Last updated: February 2026
Repsut ("we", "us", "our") is a restaurant management platform operated from Finland. The data controller is Repsut Oy, contactable at contact@repsut.com. We are committed to protecting your privacy and handling your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Finnish data protection legislation (Tietosuojalaki 1050/2018). This Privacy Policy explains how we collect, use, store, and protect your information.
We collect the following types of personal data: account information (name, email address) provided during registration; organization data (restaurant name, team member information); content data (recipes, menus, prep lists) you create within the service; usage data (login timestamps, feature usage, browser type) collected automatically; and payment data (billing address, payment method) processed securely by our payment provider Stripe.
We process your personal data on the following legal bases under GDPR Article 6: performance of our contract with you (providing the Service); your consent (where explicitly given, such as for cookie preferences); our legitimate interests (service improvement, security monitoring); and compliance with legal obligations (accounting, tax requirements).
We use your data to: provide and maintain the Repsut service; authenticate your identity and manage your account; process payments and manage subscriptions; send transactional emails (invitations, billing notifications); improve our service based on aggregated usage patterns; and comply with legal obligations. We do not sell your personal data to third parties.
We retain your personal data for as long as your account is active or as needed to provide the Service. Unpinned messages are automatically deleted after 90 days. Activity logs are retained for 365 days. Upon account termination, you may request data export within 30 days. After that period, your data is permanently deleted. We may retain certain data as required by Finnish accounting and tax legislation.
Your data is stored on servers within the European Union. We use industry-standard security measures including encryption in transit (TLS) and at rest, access controls, and regular security reviews. Authentication is handled by Clerk, a SOC 2 Type II certified identity provider. Payment processing is handled by Stripe, a PCI DSS Level 1 certified payment processor.
We use the following third-party services to provide Repsut: Clerk (authentication and user management), Stripe (payment processing), Vercel (hosting and image storage), Google (recipe photo scanning via Gemini API — images are processed and not stored by Google), Resend (transactional emails), Ably (real-time messaging), and Sentry (error monitoring). Each provider processes data under their respective data processing agreements and in accordance with applicable data protection regulations.
We use essential cookies required for authentication and service functionality. We do not use advertising or tracking cookies. You can configure your browser to block cookies, but this may affect the functionality of the service.
Under GDPR, you have the right to: access your personal data; rectify inaccurate data; erase your data ("right to be forgotten"); restrict processing; data portability; and object to processing. To exercise any of these rights, contact us at contact@repsut.com. We will respond within 30 days. You also have the right to lodge a complaint with the Finnish Data Protection Ombudsman (tietosuojavaltuutettu).
We may update this Privacy Policy from time to time. We will notify registered users of significant changes via email. The latest version is always available on this page.
For privacy-related questions, contact us at contact@repsut.com.
Repsut