Trust & Security
How we protect your restaurant data
This page is maintained by the GetKanzu team to answer common security and privacy questions about GetKanzu. It describes the controls currently enabled in the product. It is not a third-party certification or independent audit.
Access & authentication
Sign-in is handled by our authentication provider with email and password and optional Google sign-in. Sessions use signed, expiring tokens; passwords are never visible to the GetKanzu team.
Inside the app, owners invite team members by email and assign roles. Managers can be scoped to specific locations and granular permissions, so each person only sees data for the locations and actions they are authorised for.
Data isolation
Every restaurant group's data — bills, ingredients, recipes, deals, compliance records — is isolated at the database level by group and location. Row-level security policies enforce that users can only read or modify records belonging to a group they are a member of, or a location they have been assigned to.
Role assignments are also constrained at the database layer so that owners cannot grant themselves or others elevated platform-level privileges through the application.
Hosting & platform
GetKanzu runs on Lovable Cloud, which provides managed database, authentication, file storage, and serverless function hosting. Traffic between your browser and GetKanzu is served over HTTPS, and data at rest is encrypted by the underlying managed services.
Responsibilities are shared: Lovable Cloud operates the underlying infrastructure, and the GetKanzu team is responsible for the application logic, access policies, and customer-facing configuration described on this page.
Subprocessors & integrations
We use a small number of vendors to operate the service: Lovable Cloud for hosting, database, auth, and file storage; an AI provider for bill extraction and assistant features; and an email delivery provider for transactional and notification emails. We only share the data needed for those features (for example, an uploaded bill image is sent to the extraction model).
Optional integrations (such as point-of-sale connections) are only activated when you explicitly enable them for a location.
Data you upload, retention & deletion
You own your data. Bills, ingredients, recipes, and reports stay in your account for as long as you keep your group active. You can delete individual bills and records from inside the app, and you can export data such as bills, ingredients, and price history to CSV.
If you cancel, you keep access until the end of the billing period and your data remains exportable. To request full deletion of a group's data, contact us using the address below.
Reporting a security or privacy issue
If you believe you have found a security vulnerability, a privacy issue, or want to make a data request (access, correction, or deletion), please email security@getkanzu.com. Please include enough detail for us to reproduce the issue and avoid accessing any data that is not your own while you investigate.
Last updated July 2026. This page will be revised as the product and our practices evolve.