Privacy Policy
Heptic BI — last updated 2026-05-22.
Heptic BI processes restaurant operational data on behalf of the controlling venue. We collect and process: invoice and supplier data extracted from mailbox connectors you grant access to, point-of-sale transaction data you connect via supported integrations, and the authentication data required to keep your account secure.
Controller
The legal controller is Heptic BI GmbH (the entity you contract with via our Order Form / AGB). For data-processing operations carried out on your venue's behalf the relationship is governed by the AVV — see /legal/avv.
Data subject rights
Under GDPR / DSGVO you have the right to access, rectify, erase, restrict processing, port, and object. Account-holders can trigger erasure via the account-settings page. We honour requests within statutory deadlines.
Retention
Invoice and POS data are retained for the duration of the contractual relationship plus the statutory retention period (currently 10 years for accounting records under § 257 HGB). Authentication artefacts are kept for the minimum required to operate sessions securely.
Contact
Privacy inquiries: privacy@heptic.de.