Legal

Privacy Policy

Last updated: May 18, 2026

1. Who we are

Menu Craft ("we", "us", "our") provides software for restaurants to publish a digital menu accessed by diners via QR code. This policy explains what data we collect when you use menucraft.co and the Menu Craft service, and what we do with it.

2. What we collect

Account information. When you sign up, we collect your name, email address, and restaurant name. If you sign in with Google, we receive your email and basic profile from Google.

Menu content. The dishes, prices, descriptions, photos, and any other content you upload to Menu Craft.

Billing information. Payments are processed by Stripe. We never store your card number; we keep a reference to your Stripe customer and subscription.

Diner usage data. When a diner views a menu we record anonymous view and search events so the owner can see what diners are looking for. No personal data about the diner is collected.

Logs & cookies. Standard server logs (IP address, user agent), and the minimum cookies needed to keep you signed in.

3. How we use it

  • To provide and operate the service.
  • To process payments and manage your subscription.
  • To send transactional emails (sign-in, billing, important notices).
  • To improve the product, fix bugs, and prevent abuse.

We do not sell your personal data, and we do not use diner search data for advertising.

4. Sub-processors

We rely on a small set of trusted vendors to run the service:

  • Supabase (database, authentication, file storage)
  • Cloudflare (hosting, edge runtime)
  • Stripe (payments)
  • Google (optional sign-in)
  • OpenAI / Google Gemini (menu extraction & AI features)

5. Data retention

We keep your account data for as long as your account is active. If you delete your restaurant, your menu data is deleted within 30 days. Billing records are retained as required by law.

6. Your rights

You can access, export, or delete your data at any time from the dashboard, or by emailing us. If you are in the EU/UK, you have additional rights under GDPR including the right to object and the right to lodge a complaint with your data protection authority.

7. Security

Data is encrypted in transit (TLS) and at rest. Access to production systems is restricted and logged. No system is perfect — please report any suspected vulnerability to hello@menucraft.co.

8. Children

Menu Craft is not directed at children under 16, and we do not knowingly collect data from them.

9. Changes

If we make material changes we'll notify you by email or in-app at least 30 days before they take effect.

10. Contact

Questions? Email hello@menucraft.co.