Privacy Policy

1. Controller (Verantwortlicher)

The controller responsible for data processing on this website within the meaning of the General Data Protection Regulation (GDPR / DSGVO) is:

2. What Data We Collect and Why

2.1 Waitlist Sign-Up

When you submit your email address to join our waitlist, we collect and store your email address. The legal basis is your consent (Art. 6(1)(a) GDPR). You may withdraw consent at any time by emailing us. We use this data solely to notify you when Jugnoo launches and to send relevant product updates.

2.2 Dashboard Accounts (Business Users)

When you create a Jugnoo account, we collect your name, email address, and — if you connect your Google Business Profile — your Google account information and access tokens required to read your reviews and post replies on your behalf. The legal basis is the performance of a contract (Art. 6(1)(b) GDPR).

2.3 Google API Data

Jugnoo uses the Google Business Profile API to fetch your Google reviews and, where authorised by you, to post replies. Our use of data received from Google APIs complies with the Google API Services User Data Policy, including the Limited Use requirements. Google review data is used only to provide the dashboard analytics and reply features — it is not sold or used for advertising.

2.4 Customer Feedback via QR Form

When a restaurant customer submits feedback via a Jugnoo QR form, we collect their star rating and any optional free-text they provide. This data is associated with the business that deployed the QR code. Submissions are anonymous by default; no personal identification is stored unless the customer voluntarily provides it.

2.5 Server Logs

Our hosting provider (Vercel Inc.) automatically collects standard server log data including IP addresses, browser type, and pages visited. This is a legitimate interest (Art. 6(1)(f) GDPR) for security and availability purposes. Edge functions are deployed to Vercel's Frankfurt (EU) region. Vercel is certified under the EU–US Data Privacy Framework and appropriate Standard Contractual Clauses (SCCs) are in place.

2.6 AI Text Generation (OpenAI)

To draft review text for customers and reply suggestions for business owners, Jugnoo sends the relevant input — the star rating, the selected feedback tags, any free text entered, and (for reply drafting) the text of the Google review being answered — to OpenAI, L.L.C. in the United States. This text may contain personal data where a user chooses to include it (for example, a name mentioned in a review). OpenAI processes this data only to return the generated text to us. Under the OpenAI API terms, data submitted via the API is not used to train OpenAI's models and is retained only for a limited period for abuse monitoring before deletion. The legal basis is performance of our contract with the business user (Art. 6(1)(b) GDPR) and our legitimate interest in providing AI-assisted drafting (Art. 6(1)(f) GDPR). Because this processing takes place in the United States, it constitutes a transfer to a third country, safeguarded by the EU Standard Contractual Clauses (Art. 46 GDPR) incorporated into our data processing agreement with OpenAI.

3. Data Storage & Location

Jugnoo is built and operated in the European Union. All personal data and business data is stored exclusively within the EU:

Your data is stored exclusively within the EU. Two limited processing operations, however, take place outside the EEA: Google OAuth authentication (governed by Google's own compliance framework) and AI text generation by OpenAI in the United States (see section 2.6). These are transient — no personal data is stored permanently outside the EEA. In each case, appropriate safeguards under Art. 46 GDPR (Standard Contractual Clauses) are in place.

4. Third-Party Services

5. Data Retention

Waitlist email addresses are deleted within 30 days of a launch notification being sent, or upon request. Business account data is retained for the duration of the subscription and deleted within 60 days of account closure. Google review data fetched via the API is retained as long as needed to provide the service and deleted on account closure. Server logs are retained for a maximum of 30 days.

6. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access (Art. 15 GDPR) — request a copy of data we hold about you
• Right to rectification (Art. 16 GDPR) — correct inaccurate data
• Right to erasure (Art. 17 GDPR) — request deletion of your data ('right to be forgotten')
• Right to restriction of processing (Art. 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR) — object to processing based on legitimate interests
• Right to withdraw consent at any time, without affecting prior processing

To exercise any right, email us at jugnoo@olbaid.de. We will respond within 30 days.

7. Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority. As our establishment is in Berlin, the competent authority is:

You may also complain to the supervisory authority of the EU member state where you reside or work.

8. Cookies

This landing page does not set any tracking or advertising cookies. The dashboard application uses a single session cookie strictly necessary for authentication. No consent is required for this cookie as it is essential for the service to function (§ 25 Abs. 2 TDDDG).

9. Changes to This Policy

We may update this policy from time to time. Material changes will be communicated to registered users by email at least 14 days before they take effect. Continued use of the service after that date constitutes acceptance.