Spensa – Privacy Policy (Beta)
Effective Date: 18.12.2025
This Privacy Policy explains how personal data is processed when you use Spensa, a beta software service provided by Kevin Klammer, Vienna, Austria ("Spensa", "we", "us"). Spensa is currently provided as a free beta service. This Privacy Policy applies to the Spensa website, application, and related services (collectively, the "Service").
1. Overview
Spensa is designed to support restaurant operations such as order management, supplier communication, invoice processing, and product management. We process personal data only to the extent necessary to operate, secure, and improve the Service. We do not sell personal data and do not use personal data for advertising purposes.
2. Controller
The controller responsible for data processing in connection with the Service is: Kevin Klammer Vienna, Austria Email: hello@spensa.ai
3. Categories of Data Processed
3.1 Account and User Data When you create and use an account, we may process: • name or username • email address • user role and permissions • authentication-related data (e.g. hashed credentials) 3.2 Business and Operational Data When you use the Service, you may upload or enter data such as: • supplier names and contact details (including email addresses) • order information • uploaded invoices (PDF, JPG, PNG) • product, category, and pricing data • internal notes and comments This data may include personal data depending on how the Service is used. 3.3 Invoice Processing Data Uploaded invoices are processed using automated systems (including OCR and AI-based extraction) to identify information such as products, quantities, and prices. All extracted data is provided as draft information and remains fully reviewable and editable by you before being saved. 3.4 Technical and Usage Data When you access the Service, we may automatically process technical and usage data, including: • IP address • device type, operating system, and browser information • timestamps and log files • interaction and usage events within the Service • error and crash information This data is used to ensure security, stability, and proper functioning of the Service.
4. Analytics and Error Monitoring
To operate and improve the Service, we use the following tools: Sentry (Error and Performance Monitoring) Sentry is used to detect errors, crashes, and performance issues. Error reports may include technical information about the device, software environment, and actions leading to an error. In exceptional cases, reports may include limited user-provided data if such data was present at the time an error occurred. Mixpanel (Product Analytics) Mixpanel is used to analyze how users interact with the Service (e.g. feature usage, navigation patterns) in order to improve usability and functionality. These tools are used solely for operational and improvement purposes and not for advertising or marketing tracking.
5. Offline Mode
When offline mode is used, certain data may be stored locally on your device and synchronized once a connection becomes available. We do not control locally stored data and are not responsible for data loss, unauthorized access, or security issues on user devices.
6. Purposes of Processing
Personal data is processed for the following purposes: • providing and operating the Service • enabling order creation and supplier communication • processing uploaded invoices • managing product and pricing data • ensuring technical security and stability • detecting errors and improving the Service
7. Legal Basis
Where required under the GDPR, processing is based on: • performance of a contract or pre-contractual measures (Art. 6(1)(b) GDPR); • legitimate interests in operating, securing, and improving the Service (Art. 6(1)(f) GDPR); • consent, where explicitly requested (Art. 6(1)(a) GDPR).
8. Data Sharing
We do not sell personal data. Personal data may be shared only: • with technical service providers required to operate the Service (such as hosting providers, email delivery services, Sentry, and Mixpanel); • where required by law or binding legal requests. Service providers process data only on our instructions and solely for the purposes described in this Privacy Policy.
9. International Data Transfers
Some service providers used by Spensa (including Sentry and Mixpanel) may process data outside the European Union, including in the United States. Where required, appropriate safeguards such as standard contractual clauses or equivalent legal mechanisms are applied.
10. Data Retention
Personal data is retained only for as long as necessary to operate the Service and for legitimate operational purposes. As the Service is provided as a beta: • there is no guaranteed data retention period; • data may be deleted after account termination, extended inactivity, or discontinuation of the Service; • there is no guaranteed data export functionality.
11. Your Rights
Under applicable data protection law, you may have the right to: • request access to your personal data; • request correction of inaccurate data; • request deletion of personal data; • object to certain processing activities. Requests can be sent to the contact details above. Please note that rights may be limited where processing is technically required to operate the Service.
12. User Responsibilities
You are responsible for: • uploading and processing only data you are legally entitled to use; • complying with applicable data protection laws within your organization; • informing employees or third parties where required. Spensa is intended primarily for business use.
13. Security
We implement reasonable technical and organizational measures to protect personal data. However, no system can be guaranteed to be completely secure. Use of the Service is at your own risk, particularly during the beta phase.
14. Cookies and Tracking Technologies
Spensa does not use cookies or similar technologies for advertising or cross-site tracking. The Service may use: • essential technical cookies or storage mechanisms required for basic functionality (e.g. session handling); • analytics and error-monitoring tools (such as Mixpanel and Sentry) that process technical and usage data but do not rely on advertising cookies. At this stage, no consent banner is required. If this changes, we will update this Privacy Policy accordingly.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. Continued use of the Service after changes become effective constitutes acceptance of the updated Privacy Policy.
16. Contact
For questions about this Privacy Policy or data protection matters, contact: Kevin Klammer Vienna, Austria Email: hello@spensa.ai