Forkly

Privacy Policy

Last updated: April 14, 2026

This policy describes how Forkly, a software published by N.E.G. DIGITAL SNC(the "Service"), processes personal data, in compliance with Regulation (EU) 2016/679 ("GDPR") and Italian Legislative Decree 196/2003 as amended.

1. Data controller

The data controller is N.E.G. DIGITAL SNC, Via Albrecht Dürer 15, 39100 Bolzano (BZ), Italy — VAT 02712430228. Forkly is a software developed and operated by N.E.G. Digital.

For any request, contact amministrazione@negdigital.it.

2. Categories of data collected

  • Account data: email, hashed password, restaurant name, voluntarily provided profile/menu content.
  • Content data: menus, dishes, images, categories, descriptions, orders, AI-generated translations.
  • Usage data: IP addresses (anonymized where possible), browser, OS, pages visited, timestamps — for technical, statistical, and security purposes.
  • Cookies: see the Cookie Policy for details.
  • Restaurant end-customer data: when a user places an order, order-related data are processed (dishes, table, optional Stripe payment). Payment data are processed directly by Stripe; Forkly does not store card numbers.

3. Purpose and legal basis

  • Service delivery and account management: contract performance (Art. 6.1.b GDPR).
  • Legal, tax, and accounting obligations (Art. 6.1.c GDPR).
  • Aggregate statistics and Service improvement: legitimate interest (Art. 6.1.f GDPR) or consent where required (analytics cookies).
  • Marketing, remarketing, and profiling: only with the user's explicit consent (Art. 6.1.a GDPR), revocable at any time.

4. Processing method

Data is processed using IT and telematic tools, with appropriate technical and organizational measures to prevent loss, misuse, or unauthorized access.

5. Recipients and transfers

  • Supabase (database/auth) — EU servers.
  • Vercel (app hosting) — non-EU transfers under SCCs.
  • OpenRouter / LLM providers — limited to menu text sent for translation.
  • Stripe (payments) — independent controller for payment data.
  • Google (Analytics, Tag Manager, Ads) and Meta (Pixel) — only with consent.

6. Retention

Account data is retained for the contract duration plus 10 years for legal purposes. Usage data is retained for up to 26 months. Order data is retained for 10 years for tax purposes.

7. Your rights

Under Articles 15–22 GDPR, you may exercise the right to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. To exercise these rights, email amministrazione@negdigital.it.

You also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la Protezione dei Dati Personali).

8. Minors

The Service is not intended for users under 16. If we learn that we have collected data of a minor without parental consent, we will promptly delete it.

9. Changes

This policy may be updated at any time. Updates will be published on this page with the revision date.