing and maintaining our platform services
  • Processing orders and managing subscriptions
  • Sending transactional emails (order confirmations, account notifications)
  • Responding to your inquiries and support requests
  • Improving our services through analytics
  • Preventing fraud and ensuring platform security
  • Complying with legal obligations

5. Data Sharing

We share your data with the following categories of recipients:

  • Payment processors (Stripe) for processing payments securely.
  • Cloud hosting providers (Hetzner, AWS) for infrastructure services.
  • Analytics providers for understanding usage patterns.
  • Email service providers for transactional and marketing emails.
  • Legal authorities when required by law.

We do not sell your personal data to third parties.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of your account plus 7 years for tax compliance. Usage data is retained for 26 months. You may request deletion at any time.

7. Your Rights

Under the GDPR, you have the following rights:

  • Right of access — obtain a copy of your personal data.
  • Right to rectification — correct inaccurate personal data.
  • Right to erasure — request deletion of your personal data.
  • Right to restriction — restrict processing of your personal data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interest.
  • Right to withdraw consent — withdraw consent for marketing communications at any time.

To exercise your rights, contact us at privacy@ordercode.at.

8. Cookies

We use cookies and similar technologies to enhance your experience. For detailed information about the cookies we use and how to manage them, please see our Cookie Policy.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and secure development practices.

10. International Transfers

Your data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent safeguards.

11. Children's Privacy

Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

ordercode GmbH, Musterstraße 1, 1010 Vienna, Austria. Email: privacy@ordercode.at. Phone: +43 1 234 5678.

14. Data Protection Officer

You may contact our Data Protection Officer at dpo@ordercode.at for any data protection-related inquiries.

15. Supervisory Authority

You have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at.

AI Sub-Processors

When you use AI-powered features (such as automated translation, menu generation, image enhancement, or the AI chat assistant), your data may be processed by the following sub-processors. Each provider is accessed only for the specific AI features listed. We do not sell your data to these providers and we instruct them not to use your data to train their models where technically available.

Provider Processing Region AI Features Training Opt-out Provider Retention
OpenAI US (EU routing pending) Translation, Page Builder (SEO, content, page translation), Business Assistant, Storefront Chat Agent Default API terms (no training on API inputs) Subject to OpenAI data retention terms
Google Gemini US (EU routing pending) Menu Generation, Menu Extraction Subject to Google API terms Subject to Google data retention terms
Anthropic Claude Global Configured text/chat features Subject to Anthropic API terms Subject to Anthropic data retention terms
Fal.ai EU Image Enhancement (background removal) Explicit opt-out sent with every request Up to 1 hour provider-side cache

This table reflects the current compliance state. DPA arrangements with OpenAI and Google are in progress. For questions about AI data processing, contact our DPO at the address above.