Privacy Policy
Last updated: July 15, 2026
This Privacy Policy describes how Caleido design di Paduret Cristian, a sole proprietorship (ditta individuale) registered in Italy, VAT No. IT 04122400122, Via Barre Vermont 4/2, 21059 Viggiù (VA), Italy, doing business as “Judgy” (“Judgy,” “we,” “us,” or “our”), collects, uses, and shares information in connection with the Judgy websites, the owner dashboard, the guest feedback forms, and related services (the “Service”). We are the data controller for the personal information described in this Policy. You can reach us at support@judgy.us.
This Policy covers two very different groups of people:
- Owners — restaurant operators who create a Judgy account; and
- Guests — the restaurant customers who scan a QR code and submit anonymous feedback.
1. Guests: the Feedback Form Is Anonymous by Design
If you are a Guest filling in a feedback form, we store only:
- your answers to the restaurant’s questions — selections, 1–5 star ratings, yes/no answers, and optional free-text comments; and
- the date of your submission and its technical timestamp. The restaurant owner only ever sees the date and a coarse part of the day (for example “lunch” or “dinner”), never the exact clock time of your submission.
We do not collect your name, email address, phone number, account, precise location, or any stored device identifier, and we use no analytics or advertising trackers on the feedback form. Your answers can be read only by the owner of the restaurant you reviewed. Because feedback carries no identifiers, we cannot link a submission back to you afterwards — please keep in mind that what you write in a free-text comment could still identify you to the restaurant (for example, if you mention your table or describe yourself), so do not include personal information you would not want the owner to read.
Three technical mechanisms operate around the form, for security and abuse prevention only:
- Transient rate-limiting. When you submit feedback, our server briefly derives an irreversible hash from your IP address and browser user-agent to enforce submission limits (anti-spam). The IP address and user-agent themselves are never stored with your feedback and are never visible to the restaurant owner; only anonymous counters are kept, and they expire automatically.
- A local “already submitted” flag. After you send the form, your browser stores a small flag on your device (in local storage) so that the same device sees a thank-you screen instead of a new form for that restaurant for the next 24 hours. It contains no personal data and never leaves your device. See our Cookie Policy.
- Google reCAPTCHA Enterprise. The feedback form uses Google reCAPTCHA Enterprise (via Firebase App Check) to verify that submissions come from a real browser and not from bots. reCAPTCHA collects device and browser signals for this fraud-prevention purpose and is subject to Google’s Privacy Policy and Terms of Service.
2. Owners: Information We Collect
- Account information. Your email address and password, used to authenticate you, and an internal account identifier (your Firebase Authentication user ID). Passwords are handled by Firebase Authentication and stored only as a secure hash — we never see them.
- Restaurant profile and forms. Your restaurant name and the questions and options you configure, which are shown on your public feedback form.
- Operational settings. The optional opening-hours window you configure (the days and time slots in which your form accepts feedback) and a technical record of whether your feedback form is currently active, derived from your subscription state. Like your profile, these are readable by the public form.
- Feedback you receive. The anonymous responses submitted by your Guests, visible only to you.
- Terms acceptance records. When you accept the Terms of Service at signup, we store the accepted version, a server-clocked timestamp, the text of the consent checkbox and cryptographic fingerprints (SHA-256) of the policy pages as they were served to you — evidence of your agreement.
- Subscription and payment information. Payments are processed by Stripe (Stripe, Inc. and its European affiliates). We share with Stripe your email address, your internal account identifier and your subscription details; your card number and other payment credentials are collected by Stripe directly on its secure checkout and billing pages and never reach our systems. From Stripe we receive your subscription status (for example active, canceled, expiration date) and identifiers of your Stripe customer and subscription records. Stripe processes your data as described in the Stripe Privacy Policy.
- Support communications. If you email us, we receive your email address and the contents of your message.
3. How We Use Information
We use the information described above exclusively to:
- provide, operate, and maintain the Service (authentication, storing forms and feedback, showing your dashboard);
- process subscription payments, renewals, cancellations, and refunds;
- send transactional emails (email verification, password reset, and, where required by law, renewal notices);
- secure the Service and prevent spam, fraud, and abuse (rate-limiting, reCAPTCHA);
- respond to your support, privacy, and legal requests; and
- comply with legal obligations.
We do not sell personal information, share it for cross-context behavioral advertising, use it for third-party marketing, or run analytics or advertising trackers in the Service.
4. How We Share Information
We share information only with:
- Service providers. Google LLC provides our hosting, authentication, database, and abuse-prevention infrastructure (Firebase Hosting, Firebase Authentication, Cloud Firestore, Cloud Functions, reCAPTCHA Enterprise). Stripe handles subscription payments, invoicing and the billing portal (see Section 2). These providers process data under their own security and privacy commitments; Stripe also acts as an independent controller for parts of its payment and fraud-prevention processing, as described in the Stripe Privacy Policy.
