Privacy Policy

Luigi AI ("we", "us", "our") operates the website try-luigi.com and the Luigi AI platform. For any questions regarding this policy, contact us at: forward@try-luigi.com.

We collect the following categories of personal data:

• Account data: email address, password (hashed), restaurant name, phone number.
• Reservation data: customer names, phone numbers, reservation dates, guest counts, call recordings and summaries — provided by the restaurant through their reservation system.
• Usage data: pages visited, features used, browser type, IP address (anonymized after 30 days).
• Contact form data: email address, restaurant name submitted through our demo request form.

We use personal data exclusively to:

• Provide and improve the Luigi AI service (confirmation calls, dashboard, reports).
• Communicate with you about your account and our service.
• Respond to demo requests and support inquiries.
• Analyze usage patterns to improve our product (aggregated, anonymized data only).

We do not sell, rent, or share personal data with third parties for marketing purposes.

Our legal bases for processing personal data are:

• Contract performance: processing necessary to provide the Luigi AI service to restaurant owners.
• Legitimate interest: improving our service, preventing fraud, ensuring security.
• Consent: for marketing communications (you can opt out at any time).

For reservation data (restaurant guests), the restaurant is the data controller and Luigi AI acts as a data processor under a Data Processing Agreement.

• Account data: retained as long as your account is active, then deleted within 30 days of account closure.
• Reservation data: retained for 12 months, then automatically deleted.
• Call recordings: retained for 90 days, then automatically deleted.
• Usage data: anonymized after 30 days, aggregated data retained for analytics.

We use industry-standard security measures including encryption in transit (TLS 1.3), encryption at rest, and access controls. Our infrastructure is hosted on Vercel (frontend) and Supabase (database), both SOC 2 Type II compliant.

Under the GDPR, you have the right to:

• Access your personal data.
• Rectify inaccurate data.
• Delete your data ("right to be forgotten").
• Port your data to another service.
• Object to or restrict processing.
• Withdraw consent at any time.

To exercise these rights, email us at forward@try-luigi.com. We will respond within 30 days.

We use a single functional cookie (NEXT_LOCALE) to remember your language preference. We use Vercel Analytics for anonymous, aggregated traffic data — no tracking cookies are set.

We use the following third-party services:

• Supabase (database & authentication) — EU data region available.
• Vercel (hosting & analytics) — SOC 2 compliant.
• Formspree (contact form processing).

Each service has its own privacy policy and processes data under our instructions.

We may update this policy from time to time. Significant changes will be communicated via email to registered users. The latest version is always available at this URL.