Controller
Art. 4(7) GDPR- Name
- Andreas Armanious
- Address
- Augasse 54, 8051 Graz, Austria
- hello@yield-chef.at
Privacy & GDPR
Privacy Policy
Information on the processing of personal data under Articles 13 and 14 GDPR and on storage/access technologies under Article 5(3) ePrivacy Directive.
Last updated: February 26, 2026
1. Processing when visiting this website
Art. 6(1)(f) GDPRWhen you access this website, hosting infrastructure processes technical access data (for example IP address, timestamp, URL, user agent, and referrer) as needed to deliver and secure the service.
- Purpose: stable service delivery, troubleshooting, abuse prevention, and security
- Data categories: log and connection data
- Legal basis: legitimate interests in secure and reliable website operation
2. Demo request form
Art. 6(1)(b) and 6(1)(f) GDPRWhen you submit a demo request, we process your input to provide the requested demo flow and to respond to your inquiry.
- Data categories: name (optional), email, phone (optional), message, event preset, consent status
- Recipients: yield-chef backend API for lead creation and Google Gemini API for structured inquiry extraction
- No marketing messaging without separate opt-in
3. Pricing waitlist
Art. 6(1)(a) GDPRWhen you join the waitlist, your email is processed to send product and availability updates.
- Data categories: email, locale (de/en), source, consent status
- Recipients: Brevo (contact list provider)
- Withdrawal: you can withdraw consent at any time with effect for the future
4. Pilot onboarding and setup help
Art. 6(1)(b) GDPRWithin pilot onboarding, we process only the data required to set up, validate, and support the pilot you requested.
- Data categories: business profile details, contact email, service area, menu/rules content, and diagnostics data
- Purpose: workspace setup, sandbox checks, troubleshooting, and support
5. Recipients and processors
Art. 28 GDPR- Vercel: hosting and infrastructure
- Brevo: waitlist contact management
- yield-chef backend API: demo and pilot request processing
- Google Gemini API: structured extraction of inquiry content
6. International data transfers
Arts. 44-49 GDPR- Some processors may process data outside the EEA
- We rely on appropriate safeguards, in particular EU Standard Contractual Clauses and contractual protection measures
- Further details on the safeguards in use are available on request
7. Cookies and local storage
Art. 5(3) ePrivacy Directive, Art. 6(1)(f) GDPR- Technically required cookie: `yield_chef_demo_token` (HttpOnly, max 30 minutes) to map demo status
- Browser local storage: theme preference and demo token state for status tracking
- Optional measurement (Vercel Analytics/Speed Insights) is activated only after explicit consent
- You can change or withdraw consent at any time via "Cookie settings" in the footer
8. Retention
Art. 5(1)(e) GDPR- Personal data is stored only as long as necessary for the respective purpose
- Demo request data is typically deleted or anonymized within 12 months after the last relevant activity
- Consent-based processing (for example waitlist data) continues until withdrawal or purpose completion
- Mandatory statutory retention obligations remain unaffected
9. Your rights
Arts. 15-21 GDPR- Access to your personal data
- Rectification of inaccurate data
- Erasure or restriction of processing
- Data portability
- Objection to processing based on legitimate interests
- Withdrawal of consent with effect for the future
Right to lodge a complaint
If you believe your data is processed unlawfully, you can lodge a complaint with a supervisory authority in your EU/EEA member state.
EU/EEA supervisory authorities directory (EDPB)This privacy policy is updated whenever processing activities, service providers, or legal grounds change.