- Authorities, when required. We may disclose information if required by law, subpoena, or other legal process, or to protect the rights, safety, or property of Judgy, our users, or others.
- A successor business. If our business is sold, merged, or reorganized, account data may be transferred to the successor, which will remain bound by commitments consistent with this Policy; we will notify you of any such transfer.
Restaurant profiles (name and form questions) are, by design, publicly readable by anyone who has the link or scans the QR code — that is how Guests load the feedback form.
5. Where Data Is Stored; Security
Account, form and feedback data is stored in Google Firebase (Firebase Authentication, Cloud Firestore, Firebase Hosting), operated by Google LLC as our data processor, in data centers located in the United States (us-east1 region). Payment and billing data is processed and stored by Stripe on its own infrastructure, and email we exchange with you is handled by our email providers. Data is encrypted in transit (HTTPS/TLS) and at rest. Access to production data is limited and protected by security rules that allow each Owner to read only their own account’s data. See Firebase Privacy and Security. No method of transmission or storage is 100% secure, but we work to protect your information using commercially reasonable technical and organizational measures.
6. Data Retention
- Active accounts. Owner account data and received feedback are kept for as long as your account is active, or until you delete them. Owners can delete individual feedback entries at any time.
- After subscription expiration. If your subscription expires and is not renewed, we retain your account data for six (6) months from the expiration date so you can reactivate without losing your data. At the end of that period, the account and its data are permanently deleted by an automated daily cleanup job. Accounts that are created but never activate a subscription are likewise deleted six (6) months after creation.
- Deletion on request. You can permanently delete your account and all associated data — including all feedback received — at any time from Account → Delete account inside the Service, or by following the instructions at /delete-account.html. In-app deletion takes effect immediately and also cancels your subscription, stopping any future charges; deletion requests by email are completed within 30 days.
- Payment and tax records. Invoices, payment records and related tax and anti-fraud records held by Stripe — and the minimal accounting records we are legally required to keep — are retained for the periods required by tax, accounting and anti-fraud law, even after your account is deleted.
- Anti-abuse counters. Rate-limiting records contain no personal information and expire automatically shortly after they are created.
7. Your U.S. State Privacy Rights
Depending on where you live, U.S. state privacy laws (including the California Consumer Privacy Act, as amended by the CPRA, and similar laws in other states) may give you the right to:
- know / access the personal information we hold about you and obtain a portable copy;
- correct inaccurate personal information;
- delete your personal information; and
- non-discrimination — we will not discriminate against you for exercising your rights.
We do not sell personal information and we do not share it for cross-context behavioral advertising, so there is nothing to opt out of; for the same reason, browser opt-out signals such as Global Privacy Control do not change how the Service treats you. Owners can access and correct most data directly in the dashboard and can delete their account from the Account section. For any other request, contact support@judgy.us; we will verify your request using the email address associated with your account. You may use an authorized agent, and if we deny a request you may appeal by replying to our decision.
8. Residents of the EEA, United Kingdom, and Switzerland (GDPR)
Because Judgy is operated by a business established in Italy, the EU General Data Protection Regulation applies to our processing of personal data. The controller is Caleido design di Paduret Cristian (contact details above).
- Legal bases. We process Owner account data to perform our contract with you (Art. 6(1)(b) GDPR); security and anti-abuse processing (rate-limiting, reCAPTCHA) is based on our legitimate interest in protecting the Service (Art. 6(1)(f)); and we process data where necessary to comply with legal obligations (Art. 6(1)(c)).
- Your rights. You have the right to access, rectify, erase, and receive a portable copy of your personal data, to restrict or object to certain processing, and to withdraw consent where processing is based on consent. Contact support@judgy.us to exercise these rights. You also have the right to lodge a complaint with your local supervisory authority — in Italy, the Garante per la protezione dei dati personali (garanteprivacy.it).
- International transfers. Service data is stored in the United States (Section 5). Transfers to Google LLC and to Stripe are protected by their certifications under the EU–U.S. Data Privacy Framework and, where applicable, the European Commission’s Standard Contractual Clauses.
- Guest feedback. Guest submissions are anonymous and cannot be linked back to an individual Guest, so data-subject requests cannot be applied to individual feedback entries.
9. Children’s Privacy
The Service is intended for restaurant businesses and their adult customers. It is not directed at children, Owner accounts may not be created by anyone under 18, and we do not knowingly collect personal information from children under 13 (or under 16 in the EEA/UK). If you believe a child has provided us personal information, contact support@judgy.us and we will delete it.
10. Changes to This Policy
If we change this Policy, we will publish the new version at this address with an updated date, and, for material changes affecting Owners, we will provide notice by email or through the Service before the changes take effect.
11. Contact
Caleido design di Paduret Cristian (doing business as Judgy)Via Barre Vermont 4/2, 21059 Viggiù (VA), Italy
VAT No. IT 04122400122
Email: support@judgy.us