Privacy Policy

Last updated: 29/11/2025

Belanzy (“we”, “our”, or “us”) is operated by ICREATOR B.V., a company registered in Amsterdam, Netherlands. We are committed to protecting your personal data and ensuring transparency in how we process it. This Privacy Policy explains what data we collect, how we use it, how long we keep it, and the rights you have under applicable privacy laws (including the GDPR).

If you have any questions, please contact us at:

ICREATOR B.V.

Amsterdam, Netherlands

Email: support@belanzy.com

1. Who We Are (Data Controller)

For all processing activities described in this policy, the data controller is:

ICREATOR B.V.

Amsterdam, Netherlands

Email: support@belanzy.com

This means we determine the purposes and means of processing your personal data.

2. What Personal Data We Collect

We collect and process the following categories of data.

A. Account Information

• Name
• Email address
• Password (securely hashed; never stored in plain text)
• Language & locale
• Timezone

B. Business Information

• Business name
• Location and country
• Currency
• Menu items and categories
• Staff permissions and roles
• QR location identifiers

C. Ordering & Transaction Data

• Menu items viewed or ordered
• Order history
• Payment metadata
• Tax or invoice-related information
• Table/QR-location context

We never store full card details. All card processing is handled securely by Stripe.

D. Technical & Security Data

• IP address
• Device & browser information
• Login timestamps
• Session identifiers
• Essential authentication cookies

E. Support & Communication Data

• Messages sent via support forms or email
• Logs relevant for troubleshooting

3. Why We Process Your Data (Purposes & Legal Bases)

Under GDPR, we must state our legal basis for processing. We rely on the following:

A. To provide our service (Contractual Necessity)

• Creating and managing accounts
• Running QR ordering and menu access
• Processing payments
• Managing businesses, menus, staff, and customers
• Sending essential service emails (receipts, security alerts)

B. To improve and secure the platform (Legitimate Interest)

• Fixing bugs
• Enhancing features
• Preventing fraud or misuse
• Analyzing anonymized usage patterns

C. To comply with legal obligations (Legal Obligation)

• Tax and accounting requirements
• Preventing fraudulent activity
• Responding to lawful requests from authorities

D. With your consent (Consent)

If we introduce optional features (analytics, marketing), we will ask for consent first. Currently, Belanzy uses only essential cookies.

4. Cookies & Tracking Technologies

Belanzy uses only essential cookies, including:

• Authentication / session cookies
• Security and CSRF cookies
• Cookies required for platform functionality

We do not use:

• Analytics cookies
• Advertising cookies
• Tracking pixels
• Third-party marketing tools

Because our cookies are strictly necessary, no cookie banner is required under GDPR.

More details are available in our Cookie section or Privacy Policy.

5. How We Share Your Data

We never sell your personal data.

We only share it with trusted third parties when necessary to provide the service.

A. Payment Processor

Stripe is used for processing payments. We do not store full card details.

B. Hosting & Infrastructure Providers

Cloud and hosting services (servers, storage, backups) that process data only as instructed by us.

C. Service Providers

• Error monitoring
• Email delivery (transactional emails)
• Customer support
• Security & logging

International Transfers

If data is transferred outside the EU/EEA, we rely on Standard Contractual Clauses (SCCs) or other GDPR-approved safeguards.

6. How Long We Keep Your Data (Retention)

• Account Data — kept until your account is deleted.
• Business & Transaction Data — kept as required (typically 5–7 years).
• Support Messages — kept up to 24 months unless needed longer for legal or security reasons.
• Technical & Log Data — typically 30–180 days.

When data is no longer needed, it is securely deleted or anonymized.

7. How We Protect Your Data

• HTTPS encryption
• Password hashing
• Secure database access
• Role-based access controls
• Regular security monitoring
• Third-party PCI-compliant payment providers (Stripe)

8. Your Rights Under GDPR

If you are located in the EU/EEA, you have the right to:

• Access — request a copy of your personal data.
• Correction — fix inaccurate or incomplete information.
• Deletion — request deletion of your account/data where applicable.
• Restriction — ask us to limit processing where legally possible.
• Data Portability — request your data in a portable format.
• Objection — object to processing based on legitimate interest.
• Withdraw Consent — withdraw consent at any time.
• File a Complaint — with your local Data Protection Authority.

In the Netherlands: Autoriteit Persoonsgegevens (AP).

9. Children’s Privacy

Belanzy is not intended for individuals under 16 years of age. We do not knowingly collect personal data from minors.

10. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are significant, we will notify you (e.g., email or in-app notice).

11. Contact Information

For questions or requests regarding your privacy rights:

ICREATOR B.V.

Amsterdam, Netherlands

Email: support@belanzy.com