1. Information We Collect
We collect information you provide when you create an account, build menus, or contact us. This includes your email address, password, restaurant name, cuisine type, and optional details like your name, phone number, address, and business hours. When you build menus, we store all content you create: section titles, item names, descriptions, prices, dietary flags, and any images you upload (logos, photos, featured images). If you invite team members, we collect their email addresses and assigned roles.
2. Analytics and Visitor Data
When someone views a published menu, we collect limited analytics data: the traffic source (QR code, direct link, or short link), device type (mobile, desktop, or tablet, detected via user agent string), referring website hostname, and any UTM campaign parameters in the URL. We assign each visitor a random identifier stored in their browser's local storage to count unique visitors. We do not collect IP addresses, precise location data, or any personally identifying information about menu viewers.
3. How We Use Your Information
We use your information to provide and operate MenuSquared: hosting your digital menus, generating PDF exports, processing payments, delivering AI-generated content suggestions, sending transactional emails (team invitations, contact form replies), and displaying analytics in your dashboard. We also use aggregated, non-identifying data to understand how our service is used and to improve it.
4. AI Content Generation
Our AI features are powered by the Google Gemini API. When you use AI to generate menu descriptions, pricing suggestions, or seasonal recommendations, we send the relevant menu data (dish names, ingredients, prices, cuisine type, and your selected tone) to Google's servers for processing. We do not send your email, restaurant name, or any personal identity information to the AI service. Your menu data is not used to train AI models. AI-generated text is returned to you as suggestions that you can edit or discard.
5. Payment Processing
Payments are processed by Stripe. When you subscribe to a paid plan, you are redirected to Stripe's hosted checkout page where you enter your payment details. MenuSquared never sees, transmits, or stores your credit card number, billing address, or other payment details. We store only your Stripe customer ID, subscription tier, subscription status, and renewal date. You can manage your payment methods, view invoices, and update billing details directly through Stripe's billing portal.
6. Third-Party Services
We use the following third-party services that process data on our behalf: Supabase (database hosting, authentication, file storage), Stripe (payment processing), Google Gemini API (AI content generation), Resend (transactional email delivery via send.menusquared.com), Vercel (frontend hosting), and Fly.io (PDF export service). Each service processes only the data necessary for its function. We encourage you to review their respective privacy policies.
7. Data Storage and Security
Your data is stored in Supabase's cloud infrastructure with row-level security policies that ensure users can only access their own data. Passwords are hashed using industry-standard algorithms. Optional two-factor authentication (TOTP) is available. Menu passwords for PIN-protected menus are verified server-side and never sent to the client. Images are stored in Supabase's CDN-backed storage. All data is transmitted over HTTPS.
8. Data Retention
Your account data and menus are retained as long as your account is active. Menu analytics data is retained on a rolling basis and aggregated in dashboard reports covering the last 30 days. Team invitation tokens expire after 7 days. AI credit periods reset on a 30-day rolling window. When you delete a menu, its data and associated analytics are permanently removed.
9. Data Export and Deletion
You can export all of your data at any time from your dashboard settings. The export includes your full profile and all menus in JSON format. If you delete your account, all associated data is permanently removed: your profile, menus, analytics records, team memberships, AI credit history, and uploaded images. This action cannot be undone.
10. Public Menu Visibility
When you publish a menu, the following information becomes publicly accessible: your restaurant name, menu content (sections, items, prices, descriptions), logo, dietary indicators, footer text, and any contact details you choose to display (address, phone, hours). Your email, account details, analytics data, billing information, and team members are never publicly visible.
11. Children's Privacy
MenuSquared is designed for restaurant businesses and is not directed at children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by updating the date at the top of this page. Your continued use of MenuSquared after changes are posted constitutes your acceptance of the updated policy.
13. Contact Us
If you have questions about this Privacy Policy or want to exercise your data rights, contact us at support@menusquared.com.