Privacy Policy
Last updated: 1 July 2026
Who we are
We operate Reforno — an analytics and intelligence tool that helps independent pizza shop owners understand their business. The platform connects to your existing point-of-sale data via CSV import, lets you track sales by channel, analyse menu profitability, manage supplier invoices, and ask plain-English questions about your numbers using AI.
For privacy enquiries, contact us at: privacy@netto.com.au
We are committed to handling all personal information in line with the Australian Privacy Act 1988 and its Australian Privacy Principles (APPs). Where our platform is accessed by anyone in the European Union, we also comply with the General Data Protection Regulation (GDPR).
What this policy covers — and what it does not
This policy covers information we collect and handle as the operator of this platform.
When you upload your sales data or customer transaction records, you are sharing information about your own customers — their names, phone numbers, and order details. In that situation:
- You (the shop owner) are responsible for your customers' data. You are their data controller.
- We store and process that data only on your instructions, to provide you with analytics.
- Your customers who want to access, correct, or delete their information should contact you directly.
We require all shop owners to have a lawful reason for uploading their customers' data and to have informed their customers that their information may be processed by business analytics tools.
What information we collect
Your account information
When you sign up, we collect your name and email address. We use this to create your account, send you important service updates, and let you log in securely.
Your shop's sales data
When you upload a CSV export from your POS system, we process:
- Transaction records: date, customer name (partial), customer phone number, payment method, order amount, GST component, delivery channel, and collection type
- Item sales summaries: item name, size, quantities sold, revenue per item
- Channel summaries: revenue by sales channel
This data is uploaded by you and is used only to generate analytics and reports for your shop.
Staff and labour data
Shift dates and times, number of staff on shift, hourly rates, and total labour cost — entered manually by you for wage-vs-revenue analysis.
Supplier and invoice data
Supplier names, contact details, invoice amounts, and line items. When you paste a supplier invoice as text, our AI extracts the line items on your behalf.
Bank transaction data
Transaction dates, bank narration descriptions, amounts, and categories — uploaded as a CSV from your business bank account.
Menu data
Item names, categories, sizes, and prices. This is business information, not personal information about individuals.
Technical data
When you use the platform, we automatically collect standard technical information including your IP address, browser type, and usage logs. We use this only to keep the service secure and working correctly. We do not use it for advertising or sell it to anyone.
AI chat queries
When you ask the AI assistant a question, we process your question and retrieve relevant data from your account to generate an answer. These interactions are logged for up to 30 days for troubleshooting purposes, then deleted.
How we use your information
We use your information only to:
- Provide, maintain, and improve the platform
- Generate reports and analytics that answer your business questions
- Process supplier invoice data you paste into the system
- Send you important account notices (password resets, security alerts) and onboarding emails to help you get set up during your trial period
- Respond to your support requests
We do not:
- Sell your data to anyone, ever
- Use your data to advertise to you or your customers
- Share your data with other pizza shops or competitors
- Use your customers' transaction data to build profiles on those individuals
- Train AI models on your personal data
Who we share your information with
We share your information only with the service providers who help us run the platform. We require all of them to protect your data and use it only to provide us with specific services.
Supabase
All data is held in Supabase's secure database infrastructure, located in Singapore. Supabase provides our database, user authentication, and server-side processing.
Anthropic
Our AI assistant is powered by Anthropic's Claude API. Only aggregated business summaries are sent to Anthropic to generate answers — never customer names or phone numbers, never raw invoice text. Anthropic does not receive any personally identifiable information about your customers.
Vercel
Our platform is hosted on Vercel's infrastructure. Vercel processes web requests, serves the application, and collects performance and usage telemetry through Vercel Analytics and Speed Insights. Standard technical data may include IP address, browser, device, page URL, request logs, and timing data. We use this to keep the platform reliable and diagnose performance issues, not for advertising.
Stripe
If you subscribe to a paid plan, your payment is processed by Stripe. We do not store your card details. Stripe's privacy policy governs how they handle your payment information.
