Privacy policy and data protection

1. Information We Collect

We collect information you provide when you create an account, use our services, or communicate with us.

This includes restaurant details, menu content, payment information, and customer feedback.

Restaurant name, address, and contact details
Owner account email and hashed password
Menu items, categories, prices, and allergen information
Payment billing details (processed via Stripe - we do not store card numbers)
Usage analytics: page views, scan counts, session duration
Support correspondence and feedback submissions

2. How We Use Your Information

We use your data to operate, maintain, and improve Menuté, process transactions, send updates, respond to requests, and analyze usage trends.

Deliver and operate the digital menu platform
Process subscription payments and send receipts
Send transactional emails: account verification, password reset, billing notices
Analyze aggregate usage trends to improve platform features
Respond to support requests and bug reports
Comply with legal obligations under Romanian and EU law

3. Data Storage and Security

Data is stored securely using Supabase with enterprise-grade encryption and SSL/TLS for data in transit.

All data stored in EU-based data centers (Frankfurt region)
Encryption at rest using AES-256
Encryption in transit via TLS 1.2 or higher
Row Level Security (RLS) ensures each restaurant accesses only its own data
Supabase infrastructure meets SOC 2 Type II standards
Access logs retained for 90 days for security auditing

4. Data Sharing

We do not sell personal information. Data is shared only with service providers, when required by law, or to prevent fraud.

5. Cookies and Tracking

We use cookies and similar technologies to remember preferences and analyze usage. You can disable cookies in your browser.

6. Your Rights

You may access, correct, delete, or export your data and withdraw consent at any time. Under GDPR, EEA residents have the following rights:

Right of access - request a copy of all data we hold about you
Right to rectification - correct inaccurate or incomplete data
Right to erasure - request deletion of your account and all associated data
Right to portability - export your menu content and account data in JSON format
Right to restrict processing - limit how we use your data
Right to object - opt out of analytics and non-essential processing
Right to lodge a complaint with the Romanian National Supervisory Authority (ANSPDCP)

7. GDPR Compliance

European Economic Area users have GDPR rights and we provide mechanisms to exercise those rights.

8. Children's Privacy

The Service is not intended for children under 18 and we do not knowingly collect their data.

9. Changes to This Policy

We may update this policy and will update the "Last updated" date when changes are published.

10. Contact Us

If you have questions about this policy, contact us:

Email: [email protected]

Privacy frequently asked questions

What personal data does Menute collect?

Menute only collects data necessary for platform operation: restaurant name, owner email address, menu items, and configuration preferences. We do not collect personal data from customers who scan QR menus.

How does Menute protect restaurant data?

All data is stored in EU data centers with encryption in transit and at rest. We use Supabase as our backend infrastructure, which meets SOC 2 Type II and GDPR standards. Data access is restricted through Row Level Security.

Can I request deletion of my data from Menute?

Yes, under GDPR you have the right to data deletion. Contact us at [email protected] and we will process your request within 30 days. All data associated with your account, including menus and configurations, will be permanently deleted.

We protect your data according to GDPR. Learn more about our software testing partners and our POS integrations.

Menute is operated by BetterQA, a software testing company based in Cluj-Napoca, Romania.

Privacy Policy