Data Processing Addendum
Last updated: July 4, 2026
This Data Processing Addendum (“DPA”) forms part of, and is subject to, the MenuHoster Terms of Service(the “Agreement”) between MenuHoster and the business or person who uses the Service (“you” or “Customer”). It applies where MenuHoster processes Personal Data on your behalf and Applicable Data Protection Law (such as the EU GDPR or UK GDPR) requires such terms.
This DPA is provided for transparency and to support customers subject to data-protection law. It is not legal advice. Enterprise customers who require a countersigned copy can request one via our contact form. If this DPA conflicts with the Agreement on data-protection matters, this DPA controls.
1. Definitions
- “Applicable Data Protection Law” — all data-protection and privacy laws that apply to the processing of Personal Data under the Agreement, including the EU General Data Protection Regulation (GDPR), the UK GDPR and Data Protection Act 2018, and comparable laws.
- “Personal Data,” “Controller,” “Processor,” “Data Subject,” “Processing,” and “Sub-processor” have the meanings given in Applicable Data Protection Law.
- “Customer Personal Data” — Personal Data that MenuHoster processes on your behalf in providing the Service (for example, the contact details of diners or customers who opt in through your menus, and order details).
2. Roles of the Parties
For Customer Personal Data, you act as the Controller (or as a processor acting on behalf of your own controller), and MenuHoster acts as your Processor. MenuHoster processes Customer Personal Data only to provide and support the Service and on your documented instructions, which include the Agreement, this DPA, and your use of the Service's features and settings. For MenuHoster's own account, billing, security, and analytics data, MenuHoster acts as an independent Controller as described in our Privacy Policy.
3. Details of Processing
- Subject matter & duration: provision of the Service for the term of the Agreement, and until deletion/return of data as described below.
- Nature & purpose: hosting menus and websites; capturing opted-in customer contacts; processing and managing orders and reservations; sending owner-initiated communications; and, where you enable them, syncing data to integrations you connect.
- Types of Personal Data: customer/diner email addresses and names; opt-in and unsubscribe status; order details (items, amounts, fulfilment info) and the ordering customer's contact details; reservation/appointment details; and usage and device data of your site/menu visitors.
- Categories of Data Subjects: your customers, diners, guests, and visitors to your published menus and websites.
4. MenuHoster's Obligations
MenuHoster will:
- process Customer Personal Data only on your documented instructions, unless required by law (in which case we will notify you where permitted);
- ensure that persons authorized to process Customer Personal Data are bound by confidentiality;
- implement appropriate technical and organizational security measures (see Section 6);
- taking into account the nature of processing, assist you, by appropriate measures, in responding to Data Subject requests and in meeting your obligations regarding security, breach notification, and data protection impact assessments;
- notify you without undue delay after becoming aware of a Personal Data breach affecting Customer Personal Data; and
- at your choice, delete or return Customer Personal Data at the end of the Agreement, and delete existing copies unless retention is required by law (see also our Privacy Policy retention periods).
5. Sub-processors
You authorize MenuHoster to engage the sub-processors listed under “Specific Service Providers” in our Privacy Policy (for example, hosting, database, email, and analytics providers) to process Customer Personal Data. MenuHoster imposes data-protection obligations on its sub-processors that are no less protective than those in this DPA and remains responsible for their performance. We will provide reasonable notice of any intended change of sub-processors and give you the opportunity to object on reasonable data-protection grounds.
6. Security
MenuHoster maintains technical and organizational measures appropriate to the risk, including encryption of data in transit (HTTPS) and at rest, access controls and authentication, hashing of IP addresses before storage, monitoring for suspicious activity, and regular security updates. Further detail is in the “Security” section of our Privacy Policy.
7. International Transfers
Where MenuHoster transfers Customer Personal Data outside the EEA or UK to a country without an adequacy decision, it relies on appropriate safeguards such as the European Commission's Standard Contractual Clauses (and the UK Addendum, where applicable) or another lawful transfer mechanism.
8. Audits
On reasonable prior written request, and subject to confidentiality, MenuHoster will make available information reasonably necessary to demonstrate compliance with this DPA and allow for and contribute to audits, including inspections, conducted by you or an auditor you mandate — no more than once per year unless required by a supervisory authority or following a breach.
9. Integrations You Connect
When you connect a third-party integration to your own account — such as Mailchimp, Zapier, or your own Stripe account — you instruct MenuHoster to transfer the relevant data to that service. Once received by that service, the data is processed under youragreement with that provider, and that provider acts as your own processor or an independent controller. MenuHoster is not responsible for those third parties' processing, and this DPA does not cover it. You are responsible for having a lawful basis and any required agreements (including data-processing terms) directly with those providers.
10. Liability & Term
Each party's liability under this DPA is subject to the limitations and exclusions of liability in the Agreement. This DPA takes effect when you accept the Agreement or begin using the Service, and remains in effect for as long as MenuHoster processes Customer Personal Data on your behalf.
Contact
Contact: Contact Form
Website: menuhoster.com