Privacy Policy
Last updated: April 2026
Your privacy matters to us. This policy explains what personal data Bario collects, why we collect it, how we use it, and your rights as a data subject under the General Data Protection Regulation (GDPR).
1. Who We Are
Bario is a cloud-based point-of-sale and order management platform for restaurants, cafés, and beach bars. We are based in Greece and operate within the European Union.
For the purposes of the General Data Protection Regulation (GDPR), Bario is the Data Controller for personal data collected through this website and our software platform.
Contact: hello@bario.gr
2. Data We Collect
We collect the following categories of personal data:
- Account data: your name, email address, company name, and chosen subdomain when you register.
- Venue & operational data: tables, orders, menu items, employee records, and transaction history created while using the platform. This data belongs to you.
- Technical data: IP address, browser type, operating system, and access logs for security and debugging purposes.
- Payment data: billing is processed entirely by Stripe. We do not store card numbers, CVV codes, or full payment details on our servers. We receive a Stripe customer ID and subscription status only.
3. How We Use Your Data
We use your data to:
- Provide and operate the Bario service.
- Process payments and manage your subscription.
- Send transactional emails (account creation, invoices, subscription changes).
- Respond to support requests.
- Detect and prevent fraud or abuse.
- Improve the platform based on aggregated, anonymised usage patterns.
We do not sell your data to third parties. We do not use your data for advertising.
4. Legal Basis for Processing (GDPR Article 6)
- Contractual necessity (Art. 6(1)(b)): processing required to deliver the service you subscribed to.
- Legitimate interests (Art. 6(1)(f)): security monitoring, fraud prevention, and product improvement.
- Legal obligation (Art. 6(1)(c)): retaining financial records as required by Greek and EU tax law.
5. Third-Party Processors
We share data only with the processors necessary to run the service:
- Supabase: database and authentication hosting. Data is stored in an EU region. Supabase Privacy Policy.
- Stripe: payment processing. Stripe processes payment data under the EU-US Data Privacy Framework. Stripe Privacy Policy.
- Cloudflare: DNS, CDN, and DDoS protection. Traffic may pass through Cloudflare servers. Cloudflare Privacy Policy.
All processors are contractually bound to process data only on our instructions and in compliance with GDPR.
6. Data Retention
- Account and venue data: retained for the duration of your active subscription, plus 30 days after cancellation to allow data export. After 30 days, all personal data is permanently deleted.
- Payment records: retained for 10 years as required by Greek tax law (Law 4308/2014).
- Server logs: retained for 90 days for security and debugging, then automatically purged.
7. Your Rights Under GDPR
As an EU data subject, you have the right to:
- Access: request a copy of the personal data we hold about you.
- Rectification: correct inaccurate or incomplete data.
- Erasure: request deletion of your personal data ("right to be forgotten"), subject to legal retention obligations.
- Portability: receive your data in a structured, machine-readable format.
- Restriction: ask us to limit how we process your data in certain circumstances.
- Objection: object to processing based on legitimate interests.
To exercise any of these rights, email hello@bario.gr. We will respond within 30 days.
You also have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.
8. Data Security
All data is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted by our hosting provider. Access to production systems is restricted to authorised personnel only, with role-based access controls enforced at every layer.
In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify the HDPA within 72 hours and inform affected users without undue delay.
9. Cookies
We use a single session cookie strictly necessary for authentication when you are logged into the platform. This cookie is deleted when you log out or close your browser session.
With your consent, we also use Google Analytics (a service provided by Google LLC) to collect anonymous data about how visitors use our website — for example, which pages are visited and how long users stay. This data is used only to improve the site. Google Analytics uses cookies to collect this information.
When you first visit our website, we ask for your consent before loading any analytics cookies. You may accept or decline via the cookie banner. You can withdraw consent at any time by clearing your browser cookies.
We do not use advertising cookies or any other third-party trackers beyond Google Analytics (with consent).
10. Contact
For any privacy-related questions or to exercise your rights, contact us at:
Email: hello@bario.gr
Location: Greece, European Union