Privacy Policy
Last updated: 2026-01-15
ordercode GmbH ("we", "us", "our") operates the ordercode platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our services.
On this page
1. Data Controller
The data controller responsible for your personal data is:
ordercode GmbH, Musterstraße 1, 1010 Vienna, Austria. Email: privacy@ordercode.at
2. Data We Collect
We collect the following categories of personal data:
Account Data
Name, email address, phone number, company name, billing address.
Usage Data
IP address, browser type, operating system, pages visited, time spent, referral source.
Order Data
Order details, delivery addresses, payment information (processed by our payment provider).
Communication Data
Messages sent through our contact form, support tickets, email correspondence.
3. Legal Basis for Processing
We process your data based on the following legal bases under GDPR:
- Performance of a contract (Art. 6(1)(b) GDPR) — to provide our services to you.
- Consent (Art. 6(1)(a) GDPR) — for marketing communications and non-essential cookies.
- Legitimate interest (Art. 6(1)(f) GDPR) — for analytics, fraud prevention, and service improvement.
- Legal obligation (Art. 6(1)(c) GDPR) — for tax and accounting requirements.
4. Purpose of Processing
- Providing and maintaining our platform services
- Processing orders and managing subscriptions
- Sending transactional emails (order confirmations, account notifications)
- Responding to your inquiries and support requests
- Improving our services through analytics
- Preventing fraud and ensuring platform security
- Complying with legal obligations
5. Data Sharing
We share your data with the following categories of recipients:
- Payment processors (Stripe) for processing payments securely.
- Cloud hosting providers (Hetzner, AWS) for infrastructure services.
- Analytics providers for understanding usage patterns.
- Email service providers for transactional and marketing emails.
- Legal authorities when required by law.
We do not sell your personal data to third parties.
6. Data Retention
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected. Account data is retained for the duration of your account plus 7 years for tax compliance. Usage data is retained for 26 months. You may request deletion at any time.
7. Your Rights
Under the GDPR, you have the following rights:
- Right of access — obtain a copy of your personal data.
- Right to rectification — correct inaccurate personal data.
- Right to erasure — request deletion of your personal data.
- Right to restriction — restrict processing of your personal data.
- Right to data portability — receive your data in a structured, machine-readable format.
- Right to object — object to processing based on legitimate interest.
- Right to withdraw consent — withdraw consent for marketing communications at any time.
To exercise your rights, contact us at privacy@ordercode.at.
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data, including encryption in transit (TLS) and at rest, access controls, regular security audits, and secure development practices.
10. International Transfers
Your data is primarily stored within the European Economic Area (EEA). If data is transferred outside the EEA, we ensure adequate protection through Standard Contractual Clauses (SCCs) or equivalent safeguards.
11. Children's Privacy
Our services are not intended for children under 16 years of age. We do not knowingly collect personal data from children.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on our website and updating the "Last updated" date.
13. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:
ordercode GmbH, Musterstraße 1, 1010 Vienna, Austria. Email: privacy@ordercode.at. Phone: +43 1 234 5678.
14. Data Protection Officer
You may contact our Data Protection Officer at dpo@ordercode.at for any data protection-related inquiries.
15. Supervisory Authority
You have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, dsb@dsb.gv.at.
AI Sub-Processors
When you use AI-powered features (such as automated translation, menu generation, image enhancement, or the AI chat assistant), your data may be processed by the following sub-processors. Each provider is accessed only for the specific AI features listed. We do not sell your data to these providers and we instruct them not to use your data to train their models where technically available.
| Provider | Processing Region | AI Features | Training Opt-out | Provider Retention |
|---|---|---|---|---|
| OpenAI | US (EU routing pending) | Translation, Page Builder (SEO, content, page translation), Business Assistant, Storefront Chat Agent | Default API terms (no training on API inputs) | Subject to OpenAI data retention terms |
| Google Gemini | US (EU routing pending) | Menu Generation, Menu Extraction | Subject to Google API terms | Subject to Google data retention terms |
| Anthropic Claude | Global | Configured text/chat features | Subject to Anthropic API terms | Subject to Anthropic data retention terms |
| Fal.ai | EU | Image Enhancement (background removal) | Explicit opt-out sent with every request | Up to 1 hour provider-side cache |
This table reflects the current compliance state. DPA arrangements with OpenAI and Google are in progress. For questions about AI data processing, contact our DPO at the address above.