Privacy Policy

Last updated: May 31, 2026

This Privacy Policy explains what information we collect from you when you use Menui, how we use it, and what rights you have over your data. We aim to collect the minimum necessary to run the service.

1. Information We Collect

Account information

  • Name — to personalize your dashboard
  • Email address — for login, account recovery, and important service notifications
  • Password — stored as a one-way hashed value; we never see your actual password

Restaurant content

  • Restaurant names, logos, brand colors, languages
  • Menu categories and items (names, descriptions, prices, photos)
  • QR code scan counts (aggregated, no individual visitor tracking)

Payment information

  • We do not store credit card numbers on our servers
  • Payments are processed by our payment provider (Paddle), who handles all card data securely
  • We store only the metadata needed for billing: subscription plan, status, renewal date, and transaction IDs

Technical information

  • IP address (used for security and abuse prevention only, not for tracking)
  • Browser type and device information (for compatibility)
  • Basic page-view counts (no third-party analytics tracking individual users)

2. How We Use Your Information

We use your data to:

  • Provide the service — host your menus, generate QR codes, deliver images
  • Authenticate you when you log in
  • Process payments and renewals for paid plans
  • Send important service messages (password resets, billing notifications, security alerts)
  • Respond to support requests you send us
  • Prevent abuse, fraud, and violations of our Terms of Service

We do not use your data for advertising, sell it to third parties, or profile you for marketing purposes.

3. Where Your Data Is Stored

Your data is stored with the following providers:

  • Database — PostgreSQL hosted by Render (Frankfurt, EU region)
  • Images — Amazon S3 (AWS) buckets
  • Payments — Paddle (acts as merchant of record for transactions)

We choose providers that maintain industry-standard security practices and compliance with applicable regulations.

4. Cookies and Local Storage

We use only essential storage:

  • Authentication token — stored in your browser's localStorage so you stay logged in
  • Language preference — stored to remember your selected interface language

We do not use third-party tracking cookies, advertising pixels, or analytics scripts that profile individual users.

5. Public Menus

When you publish a menu, the content (restaurant name, logo, categories, items, prices, images) becomes publicly accessible at a URL you can share — typically via QR code. This is the entire purpose of the platform. Do not upload anything you wish to keep private.

We do not track or profile customers who scan your QR codes. We only count aggregate scans per restaurant to show you basic analytics.

6. Sharing Your Information

We do not sell or rent your data. We share information with third parties only when:

  • You ask us to — e.g. when you publish your menu, the content becomes public
  • It's required to run the service — e.g. AWS hosts your images, Paddle processes your payments. These providers act under contracts that limit their use of your data
  • The law requires it — we will comply with valid legal requests (court orders, subpoenas)

7. Your Rights

You have the right to:

  • Access — request a copy of the data we hold about you
  • Correct — update inaccurate information directly from your account settings, or by emailing us
  • Delete — delete your account at any time, which removes your data within 30 days
  • Export — request your data in a portable format (JSON)
  • Withdraw consent — stop using the service at any time

To exercise any of these rights, email us at support@menui.app. We respond within 30 days.

8. Data Retention

  • Active accounts — we keep your data for as long as your account is active
  • Deleted accounts — all of your data (restaurants, menus, images) is permanently removed within 30 days of deletion
  • Billing records — we may retain transaction records for up to 7 years as required by tax and accounting laws, even after account deletion
  • Backups — recent database backups may contain copies of your data for up to 30 additional days, after which they are overwritten

9. Children's Privacy

Menui is not intended for use by anyone under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has created an account, contact us and we will delete it.

10. Security

We use industry-standard security practices to protect your data:

  • All traffic is encrypted in transit using HTTPS/TLS
  • Passwords are hashed with bcrypt before being stored
  • Database access is restricted to our backend only
  • Image uploads are validated and processed server-side to prevent abuse

No system is 100% secure. If we detect a breach affecting your data, we will notify you promptly.

11. International Users

By using Menui, you understand that your data may be transferred to and processed in countries other than your own. Our hosting providers (Render, AWS, Paddle) operate in multiple regions worldwide.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes (such as collecting new types of data), we will notify you by email at least 14 days before the changes take effect.

13. Contact

For any questions, concerns, or requests about your privacy, email us at support@menui.app. We aim to respond within 1–2 business days.

Related

Terms of ServiceRefund PolicyPricing