← menus.kitchen
Privacy Policy
Last updated: July 4, 2026
1. Who we are
Menus provides restaurant owners with a hosted menu page and optional AI-powered order management. If you have any questions about this policy, contact us at hello@menus.kitchen.
2. What we collect
- Account data — name, email address, and password when you create an owner account.
- Restaurant data — restaurant name, address, WhatsApp number, menu content, and brand colours you provide.
- Images — photos you upload or link to for menu items. These are stored on Cloudflare R2.
- Customer & order data — when a diner places an order through a restaurant, we collect the details needed to fulfil it: name, phone number, optional email, delivery address, and any order notes, along with the items ordered. If a restaurant uses loyalty or repeat-ordering features, a basic customer record is kept so returning customers can be recognised.
- Delivery location — for delivery orders we may geocode the delivery address (turn it into map coordinates), and, where a driver uses the Menus Staff app, the driver's live location during an active delivery (see section 4).
- Payment & billing data — for paid plans we store your subscription plan, status, and billing identifiers. Card details are entered directly with our payment processor, Stripe; we never see or store full card numbers.
- Visitor & analytics data — when someone views a menu page we log standard server access data (IP address, browser type, page visited) and record aggregate visit statistics using our self-hosted analytics (Matomo, see section 7). We do not use third-party advertising trackers.
- Lead data — if you submit the homepage sign-up form before registering, we store your name, email, and city.
3. How we use it
- To provide and operate your restaurant page, ordering, and dashboard.
- To process and fulfil customer orders and deliveries, including notifying the restaurant and driver.
- To send order notifications to your WhatsApp number (on plans that include AI order management).
- To take payment for paid subscriptions via our payment processor.
- To contact you about your account or our service.
- To improve the product based on aggregate, anonymised usage patterns.
4. Staff app & location data
The Menus Staff app (Android) is a companion app for restaurant staff who already have an account. It does not sell anything and contains no payments — all registration and billing happen on this website.
Location collection: When a delivery driver marks an order as picked up, the app collects the device's precise location (GPS) so the customer can see the driver's live position on a map while the delivery is in progress. Collection runs in a foreground service with a persistent notification so the driver always knows it is active. Location collection starts only when an order is picked up and stops automatically the moment the order is marked delivered — no location is collected before pickup or after delivery. The driver must grant the location permission and accept an in-app disclosure before any location is collected.
How it is used: The latest position is sent to our server and shown only to the customer tracking that specific order and to the restaurant. We do not build a location history profile, and we do not use driver location for advertising. We do not sell location data to any third party.
5. Payments, AI & third-party services
We rely on a small number of trusted providers to run the service. We never sell your data to anyone. The providers we use are:
- Payments — Stripe. Subscription payments are processed by Stripe. Your card details are handled directly by Stripe under their own privacy policy; we receive only your plan, status, and billing identifiers.
- Messaging & AI. On plans with AI order management, orders and customer messages are handled via the WhatsApp Business API, and message content is processed by AI providers (Anthropic and Groq) to generate responses. Content is sent only to generate replies and is not used by us to train models or for advertising.
- Address geocoding — Google. Delivery and restaurant addresses may be sent to the Google Places API to convert them into map coordinates.
- Email. Transactional emails (verification, account notices) are sent through our email providers (Postmark, Resend, or Amazon SES).
- Infrastructure & images — Cloudflare. We use Cloudflare for infrastructure, security, and image hosting (R2).
- Optional ordering platforms. If a restaurant chooses to connect a point-of-sale or delivery platform (such as Square, HubRise, Deliveroo, Uber Eats, or Wolt), order and menu data is shared with that platform to keep orders in sync. These connections are made by the restaurant and can be disconnected at any time.
6. Cookies & analytics
We use a locale cookie to remember your language preference and session cookies that are required to keep you logged in. To understand how menu pages are used we run Matomo, a privacy-focused analytics tool we host ourselves on our own infrastructure — your visit data is not shared with a third-party advertising network. We do not use advertising or cross-site tracking cookies. If you are in the EU/EEA and your local law requires it, you can opt out of analytics.
7. Data retention
We keep your data for as long as your account is active. If you close your account, your restaurant data and images are deleted within 30 days. Customer and order records are retained while needed to operate the restaurant and meet legal or tax obligations, then deleted or anonymised. Billing records may be retained for the period required by law. Server access logs are retained for up to 90 days.
8. Your rights
You can request a copy of your data, ask us to correct it, or ask us to delete it at any time by emailing hello@menus.kitchen. If you are in the EU/EEA, you also have the right to lodge a complaint with your national data protection authority.
9. Security
Passwords are hashed (bcrypt). All traffic is encrypted via HTTPS. Images are stored on Cloudflare R2 with access-controlled credentials. No system is 100% secure — if you discover a vulnerability, please contact us immediately.
10. Changes
If we make material changes to this policy, we will notify account holders by email at least 7 days before the change takes effect.