Resend (email delivery)
We use Resend to send transactional and onboarding emails to shop owners during the trial period. Your email address is shared with Resend solely for the purpose of delivering these emails. Resend is based in the United States. We have reviewed Resend's data processing terms and require them to handle your information in accordance with applicable privacy law.
We do not sell data to advertisers, data brokers, or any third party for commercial purposes.
Data retention
- Account data: Held while your account is active and deleted within 90 days of cancellation, unless we are legally required to keep it longer.
- Business transaction and invoice data: Retained for 7 years to comply with Australian tax record-keeping requirements (Tax Administration Act 1953).
- AI chat logs: Deleted after 30 days.
- Email log records (which emails were sent to which address and when) are retained for 12 months after your trial ends or your account is closed, whichever comes first, then deleted.
- Technical logs: Retained for up to 90 days, then deleted.
If your account is inactive for 2 years, we will contact you before deleting it. You can export all your data before closure.
How we protect your information
- Encryption in transit: All data between your browser and our servers uses TLS encryption (HTTPS)
- Encryption at rest: Your data is encrypted in the database
- Row-level security: Our database is configured so that each shop owner can only ever see their own data — it is technically impossible for one shop's data to appear in another shop's account
- Restricted access: The platform uses only a restricted database key in all client code. Admin-level access is reserved for secured server-side functions only
- No passwords stored in plain text: Authentication is managed by Supabase Auth using industry-standard hashing
- No card data stored: We never store payment card numbers
If we become aware of a data breach that is likely to cause serious harm, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals as required under the Notifiable Data Breaches scheme — within 30 days of becoming aware.
Artificial intelligence and automated processing
The platform uses AI powered by Anthropic's Claude to answer plain-English questions about your business data. This AI:
- Does not make any decisions about you or your customers that have legal or significant practical effects
- Does not automatically take any action on your behalf — all outputs are for your information only
- Is not used to profile or score your end customers as individuals
- Answers questions using aggregated summaries rather than individual-level customer records where possible
You can always ask us to explain how the AI arrived at a particular answer. Contact us at privacy@netto.com.au.
Your privacy rights
If you are the shop owner
You have the following rights in relation to the information we hold about you:
- Right to access: You can ask us what personal information we hold about you. We will respond within 30 days.
- Right to correction: If any information we hold is wrong, you can ask us to correct it within 30 days.
- Right to deletion: You can ask us to delete your personal information. We will do so unless we are legally required to keep it.
- Right to de-identification: Where full deletion is not practicable, you can ask us to de-identify your information.
- Right to complain: You can complain to the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au or call 1300 363 992.
To exercise any of these rights, email privacy@netto.com.au with the subject line “Privacy Rights Request”. We will respond within 30 days and may need to verify your identity before actioning your request.
If you are a customer of a pizza shop that uses Reforno
Your personal information was collected by the pizza shop when you placed your order, not by us directly. To access, correct, or delete your information, please contact the pizza shop directly.
Cookies and tracking
The platform uses only essential cookies required for you to log in and stay logged in securely. We do not use advertising cookies, third-party tracking pixels, or analytics services that share your data with ad networks.
Children's privacy
This platform is designed for use by adult business owners and their staff. We do not knowingly collect personal information from anyone under 18 years of age. If you believe a minor has provided us with personal information, please contact us and we will delete it promptly.
Changes to this policy
If we make material changes to this policy, we will notify you by email at least 14 days before the change takes effect. The “last updated” date at the top of this page will always show when the policy was most recently revised. Continued use of the platform after notification constitutes acceptance of the updated policy.
Contact us
For any privacy questions, requests, or complaints:
Email: privacy@netto.com.au
We aim to respond to all privacy enquiries within 10 business days.
If you are not satisfied with our response, you can contact the Office of the Australian Information Commissioner (OAIC):
- Website: www.oaic.gov.au
- Phone: 1300 363 992
- Post: GPO Box 5218, Sydney NSW 2001
← Back to Reforno