SENARO

Privacy Policy

How we handle personal data.

Effective: 3 June 2026 · Version 1.0

Senaro is an operating stack for independent restaurants. This policy explains what personal data is processed when you (a) visit senaro.net, (b) book a table at a Senaro venue, (c) use a Senaro venue's WhatsApp / Instagram / website conversation channels, or (d) integrate with Senaro as an agent or developer partner.

1. Who we are

"Senaro" is operated by Bruno Barreto, working under the trading name Senaro (Portugal, NIF on request), with a planned transition to Senaro Unipessoal Lda during 2026. Contact:

2. Roles under GDPR

For each restaurant ("venue") that uses Senaro:

For data about visitors to senaro.net itself, Senaro is the data controller.

3. What we process

3.1 If you book a table or order through a Senaro venue

3.2 If you visit senaro.net, /agents, or /llms.txt

3.3 If you integrate as an MCP or REST partner

4. Why we process it (lawful bases)

5. Sub-processors

Senaro uses the following sub-processors to deliver the service. Each operates under its own privacy policy. Personal data is shared only as needed for the service.

Sub-processor Purpose Location
Hetzner Online GmbH Hosting (Senaro infrastructure) Germany (EU)
Twilio Inc. WhatsApp / Instagram / SMS messaging delivery USA (Standard Contractual Clauses)
Meta Platforms (WhatsApp / Instagram) WhatsApp Business Platform and Instagram Messaging Ireland (EU)
Stripe Payments Europe Ltd. Reservation deposits and order payments Ireland (EU)
OpenRouter Inc. + Anthropic PBC Large language model inference for the Conversation AI USA (Standard Contractual Clauses)
Telegram FZ-LLC Operator handover notifications UAE

Each venue may add its own sub-processors (e.g. their own Twilio sub-account, their own Meta Business identity, their own Stripe account) — those are listed in the venue's own privacy statement.

6. Retention

7. Your rights (data subject rights under GDPR)

You have the right to:

To exercise any of these rights, email admin@senaro.net. We respond within one month.

8. International transfers

Some sub-processors (Twilio, OpenRouter, Anthropic) are based outside the EU. Transfers are governed by the European Commission's Standard Contractual Clauses (SCCs). No personal data is sold to third parties.

9. Security

Senaro uses HTTPS / TLS for all data in transit, encrypted database fields for sensitive credentials (Stripe keys, etc.), rate limits and signature validation on inbound webhooks, and per-venue isolation of customer data across separate databases.

10. Children

Senaro is not directed at children under 16 and we do not knowingly collect data from children. If a venue's WhatsApp customer turns out to be a minor, the venue (as data controller) is responsible for handling that under the relevant legal regime.

11. Changes to this policy

Material changes will be posted at this URL with an updated effective date. The version history is preserved in the Senaro repository on request.

12. Contact

Privacy enquiries and data subject rights requests: admin@senaro.net

Senaro · Privacy v1.0 · 3 June 2026