PAILY Privacy Policy

This document explains how personal data is processed within PAILY (guest experience, staff panel, and marketing site).

Last updated: March 11, 2026

Important notice

PAILY is an individual project in an early stage of development and is operated by a natural person who is not registered as a commercial entity. The service does not enable real purchases or real payment processing. Payment functions and third-party integrations operate only in demo or simulated mode.

The only fully active features are the contact form (email delivery) and the remaining features that do not require integrations with external providers.

1. Data controller and contact

The data controller is the operator of the PAILY platform. Data protection contact: connect.paily@gmail.com.

2. Scope and data sources

We process data provided directly by the user or generated while using the service, including in particular:

staff and owner account data (name, surname, business email, role, restaurant identifier),
operational bill and payment data (status, amounts, method, transaction identifier),
technical and security data (API logs, device and browser metadata, session markers),
data submitted through the marketing contact form (name, email, message).

3. Purposes and legal bases

service delivery and payment processing: Article 6(1)(b) GDPR,
accounting and tax obligations (for example transactional data and documents): Article 6(1)(c) GDPR,
security, audit, and claim handling: Article 6(1)(f) GDPR,
commercial contact from the marketing site: Article 6(1)(a) GDPR (consent).

4. Data recipients

Data may be shared with processors acting on our behalf, such as hosting providers, transactional email providers, payment infrastructure providers, and application monitoring providers, only to the extent required to deliver the purposes described above.

5. Transfers outside the EEA

If we use providers located outside the EEA, transfers are performed with appropriate legal safeguards, such as Standard Contractual Clauses.

6. Retention periods

staff account data: for the lifetime of the account and any period required for security and audit,
payment data and sales documents: for the period required by applicable law,
marketing contact form data: until the enquiry is handled and follow-up activities are completed,
technical logs: according to the security retention policy.

7. Data subject rights

You have the right to access, rectify, erase, restrict processing, transfer data, object, and lodge a complaint with the competent supervisory authority. Consent can be withdrawn at any time without affecting the lawfulness of processing carried out before withdrawal.

8. Cookies and similar technologies

By default, only strictly necessary technologies are active. Preference, analytics, and marketing categories are enabled only after opt-in.

Necessary

Purpose: Keeping the service operational (session continuity, security, remembering cookie decisions).

Example: paily-cookie-consent

Provider: 1st party (PAILY)

Retention: 12 months (consent) / browser session (session tokens)

Activation basis: Enabled without consent (required to provide the service)

Withdrawal: Delete site data in the browser; removing these items may limit parts of the application.

Preferences

Purpose: Remembering interface settings and user convenience preferences.

Example: paily-ui-preferences (planned)

Provider: 1st party (PAILY)

Retention: up to 12 months

Activation basis: Opt-in only

Withdrawal: Use the cookie settings button in the landing footer or clear site data.

Analytics

Purpose: Traffic and performance measurement in Google Analytics 4, enabled only after consent.

Example: _ga, _ga_<container-id>

Provider: Google LLC / Google Ireland Limited (Google Analytics 4)

Retention: up to 14 months (according to GA4 configuration)

Activation basis: Opt-in only

Withdrawal: Use the cookie settings button in the landing footer or clear site data.

Marketing

Purpose: Campaign personalisation and ad conversion measurement.

Example: _fbp (example for Meta Pixel)

Provider: 3rd party (ad platforms)

Retention: up to 90 days (depends on provider)

Activation basis: Opt-in only

Withdrawal: Use the cookie settings button in the landing footer or clear site data.

Category	Purpose	Example	Provider	Retention	Activation basis	Withdrawal
Necessary	Keeping the service operational (session continuity, security, remembering cookie decisions).	paily-cookie-consent	1st party (PAILY)	12 months (consent) / browser session (session tokens)	Enabled without consent (required to provide the service)	Delete site data in the browser; removing these items may limit parts of the application.
Preferences	Remembering interface settings and user convenience preferences.	paily-ui-preferences (planned)	1st party (PAILY)	up to 12 months	Opt-in only	Use the cookie settings button in the landing footer or clear site data.
Analytics	Traffic and performance measurement in Google Analytics 4, enabled only after consent.	_ga, _ga_<container-id>	Google LLC / Google Ireland Limited (Google Analytics 4)	up to 14 months (according to GA4 configuration)	Opt-in only	Use the cookie settings button in the landing footer or clear site data.
Marketing	Campaign personalisation and ad conversion measurement.	_fbp (example for Meta Pixel)	3rd party (ad platforms)	up to 90 days (depends on provider)	Opt-in only	Use the cookie settings button in the landing footer or clear site data.

Minimum viable cookies at launch

We collect now: the cookie decision state (`paily-cookie-consent`) and local technical data such as language, theme, or sessions required for login and payment flows.
After acceptance: Google Analytics 4 starts only after consent is saved and does not automatically enable marketing categories.
After rejection: we do not start Preference, Analytics, or Marketing categories.

9. Policy changes

This policy may be updated along with product changes or legal requirements. The current version is published at `/privacy` together with the last-updated date.