GDPR Compliance
Last updated: February 2026
Overview
Auvano is fully committed to compliance with the General Data Protection Regulation (GDPR) and the UK GDPR. We process personal data lawfully, fairly, and transparently, collecting only what is necessary to provide our restaurant operations platform.
We act as a Data Processor on behalf of our restaurant clients (the Data Controllers) when handling their customer data, and as a Data Controller for our own client relationship data.
Data Processing Agreement
A Data Processing Agreement (DPA) is available on request for all Auvano customers. The DPA covers:
- The nature and purpose of data processing
- Types of personal data processed
- Categories of data subjects
- Obligations and rights of the controller
- Technical and organisational security measures
- Sub-processor management
- Data breach notification procedures
To request a DPA, contact privacy@auvanoai.com.
Sub-processors
We use the following sub-processors to deliver our Service:
| Sub-processor | Purpose | Location |
|---|---|---|
| Render | Application hosting | US / EU |
| AWS | Cloud infrastructure | EU (London), US |
| Neon | PostgreSQL database | EU / US |
| Vapi | Voice call processing | US |
| Twilio | Telephony infrastructure | US / EU |
| Square | Payment processing | US / EU |
We notify customers of any changes to sub-processors with at least 30 days' notice.
Data Location
UK and European customers: Your data is stored on EU/UK-based servers wherever possible. Where data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) and adequacy decisions.
US customers: Your data is stored on US-based infrastructure.
All data transfers are encrypted in transit using TLS 1.3 and at rest using AES-256 encryption.
Data Protection Officer
For data protection enquiries, contact our Data Protection Officer:
Email: privacy@auvanoai.com
We respond to all data protection enquiries within 72 hours.
Individual Rights
Under GDPR, individuals have the following rights regarding their personal data:
- Right of Access — Request a copy of all personal data we hold about you.
- Right to Rectification — Request correction of inaccurate or incomplete data.
- Right to Erasure — Request deletion of your personal data ("right to be forgotten").
- Right to Data Portability — Receive your data in a structured, machine-readable format.
- Right to Restriction — Request limitation of processing of your data.
- Right to Object — Object to processing of your data for specific purposes.
- Rights related to automated decision-making — You have the right not to be subject to decisions based solely on automated processing.
How to Exercise Your Rights
To exercise any of the above rights, please contact us at:
Email: privacy@auvanoai.com
We will respond to your request within 30 days as required by GDPR. If your request is complex, we may extend this by an additional 60 days with notice.
If you are unsatisfied with our response, you have the right to lodge a complaint with your local supervisory authority. In the UK, this is the Information Commissioner's Office (ICO).