Privacy notice

1. Controller identity and contact

Forky is responsible for the personal data it collects through forky.rest, its applications, forms, communications, and services related to collaborative restaurant menu management.

For privacy questions or rights requests, contact privacidad@forky.rest. This is the primary contact channel for data subjects.

2. Personal data we may collect

We may collect identification and contact data such as name, email, phone number, organization, restaurant, branch, and team role.

We also process access and operational data, including encrypted credentials, session identifiers, IP address, activity logs, change history, files, images, and user-uploaded platform content.

If users sign in with Google, we may receive the name, email, account identifier, and basic profile data authorized through Google.

3. Processing purposes

We use personal data to create and manage accounts, authenticate users, provide the contracted service, manage restaurants, branches and menus, keep version history, enable collaboration, and provide support.

We may also process data for security, abuse prevention, audits, legal compliance, billing, payment administration, operational notices, and product improvement.

As a secondary purpose, we may send commercial communications, service updates, or feature invitations. Users may object by writing to privacidad@forky.rest or using available unsubscribe mechanisms.

4. Consent and limitation of use

By creating an account, using the site, or providing information, the data subject accepts the processing described in this notice, unless they object where permitted by applicable law.

The data subject may limit the use or disclosure of their data for secondary purposes by contacting privacidad@forky.rest.

5. Transfers and processors

We may share data with providers that help us operate the service, including cloud infrastructure, authentication, storage, analytics, transactional email, support, payment processing, and technical repositories.

These providers act as processors or necessary third parties and must process information under instructions, confidentiality obligations, and security measures.

We do not sell personal data. We will transfer data without consent only where a legal provision allows it or a competent authority requires it.

6. ARCO rights and consent withdrawal

Data subjects may exercise access, rectification, cancellation, and opposition rights, and may withdraw consent, by sending a request to privacidad@forky.rest.

Requests should include name, account email, a clear description of the right being exercised, and any information that helps locate the data. We may request additional information to verify identity.

We will respond under the timelines and procedures of Mexico's Federal Law on Protection of Personal Data Held by Private Parties and other applicable provisions.

7. Retention and security

We retain data for as long as necessary to provide the service, comply with legal obligations, resolve disputes, maintain backups, prevent fraud, and document operations.

We apply reasonable administrative, technical, and physical measures to protect data against damage, loss, alteration, destruction, unauthorized use, access, or processing.

8. Cookies and similar technologies

We may use cookies, local storage, and analytics tools to remember sessions, keep preferences, measure site usage, improve performance, and protect the platform.

Users may manage cookies through browser settings, although disabling them may affect service functionality.

9. Changes to this notice

We may update this notice to reflect legal, operational, or service changes. Updates will be published on this page and, where materially necessary, notified through reasonable means.