Privacy Policy

Pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR) and Legislative Decree 196/2003

1. Data Controller

The data controller is:

Kirill Minyaev VAT Number: IT17516761008 Address: Via Gregorio VII 58, 00165 Roma (RM), Italia Email: ciao@stello.it PEC: k.minyaev@pec.it

2. Scope of this Policy

This policy describes how Stello processes personal data relating to:

- registered users and accounts; - proprietors, restaurants, bars and businesses using Stello; - persons contacting Stello for support or information; - website visitors; - any persons whose data are entered by the User in menus, public pages or uploaded content.

The User who enters, uploads or publishes personal data of clients, employees, collaborators or third parties via Stello remains responsible for having an adequate legal basis for such processing and for providing, where necessary, the information required by applicable law.

3. Types of Data Processed

Stello may process the following data categories:

Registration and account data: email, name, account identifiers, authentication provider, technical access and security data.

Business data: business name, address, category, contacts, descriptions, hours, logo, images and other data entered by the User.

Menu data: product names, descriptions, prices, ingredients, allergens, photos, translations, sections, availability, publication settings and uploaded or generated content.

Google Places public data: rating, number of reviews, public reviews, location and other publicly available data, if the User links or selects their business.

Usage data: interactions with the platform, pages visited, features used, technical events, logs, performance data, QR scans or aggregated metrics when available.

Payment and billing data: chosen plan, subscription status, Paddle identifiers, receipts, invoices and data necessary for administrative management. Full payment card data is managed by Paddle and is not stored on Stello's servers.

Communication data: support requests, emails, feedback, messages, communication preferences.

4. Purposes and Legal Bases

Personal data are processed for the following purposes and legal bases:

Contract performance or pre-contractual measures (Art. 6.1.b GDPR):

- create and manage the account; - provide the Stello service; - generate and publish digital menus; - manage plans, subscriptions, login and features; - provide operational support; - generate translations, parsing, reports and AI content requested by the User.

Legal obligation (Art. 6.1.c GDPR):

- fulfil tax, accounting, administrative and legal obligations; - retain billing data for periods required by applicable law; - respond to requests from competent authorities.

Legitimate interest (Art. 6.1.f GDPR):

- security of the Service; - prevention of fraud, abuse and unauthorized access; - technical improvement of the platform; - aggregated analysis or statistics on Service operation; - protection of rights of Stello, Users or third parties.

Consent (Art. 6.1.a GDPR):

- promotional communications or newsletters, where provided; - cookies or non-technical tracking tools, where required; - other processing for which law requires consent.

5. Public Pages and QR Codes

Digital Menus and Public Pages created by the User may be accessible to anyone who has the link or QR code. The User is responsible for the data and content they decide to publish.

The User must avoid entering unnecessary personal data, confidential data, information of third parties without authorization or content they do not intend to make public on public pages.

6. Use of Artificial Intelligence

Stello uses third-party artificial intelligence models and services, including Anthropic Claude API, for features such as:

- automatic menu translation; - menu parsing or recognition from photos/PDFs; - generation of reports, digests, suggestions or analyses.

To provide these features, menu text, product information and other necessary content may be sent to AI providers. Such providers process data according to their own terms, policies and applicable security measures.

Based on available Anthropic API documentation, data sent via API is not used to train models without customer authorization. Data may, however, be retained for security, abuse prevention, logging purposes or according to settings and terms applicable to the API service, except where specific zero data retention agreements are available.

Translations, parsing, reports and AI outputs are support tools. The User remains responsible for verifying content before publication or operational use, particularly regarding allergens, ingredients, prices, availability, health information and translations.

7. Google Places API

Stello may use Google Places API to access publicly available data relating to commercial businesses, such as name, address, rating, public reviews and location.

Access is via API and does not require User OAuth authentication, unless future features require it. Data use is subject to Google Maps Platform Terms of Service.

8. Recipients and Processors

Personal data may be processed by third-party vendors and services necessary to provide Stello, including:

Supabase Inc. — database, authentication and data infrastructure. Anthropic PBC — AI features, translations, parsing, reports or analyses. Vercel Inc. — hosting, deployment, edge network and web infrastructure. Paddle.com Market Limited — Merchant of Record, payments, VAT/taxes, billing, receipts, chargebacks and payment management. Resend Inc. — sending transactional emails, notifications and operational communications. Google / Google Maps Platform — public business data and related services. Analytics or advertising tools — only to the extent actually implemented and according to applicable cookie preferences/consent.

