Privacy Policy

At a Glance

Here's a quick summary of our privacy practices:

• We collect account information, menu content, usage data, and device/log information
• We use your information to provide the Service, improve features, and communicate with you
• We do not sell your personal information
• We do not use Google or Facebook user data for advertising purposes
• You can access, update, and delete your account and data
• Published menus are publicly visible; you control what information is displayed
• We use industry-standard security measures to protect your data

Information We Collect

Account Information

When you create an account, we collect:

• Email address (if registering with email)
• Name
• Password (encrypted and not accessible to us)
• Profile information (optional business name, description, phone number, location)

When you sign in with Google or Facebook (OAuth):

• Name
• Email address
• Profile picture (if available)
• Unique provider ID (for authentication purposes)

Menu Content and Business Information

We collect and store:

• Uploaded menu files (PDFs, images)
• Structured menu data you enter (item names, prices, descriptions, categories)
• Business name, description, and contact information you choose to display
• Photos and branding assets
• Custom QR code designs

Usage Data and Analytics

We collect information about how you and your customers interact with the Service:

• Menu views and QR code scans
• Timestamps of visits
• Page interactions
• Session duration
• Referral sources

Device and Log Data

We automatically collect:

• IP address
• Browser type and version
• Device type and operating system
• Time zone and language preferences
• Referring URLs
• Error logs and diagnostic information

Cookies and Similar Technologies

We use cookies, local storage, and similar identifiers to:

• Keep you logged in
• Remember your preferences
• Analyze usage patterns
• Improve the Service

You can control cookies through your browser settings, but disabling them may affect functionality.

Payment Information

If you subscribe to a paid plan, payment information is processed by a third-party payment processor. We do not store your full credit card numbers. We may store:

• Last four digits of your card (for display purposes)
• Billing address
• Transaction history

How We Use Information

We use the information we collect to:

• Provide and maintain the Service — host your menus, generate QR codes, deliver analytics
• Authenticate your account — verify your identity and secure your access
• Process payments — handle subscriptions and billing
• Communicate with you — send account verification emails, passwordless login links, billing receipts, limit warnings, and important updates
• Improve the Service — analyze usage patterns, fix bugs, develop new features
• Ensure security — detect and prevent fraud, abuse, and unauthorized access
• Provide customer support — respond to your questions and requests
• Comply with legal obligations — respond to lawful requests and enforce our Terms

Legal Bases for Processing

Depending on where you live, we process your personal information based on:

• Contract performance — to provide the Service you've signed up for
• Legitimate interests — to improve the Service, ensure security, and communicate with you
• Consent — where required by law, such as for marketing communications
• Legal obligations — to comply with applicable laws and regulations

How We Share Information

We do not sell your personal information.

We may share information in the following circumstances:

Service Providers

We share data with trusted third-party vendors who help us operate the Service:

• Cloud hosting and storage providers — to store your data
• Payment processors — to handle billing
• Analytics services — to understand usage patterns
• Email service providers — to send transactional emails
• OAuth providers (Google, Facebook) — for authentication

These providers are contractually obligated to protect your information and use it only for the purposes we specify.

Specific Service Providers

We currently use the following third-party service providers:

• Vercel, Inc. — application hosting and serverless infrastructure
• MongoDB, Inc. (MongoDB Atlas) — database hosting for user accounts and menu data
• Cloudinary Ltd. — image and media storage for uploaded assets
• Google LLC (Google Analytics) — usage analytics and performance monitoring

These providers may process personal data on our behalf solely to provide their services and are contractually obligated to protect your information.

Legal Requirements

We may disclose information if required to:

• Comply with a subpoena, court order, or other legal process
• Enforce our Terms of Service
• Protect the rights, property, or safety of MenuHoster, our users, or the public

We review all requests from public authorities for legality, disclose only the minimum information required by law, and document such requests and our responses.

Business Transfers

If MenuHoster is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you before your information becomes subject to a different privacy policy.

