SmartFlowsmartflow.barBack to site

Website policy

Privacy Policy

This policy explains how SmartFlow collects and uses personal data during the early pilot phase.

Last updated: 14 June 2026

This document is a practical startup pilot draft for review. It is not a substitute for independent legal advice.

1. Who operates SmartFlow

SmartFlow is currently operated directly by its founder, Scott Parker, during the pilot phase. SmartFlow is not currently operated through a separate limited company.

Website: smartflow.bar. Privacy and data enquiries: scott@smartflow.bar.

If SmartFlow later becomes a registered company, this policy will be updated with the relevant legal entity details, registration information and business address.

2. Purpose of this policy

This Privacy Policy explains what personal data may be collected when you use the SmartFlow website, contact SmartFlow, participate in a pilot, or use the SmartFlow service in a hospitality venue.

SmartFlow is intended to help guests request service, request the bill, place simple requests, and help staff understand table-level service demand.

3. Data SmartFlow may collect

  • Contact form details, such as name, venue name, email address, phone number and message content.
  • Pilot application information, such as venue type, approximate size, operational needs and requested pilot details.
  • Table service requests, such as table number, request type, order/request content, timestamps and request status.
  • Technical logs, such as IP address, request time, error logs, browser type and device information.
  • Device and browser information, such as operating system, screen size, language preference and session identifiers.
  • Analytics data, if analytics is enabled, such as page visits, general usage patterns and referral information.
  • Staff or venue feedback provided during questionnaires, review meetings or support conversations.

4. What SmartFlow does not currently do

  • SmartFlow does not currently process customer payments through the customer-facing interface.
  • SmartFlow is not intended to collect sensitive personal data from guests.
  • SmartFlow does not require guests to download an app.
  • SmartFlow is not positioned as a QR-code-based service. The pilot is NFC-first.

5. Legal bases for processing

Where GDPR applies, SmartFlow relies on appropriate legal bases depending on the context. These may include legitimate interests, consent, contract steps requested by a venue, or legal obligations.

SmartFlow has a legitimate interest in operating the website, responding to enquiries, running the pilot, measuring service performance, protecting the platform and improving the service. Where optional analytics or similar non-essential cookies are used, consent may be requested where required.

6. How data is used

  • To respond to contact, demo and pilot application requests.
  • To operate SmartFlow service requests between guests and venue staff.
  • To provide pilot support, setup, troubleshooting and review discussions.
  • To measure whether SmartFlow improves guest experience, staff responsiveness and venue performance.
  • To understand table-level demand patterns and service response times.
  • To maintain security, diagnose technical issues and prevent misuse.
  • To improve SmartFlow before any commercial launch.

7. Sharing data

SmartFlow may use trusted service providers for hosting, database, email, analytics, security or operational support. These providers should only process data as needed to provide their services.

SmartFlow may share pilot findings with a participating venue in a form relevant to that venue. SmartFlow will not intentionally publish venue-specific pilot results without permission, unless information is anonymised or aggregated.

SmartFlow may disclose data if required by law or if necessary to protect the service, users, venues or legal rights.

8. International transfers

Some service providers may process data outside the Czech Republic or European Union. Where this happens, SmartFlow will aim to use appropriate safeguards, such as providers that offer GDPR-aligned transfer mechanisms.

[Placeholder: add specific processor and transfer details when the production provider list is finalised.]

9. Data retention

SmartFlow keeps personal data only for as long as reasonably needed for the pilot, support, legal, security and improvement purposes.

Contact enquiries may be retained while discussions are active and for a reasonable period afterwards. Pilot data may be retained for the pilot period and a reasonable review period after the pilot. Technical logs are usually kept for a shorter period unless needed for security or troubleshooting.

[Placeholder: add fixed retention periods once operational processes are finalised.]

10. Security

SmartFlow aims to use reasonable technical and organisational measures to protect data, including access controls and secure hosting practices.

No online service can be guaranteed to be completely secure, especially during an early pilot. Venues should report suspected security issues promptly to scott@smartflow.bar.

11. Your GDPR rights

Where GDPR applies, individuals may have rights to access their personal data, correct inaccurate data, request deletion, restrict processing, object to processing, request portability, withdraw consent where processing is based on consent, and lodge a complaint with a supervisory authority.

To make a privacy request, contact scott@smartflow.bar. SmartFlow may need to verify the request before responding.

12. Changes to this policy

This policy may be updated as SmartFlow develops, as pilot arrangements change, or if SmartFlow becomes a registered company. The latest version will be posted on smartflow.bar.