Stello does not sell personal data to third parties.

9. International Transfers

Some vendors may be based or have infrastructure outside the European Economic Area. In such cases, transfers occur on the basis of adequacy decisions, Standard Contractual Clauses (SCCs) or other mechanisms provided for in Articles 44 et seq. of the GDPR, where applicable.

For Paddle.com Market Limited, based in the United Kingdom, the transfer may be based on the adequacy decision applicable to the United Kingdom, unless changes to regulations occur.

10. Data Retention

Data are retained for the time necessary for the purposes for which they are collected, except where legal obligations or legitimate interests require retention.

Typically:

- account data: for the duration of the account and up to 90 days after deletion, unless legal obligations require otherwise; - menu and content data: for the duration of the account or as long as the menu remains active/published; - billing data: for periods required by applicable tax and accounting regulations; - technical and security logs: for the time necessary for security, debugging, abuse prevention and technical obligations; - support data: for the time necessary to handle the request and protect the rights of the parties; - data processed by AI providers or third parties: according to their respective policies and applicable terms, plus available contractual configurations.

The User may request deletion of their account and data, provided that Stello must or may retain data for legal obligations, security, accounting, protection of rights or abuse prevention.

11. Data Subject Rights

Within the limits provided by the GDPR, the data subject may exercise the following rights:

- access to personal data; - rectification of inaccurate data; - deletion; - restriction of processing; - data portability; - objection to processing based on legitimate interest; - withdrawal of consent, when processing is based on consent.

To exercise rights: ciao@stello.it or PEC k.minyaev@pec.it.

The data subject has the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali): https://www.garanteprivacy.it.

12. Cookies and Tracking Tools

Stello uses technical cookies necessary for the operation of the site and platform, including session management and security. Technical cookies do not require consent.

Stello may use cookies or analytics tools to measure traffic, performance, conversions or use of the Service. When such tools require consent under applicable law, they are activated only with user consent.

Users may manage or revoke cookie preferences through tools available on the site, if present, or through browser settings. Disabling technical cookies may impair Service functionality.

13. Security

Stello adopts reasonable technical and organizational measures to protect personal data, including:

- encrypted HTTPS/TLS connections; - access controls; - secure authentication; - logical data separation where applicable; - backup and recovery measures; - technical monitoring and anti-abuse measures.

No online service can guarantee absolute security. Users must protect their account and notify Stello in case of unauthorized access or suspected breach.

14. Automated Decision-Making

Stello does not use fully automated decision-making processes under Article 22 GDPR that produce legal effects on the data subject or similarly significantly affect them.

AI features generate support content that the User can verify, modify, approve or disregard.

15. Minors

Stello is intended for adults and professional businesses. Stello does not knowingly collect personal data of minors. If the Controller becomes aware of unauthorized processing of minor data, it will take reasonable measures to delete it.

16. Modifications

Stello may modify this policy. Modifications will be published on this page with an update to the date. In case of substantial modifications, Stello will use reasonable means to notify users.

17. Contact

For questions regarding privacy or personal data processing:

Controller: Kirill Minyaev Email: ciao@stello.it PEC: k.minyaev@pec.it Address: Via Gregorio VII 58, 00165 Roma (RM), Italia VAT Number: IT17516761008


© 2026 Stello — Kirill Minyaev · P.IVA IT17516761008

Frequently asked questions

Stello transforms your restaurant menu into a digital menu with QR code: upload a photo or PDF and get an organized menu, updateable online and translated into up to 15 languages.
No. You can start for free and create your QR menu without a credit card. You upgrade to a higher plan only when you need to.
Yes. The QR code stays the same: you can change dishes, prices, descriptions and allergens anytime and customers see the updated version right away.
Stello translates the menu with AI into up to 15 languages, keeping the restaurant in control of dish names, ingredients and allergens.
Stello automatically assigns allergens to dishes. The restaurant confirms or modifies them before publishing. You can also indicate dietary preferences like vegetarian, vegan, gluten-free, dairy-free, halal, kosher and lean.
For restaurants, bars, pizzerias, kiosks, hotels and takeaways: any venue can create a clear, updateable QR menu ready to share.