With Your Consent

We may share information for other purposes with your explicit consent.

Public Information

Data Retention

We retain your information for as long as your account is active or as needed to provide the Service. Specifically:

• Account information — retained while your account is active
• Menu content — retained while your menus are published or saved as drafts
• Analytics data — retained for up to 2 years for reporting purposes
• Log data — retained for up to 90 days for security and debugging

After you delete your account, we will delete or anonymize your personal information within 30 days, except where we must retain it for legal, security, or fraud prevention purposes.

Security

We implement industry-standard security measures to protect your information:

• Data encrypted in transit using HTTPS
• Data encrypted at rest on our servers
• Regular security assessments and updates
• Access controls and authentication requirements
• Monitoring for suspicious activity

However, no system is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

Your Choices and Rights

Access and Update

You can access and update your account information at any time through your dashboard. If you need assistance, contact us at support@menuhoster.com.

Delete Your Account and Data

You can delete your account from your dashboard settings. Upon deletion:

• Your account and personal information will be removed within 30 days
• Your published menus will be taken offline immediately
• Analytics data may be retained in anonymized form for reporting

Alternatively, email us at support@menuhoster.com to request account deletion.

Opt Out of Marketing Emails

If we send marketing communications (with your consent), you can opt out by clicking the "unsubscribe" link in any email. Note that you will still receive transactional emails necessary for the Service (e.g., account verification, billing receipts).

Cookie Controls

You can manage cookies through your browser settings. Disabling cookies may affect certain features of the Service.

Do Not Track

Some browsers include a "Do Not Track" signal. MenuHoster does not currently respond to Do Not Track signals, but we do not use your information for behavioral advertising.

Rights for Certain Jurisdictions

Depending on where you live, you may have additional rights, such as:

• Requesting a copy of your personal information
• Correcting inaccurate information
• Requesting deletion of your information
• Objecting to certain processing activities
• Restricting processing
• Data portability

To exercise these rights, contact us at support@menuhoster.com.

OAuth-Specific Information

What We Receive from Google and Facebook

When you sign in with Google or Facebook, we receive:

• Your name
• Your email address
• Your profile picture (if available)
• A unique provider ID to authenticate your account

We use this information solely for account creation, authentication, security, and customer support.

What We Do NOT Access

• Google: We do not access your Gmail, Google Drive, Google Calendar, or any other Google services. We do not read your emails or files.
• Facebook: We do not post to your timeline, access your friends list, or read your messages. We do not access Facebook pages unless you explicitly connect them (not currently available).

We Do Not Use Google or Facebook Data for Advertising

We do not use data obtained from Google or Facebook to serve you advertisements. We do not sell this data to third parties.

How to Revoke Access

You can revoke MenuHoster's access to your Google or Facebook account at any time:

After revocation, you will need to sign in using a different method or reconnect your Google/Facebook account.

Data Deletion Instructions

To delete all data associated with your MenuHoster account:

1. Log in to your MenuHoster dashboard
2. Go to Account Settings
3. Click "Delete Account" and confirm

This deletion includes all personal data obtained through Google or Facebook login.

Alternatively, email us at support@menuhoster.com with the subject line "Delete My Account." We will process your request within 30 days.

Children's Privacy

MenuHoster is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will promptly delete it. If you believe a child has provided us with personal information, contact us at support@menuhoster.com.

International Data Transfers

MenuHoster is based in the United States, and your information is processed and stored on servers located in the U.S. If you access the Service from outside the U.S., your information may be transferred to, stored, and processed in the U.S., where data protection laws may differ from those in your country.

By using MenuHoster, you consent to the transfer of your information to the U.S. and other countries where we operate.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by:

• Posting a notice on menuhoster.com
• Sending an email to the address associated with your account

The "Last updated" date at the top of this policy reflects the most recent changes. We encourage you to review this policy periodically.

Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us:

We will respond to your inquiry within a reasonable timeframe, typically within 30 days.