1. Introduction

This Privacy Policy explains how Bruno ("we", "us", or "our") collects, uses, and protects your personal data when you use our website at bruno.pizza and our mobile application (collectively, the "Services").

We are committed to protecting your privacy and complying with applicable data protection laws, including the UK General Data Protection Regulation (UK GDPR) and the EU General Data Protection Regulation (EU GDPR).

2. Data Controller

Bruno is operated by an individual developer. The data controller responsible for your personal data is:

Note: Bruno is not a registered company or legal entity. It is operated as a sole proprietorship by an individual developer.

3. Personal Data We Collect

3.1 Waitlist Registration

When you join our waitlist, we collect:

• Email address
• Date and time of registration

3.2 App Usage Data (Future)

When our mobile app launches, we may collect:

• Account information (name, email, profile picture)
• Pizza baking logs and recipes you create
• Photos you upload
• Location data (only if you choose to log restaurant locations)
• Device information and usage analytics

3.3 Automatically Collected Data

We automatically collect:

• IP address
• Browser type and version
• Device type
• Pages visited and time spent on our website

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you join our waitlist, you provide explicit consent for us to process your email address to notify you about our app launch.
• Legitimate Interests: We process usage data to improve our Services and prevent fraud.
• Contract Performance: When you use our app, we process data necessary to provide the Services you've requested.

5. How We Use Your Data

We use your personal data to:

• Send you updates about our app launch and product news (waitlist only)
• Provide and maintain our Services
• Improve and optimize our Services
• Respond to your inquiries and support requests
• Detect and prevent fraud or abuse
• Comply with legal obligations

6. Data Sharing and Disclosure

We do not sell your personal data. We may share your data with:

6.1 Service Providers

• MailerLite: Email marketing service provider for managing waitlist subscribers and sending marketing communications
• Vercel: Hosting and infrastructure provider

6.2 Legal Requirements

We may disclose your data if required by law or to protect our rights, property, or safety.

7. International Data Transfers

Your data may be transferred to and processed in countries outside the UK and European Economic Area (EEA), including the United States. We ensure appropriate safeguards are in place:

• Service providers are contractually obligated to protect your data
• Transfers comply with UK GDPR and EU GDPR requirements
• We use Standard Contractual Clauses where applicable

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

• Waitlist data: Until you unsubscribe or request deletion, or until 12 months after our app launch
• App data: For the duration of your account, plus 30 days after account deletion
• Analytics data: Aggregated data may be retained indefinitely in anonymized form

9. Your Rights

Under UK GDPR and EU GDPR, you have the following rights:

• Right of Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (e.g., unsubscribe from emails)

To exercise any of these rights, contact us at hello@bruno.pizza. We will respond within 30 days.

10. Cookies and Tracking

Our website currently uses minimal cookies:

• Essential cookies: Required for basic website functionality
• Analytics cookies: We use Vercel Analytics to understand how visitors use our site (anonymized data)

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

11. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

• Encryption of data in transit (HTTPS/TLS)
• Secure authentication mechanisms
• Regular security assessments
• Access controls and staff training

However, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security.

12. Children's Privacy

Our Services are not directed to children under 16. We do not knowingly collect personal data from children. If you believe we have collected data from a child, contact us immediately at hello@bruno.pizza.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending an email notification to waitlist subscribers (for significant changes)

Your continued use of our Services after changes constitutes acceptance of the updated policy.

14. Supervisory Authority

If you are located in the UK or EU and have concerns about our data practices, you have the right to lodge a complaint with your local supervisory authority:

• UK: Information Commissioner's Office (ICO) - ico.org.uk
• EU: Your local Data Protection Authority

15. Contact Us

If you have questions about this Privacy Policy or our data practices, you can contact the developer:

As a sole proprietorship, all inquiries are handled directly by the individual developer.