Privacy Policy

We collect information in the following ways:

Information you provide directly

• Account information: Name, email address, and password when you register
• Restaurant information: Restaurant name, cuisine type, location, and contact details
• Menu content: Menu item names, descriptions, prices, categories, and photos
• Payment information: Billing details processed securely via Stripe (we do not store card numbers)
• Communications: Messages you send us via email or contact forms

Information collected automatically

• Usage data: Pages visited, features used, actions taken within the dashboard
• Menu scan data: When customers scan your QR codes — scan time, device type (mobile/desktop), and approximate location (country/city level)
• Device and browser information: IP address, browser type, operating system
• Cookies and similar technologies: Session tokens and authentication cookies required to keep you logged in

We use the information we collect to:

• Create and manage your MenuQR account
• Provide, operate, and improve the Service
• Process payments and send billing-related communications
• Power analytics features so you can see how your menu is performing
• Generate AI-powered menu descriptions using OpenAI (menu text is sent to OpenAI for processing)
• Send product updates, feature announcements, and important service notices
• Respond to your support requests and inquiries
• Detect, investigate, and prevent fraudulent or unauthorized activity
• Comply with legal obligations

We will not sell your personal information to third parties. We do not use your menu content to train AI models without your explicit consent.

We share your information only in the following limited circumstances:

• Service providers: We use trusted third-party providers to operate the Service, including Supabase (database and authentication), Stripe (payments), OpenAI (AI features), Hostinger (hosting), and Sentry (error monitoring). These providers access your data only as needed to perform services on our behalf and are bound by confidentiality obligations.
• Legal requirements: We may disclose information if required by law, court order, or government authority.
• Business transfers: If MenuQR is acquired or merges with another company, your information may be transferred as part of that transaction. We will notify you of any such change.
• With your consent: We may share information for any other purpose with your explicit consent.

Public menus: When you publish a menu, its content (item names, prices, descriptions, photos) is publicly accessible to anyone with your menu link or QR code. This is the intended functionality of the Service.

When customers scan a restaurant's QR code and view a public menu, we collect limited analytics data on behalf of the restaurant owner. This includes:

• Scan timestamp
• Device type (mobile or desktop)
• Country and city (derived from IP address, not stored directly)
• Referrer information (e.g., table number if using table QR codes)

We do not require menu visitors to create accounts or provide personal information. Menu visitors are not our direct customers and this data is used only to provide analytics to restaurant owners.

We retain your personal data for as long as your account is active or as needed to provide the Service. Specifically:

• Account data is retained until you delete your account
• Menu content and scan analytics are retained as long as your account exists
• After account deletion, we delete your data within 30 days, except where retention is required by law (e.g., billing records)
• Anonymized, aggregated analytics data may be retained indefinitely

We take the security of your data seriously. Our security measures include:

• All data is encrypted in transit using HTTPS/TLS
• Passwords are hashed and never stored in plain text
• Database access is restricted and monitored
• Payment data is handled by Stripe and never touches our servers
• Regular security reviews and updates

No method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and associated data
• Portability: Export your menu data in a portable format
• Opt-out: Unsubscribe from marketing emails at any time using the unsubscribe link in our emails

To exercise any of these rights, contact us at hello@getmenuqr.com. We will respond within 30 days.

If you are located in the European Economic Area (EEA) or the United Arab Emirates, you have additional rights under the General Data Protection Regulation (GDPR) and UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (PDPL) respectively.

Our lawful basis for processing your personal data includes:

• Performance of a contract (providing the Service you signed up for)
• Legitimate interests (improving our service, preventing fraud)
• Legal obligations (billing records)
• Your consent (marketing communications)

To exercise your rights under GDPR or UAE PDPL, contact us at hello@getmenuqr.com.

We use essential cookies to operate the Service, including:

• Authentication cookies: To keep you signed in to your dashboard
• Session cookies: To maintain your session state

We do not use advertising tracking cookies or sell cookie data to third parties. You can disable cookies in your browser settings, but this may prevent you from logging in to your account.

MenuQR is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such information, please contact us immediately.

MenuQR serves customers globally, including in Pakistan, the UAE, Saudi Arabia, and India. Your data may be stored and processed in data centers located outside your country. By using the Service, you consent to this transfer and processing.

We ensure that any international data transfers comply with applicable data protection laws and that appropriate safeguards are in place.

The Service may contain links to third-party websites (e.g., WhatsApp). We are not responsible for the privacy practices of third-party sites. We encourage you to read the privacy policies of any third-party sites you visit.

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you by email or by posting a notice on the Service. The updated policy will be effective immediately upon posting.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated Privacy Policy.

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

• Email: hello@getmenuqr.com
• Website: getmenuqr.com
• Address: Lahore, Pakistan

We take all privacy inquiries seriously and aim to respond within 30 days.