Legal
Privacy Policy
Last updated: May 18, 2026
1. Who we are
Menu Craft ("we", "us", "our") provides software for restaurants to publish a digital menu accessed by diners via QR code. This policy explains what data we collect when you use menucraft.co and the Menu Craft service, and what we do with it.
2. What we collect
Account information. When you sign up, we collect your name, email address, and restaurant name. If you sign in with Google, we receive your email and basic profile from Google.
Menu content. The dishes, prices, descriptions, photos, and any other content you upload to Menu Craft.
Billing information. Payments are processed by Stripe. We never store your card number; we keep a reference to your Stripe customer and subscription.
Diner usage data. When a diner views a menu we record anonymous view and search events so the owner can see what diners are looking for. No personal data about the diner is collected.
Logs & cookies. Standard server logs (IP address, user agent), and the minimum cookies needed to keep you signed in.
3. How we use it
- To provide and operate the service.
- To process payments and manage your subscription.
- To send transactional emails (sign-in, billing, important notices).
- To improve the product, fix bugs, and prevent abuse.
We do not sell your personal data, and we do not use diner search data for advertising.
4. Sub-processors
We rely on a small set of trusted vendors to run the service:
- Supabase (database, authentication, file storage)
- Cloudflare (hosting, edge runtime)
- Stripe (payments)
- Google (optional sign-in)
- OpenAI / Google Gemini (menu extraction & AI features)
5. Data retention
We keep your account data for as long as your account is active. If you delete your restaurant, your menu data is deleted within 30 days. Billing records are retained as required by law.
6. Your rights
You can access, export, or delete your data at any time from the dashboard, or by emailing us. If you are in the EU/UK, you have additional rights under GDPR including the right to object and the right to lodge a complaint with your data protection authority.
7. Security
Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted and logged. No system is perfect — please report any suspected vulnerability to hello@menucraft.co.
8. Children
Menu Craft is not directed at children under 16, and we do not knowingly collect data from them.
9. Changes
If we make material changes we'll notify you by email or in-app at least 30 days before they take effect.
10. Contact
Questions? Email hello@menucraft.co.

