← menus.kitchen

Privacy Policy

Last updated: July 4, 2026

1. Who we are

Menus provides restaurant owners with a hosted menu page and optional AI-powered order management. If you have any questions about this policy, contact us at hello@menus.kitchen.

2. What we collect

3. How we use it

4. Staff app & location data

The Menus Staff app (Android) is a companion app for restaurant staff who already have an account. It does not sell anything and contains no payments — all registration and billing happen on this website.

Location collection: When a delivery driver marks an order as picked up, the app collects the device's precise location (GPS) so the customer can see the driver's live position on a map while the delivery is in progress. Collection runs in a foreground service with a persistent notification so the driver always knows it is active. Location collection starts only when an order is picked up and stops automatically the moment the order is marked delivered — no location is collected before pickup or after delivery. The driver must grant the location permission and accept an in-app disclosure before any location is collected.

How it is used: The latest position is sent to our server and shown only to the customer tracking that specific order and to the restaurant. We do not build a location history profile, and we do not use driver location for advertising. We do not sell location data to any third party.

5. Payments, AI & third-party services

We rely on a small number of trusted providers to run the service. We never sell your data to anyone. The providers we use are:

6. Cookies & analytics

We use a locale cookie to remember your language preference and session cookies that are required to keep you logged in. To understand how menu pages are used we run Matomo, a privacy-focused analytics tool we host ourselves on our own infrastructure — your visit data is not shared with a third-party advertising network. We do not use advertising or cross-site tracking cookies. If you are in the EU/EEA and your local law requires it, you can opt out of analytics.

7. Data retention

We keep your data for as long as your account is active. If you close your account, your restaurant data and images are deleted within 30 days. Customer and order records are retained while needed to operate the restaurant and meet legal or tax obligations, then deleted or anonymised. Billing records may be retained for the period required by law. Server access logs are retained for up to 90 days.

8. Your rights

You can request a copy of your data, ask us to correct it, or ask us to delete it at any time by emailing hello@menus.kitchen. If you are in the EU/EEA, you also have the right to lodge a complaint with your national data protection authority.

9. Security

Passwords are hashed (bcrypt). All traffic is encrypted via HTTPS. Images are stored on Cloudflare R2 with access-controlled credentials. No system is 100% secure — if you discover a vulnerability, please contact us immediately.

10. Changes

If we make material changes to this policy, we will notify account holders by email at least 7 days before the change takes effect.

🌍

Choose your language

Select your preferred language to continue.

🇪🇸 Español 🇬🇧 English 🇫🇷 Français 🇩🇪 Deutsch 🇧🇷 Português