Privacy Policy
How Ordifact collects, uses, and protects your restaurant's data.
Last updated: 8 May 2026
1. Who is the data controller
Ordifact ("Ordifact", "we") is the data controller for the personal data we collect when you use the service.
For any privacy-related question or to exercise your rights, contact us at hola@ordifact.com.
2. What data we process
About you as a restaurant user
- Identification: name, login email, and password (stored hashed with bcrypt).
- Restaurant data: trade name, tax ID (NIF/CIF), invoice-forwarding email address, accountant's email address.
- Service configuration: report period, warning day, spending categories, allowed senders.
From the invoices you upload
- The original file (PDF, image, or forwarded email) as we receive it.
- Data extracted from the invoice: supplier, supplier tax ID, number, date, taxable base, VAT per rate, total, and optionally line items.
- This data may include personal information about third parties (suppliers and, where applicable, signatories). It reaches Ordifact through you, as the supplier's customer.
Service usage
- Basic technical logs (errors, latencies, request IDs) for diagnostics and security.
- Audit logs: when we access your account for support (see section 6) and when a restaurant is deleted (right-to-erasure compliance).
3. Why we use your data
- Service delivery: digitising and organising the invoices you send us, and generating periodic accounting reports for your accountant.
- Extraction model improvement: corrections made by our team on low-confidence invoices feed the system's learning loop (see section 6). Data always remains tenant-isolated.
- Technical support: troubleshooting, configuration help, and debugging.
- Communication: operational emails about pending invoices, ready reports, and material changes to the service.
4. Legal basis
- Contract performance (Art. 6.1.b GDPR): processing is necessary to deliver the service you've contracted.
- Legitimate interest (Art. 6.1.f GDPR): for extraction-model improvement and service security. You may object at any time by writing to hola@ordifact.com.
- Legal obligation (Art. 6.1.c GDPR): retention of invoices and tax data for the period required by Spanish tax authorities.
5. Subprocessors
To deliver the service we rely on specialised vendors. All are subject to a Data Processing Agreement (DPA) and only process data on our instructions.
| Vendor | Purpose | Location |
|---|---|---|
| Supabase | PostgreSQL database | EU (France) |
| Microsoft Azure | Storage of original invoice files | EU |
| Vercel | Application hosting | US with EU regions for backend functions |
| Anthropic | AI-based data extraction and natural-language queries | US, with DPA and EU addendum |
| Postmark | Inbound and outbound email (reports, reminders) | US, with DPA |
| ElevenLabs | Speech synthesis for voice replies in chat (does not process invoice data) | US |
| Sentry | Error monitoring | EU |
For US-based vendors, transfers rely on the EU Commission's Standard Contractual Clauses (SCCs) or the Data Privacy Framework where applicable.
6. Ordifact team access to your account
To guarantee extraction quality (target: 99% accuracy) and provide technical support, authorised members of the Ordifact team may access your account and review the invoices you've uploaded. This includes:
- Review queue: when an invoice has low confidence, a team member opens it, corrects what's needed, and marks it as reviewed.
- Admin impersonation: for support, an administrator can enter your account as if they were you. Every access is recorded in an audit log with timestamp and admin identity.
All staff with access have signed a confidentiality agreement and only access strictly necessary data.
7. Data retention
- Invoices and tax data: original files and extracted data are kept for 4 years from the invoice date — the minimum period required by Spanish tax authorities (Ley 58/2003, General Tributaria, art. 70).
- Account and configuration data: while your restaurant is active on Ordifact.
- Audit and impersonation logs: 2 years from the last access.
- After cancellation: when you request deletion or cancel the service, we run a complete wipe of your data (account, invoices, files, line items, corrections, supplier profiles) within 30 days. We retain a minimal record of the deletion (slug, restaurant name, date) to evidence compliance with your request.
8. Your rights
As the data subject, you have the following rights over your personal information:
- Access: know what data we process about you.
- Rectification: correct inaccurate or incomplete data.
- Erasure ("right to be forgotten"): request deletion of your data when no longer needed.
- Objection: object to processing based on legitimate interest.
- Restriction: ask for processing to be temporarily limited.
- Portability: receive your data in a structured, reusable format.
To exercise any of these rights, write to hola@ordifact.com. We'll respond within one month.
If you believe we haven't handled your request properly, you may file a complaint with the Spanish Data Protection Agency (aepd.es).
9. Cookies
Ordifact only uses strictly necessary technical cookies:
- NextAuth session cookie (authentication).
ordifact_impersonatecookie (when an admin is impersonating an account).
We do not use analytics, advertising, or third-party tracking cookies. If we add any in the future, we'll request explicit consent through a banner.
10. Security
- Encryption in transit (TLS 1.2+) and at rest (AES-256 on Azure and Supabase).
- Passwords stored with bcrypt (factor 12).
- Tenant isolation: every database query filters by the authenticated session's
restaurantId. - Error monitoring and audited admin access.
11. Changes to this policy
If we change this policy we'll notify you by email at least 15 days in advance, except for non-material changes. The current version is always available at ordifact.com/en/privacy with its last-updated date.
12. Contact
Email: hola@ordifact.com
This is the direct channel for any matter related to your personal data.