Patrono

Legal

Privacy policy.

This policy describes which personal data we collect, for what purpose, and how we protect it. Last updated 20 April 2026.

1. Data controller

The controller of personal data is CAUTUS SISTEMI d.o.o., Hribarov prilaz 2, 10000 Zagreb, VAT ID HR65960598095. For any privacy questions contact privatnost@getpatrono.com.

2. What data we collect

Registration and service usage data: first and last name, email address, phone number, venue name and VAT ID, user role within the venue, password (stored hashed).

Business data: data about turnover, menu, staff, shifts and HACCP records the Customer enters in the service. This data remains the property of the Customer.

Technical data: IP address, browser type, access time, pages visited. We use this for security and diagnostics.

Analytics: Plausible Analytics, no cookies, no individual user tracking. See the cookie policy for details.

3. Purpose and legal basis

We process data to provide the service (legal basis: contract performance), to meet statutory obligations (legal basis: legal obligation), and to improve the service and communication with customers (legal basis: legitimate interest of the controller).

4. Sharing with third parties

We do not sell or rent personal data. We share data only with the following categories of processors acting on behalf of the controller:

  • Cloud infrastructure provider (service hosting)
  • Email delivery service provider
  • Accounting and audit services as required by law

We have a data processing agreement with every processor in line with GDPR.

5. Retention period

We retain user account data while the account is active. After service cancellation, the data remains available to the Customer for export for the next 30 days, then is deleted. Tax and accounting records are retained for statutory periods (at least 11 years).

6. Your rights

As a data subject you have the right to access, rectification, erasure, restriction of processing, data portability and objection to processing. You exercise these rights by writing to privatnost@getpatrono.com. We respond within 30 days.

If you believe your data is being processed contrary to regulations, you have the right to lodge a complaint with the Croatian Personal Data Protection Agency (AZOP), Selska cesta 136, 10000 Zagreb.

7. Security

Data is transmitted encrypted (HTTPS/TLS). Passwords are stored hashed. Access to production data is limited to team members who need it to operate the service. Backups are run regularly.

8. Policy changes

This policy may be updated periodically. We notify customers of material changes by email and through in-app notifications.