Privacy Policy

1. Data Controller

Chi Kei Yung
ChinaYung
Jahnstrasse 56, 60318 Frankfurt am Main, Germany
Email: [email protected]

2. Overview

Protecting your personal data is important to us. This privacy policy explains what data we collect, why we process it, and what rights you have. We comply with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

3. Data We Collect

3.1 When Visiting the Website (automatic)

  • IP address (truncated)
  • Date, time, and duration of access
  • Pages and files accessed
  • Browser type and operating system
  • Referrer URL

Legal basis: Legitimate interest (Art. 6(1)(f) GDPR) — ensuring secure operation.

3.2 When You Contact Us

If you reach out via email or contact form, we process your name, email address, and message content.

Legal basis: Pre-contractual measures / legitimate interest (Art. 6(1)(b)/(f) GDPR).

3.3 When Using Our Platform (Registration)

When you create an account, we collect:

  • Name and email address
  • Restaurant name and address
  • Uploaded content (menus, photos, ingredient lists)

Legal basis: Performance of contract (Art. 6(1)(b) GDPR).

4. Cookies

We only use technically necessary cookies for operating the website (e.g., session cookies, language preferences). These cookies do not require consent. We do not use tracking or advertising cookies.

5. Hosting and Third Parties

5.1 Hosting

Our website is hosted by Hetzner Online GmbH (Industriestr. 25, 91710 Gunzenhausen, Germany). All processing takes place within the EU.

5.2 Cloudflare

We use Cloudflare, Inc. as a CDN and for DDoS protection. Cloudflare may process access data (IP addresses). Legal basis: Art. 6(1)(f) GDPR (security). Standard contractual clauses are in place.

5.3 Google Cloud Storage

Images and static assets are served via Google Cloud Storage. Google’s standard contractual clauses apply.

5.4 Stripe

We use Stripe, Inc. for payment processing. Stripe processes your payment data directly; we do not store credit card numbers. Privacy policy: stripe.com/privacy.

6. Data Sharing

We only share personal data when:

  • it is necessary to fulfill a contract (e.g., payment providers),
  • we are legally obligated to do so, or
  • you have given explicit consent.

We never sell data to third parties.

7. Data Retention

Personal data is deleted once the purpose of processing no longer applies and no statutory retention periods require otherwise (e.g., 6 years for tax law, 10 years for commercial law under German regulations).

8. Your Rights

You have the right to:

  • Access (Art. 15 GDPR)
  • Rectification (Art. 16 GDPR)
  • Erasure (Art. 17 GDPR)
  • Restriction of processing (Art. 18 GDPR)
  • Data portability (Art. 20 GDPR)
  • Objection (Art. 21 GDPR)

Contact us at [email protected]. You also have the right to lodge a complaint with a supervisory authority.

9. AI Processing

Our platform uses artificial intelligence (AI) for menu analysis, ingredient recognition, and nutritional calculations. AI processing takes place on our own servers within the EU. Personal customer data is not shared with third-party AI providers unless the customer explicitly consents.

10. Changes

We reserve the right to update this privacy policy. The current version is always available on this page.

Last updated: April 2026

© 2026 ChinaYung