Privacy Policy
Effective Date: March 17, 2026
Last Updated: March 17, 2026
1. Introduction
Welcome to menus.eco ("we," "us," or "our"). menus.eco is a digital menu platform that helps restaurants, food trucks, and food service businesses replace paper menus with QR code–based digital menus — reducing paper waste and making menu management instant and effortless.
This Privacy Policy explains how we collect, use, store, share, and protect personal information when you use our website at menus.eco, our platform, or any related services (collectively, the "Services").
We are committed to transparency and privacy as core values — consistent with our environmental mission of reducing waste in all forms.
If you have questions, contact us at: privacy@menus.eco
2. Who This Policy Applies To
This policy covers two categories of people:
- Restaurant Owners / Merchants ("you" or "Users") — businesses that create an account and manage digital menus through our platform.
- Diners / Guests — members of the public who scan a QR code to view a restaurant's menu. Diners do not create accounts with menus.eco and are largely anonymous visitors.
3. Information We Collect
3.1 Information You Provide (Restaurant Owners / Merchants)
When you create an account or use our Services, we collect:
| Category | Examples |
|---|---|
| Account Information | Name, email address, business name |
| Billing Information | Credit/debit card details, billing address (processed securely via our payment processor — we do not store raw card numbers) |
| Menu Content | Menu items, descriptions, prices, photos, branding assets you upload |
| Support Communications | Messages, requests, and feedback you send us |
| Profile Preferences | Display settings, font choices, color schemes, scheduled menu configurations |
3.2 Information Collected Automatically (All Visitors)
When anyone visits our website or accesses a digital menu, we automatically collect:
| Category | Examples |
|---|---|
| Usage Data | Pages visited, features used, session duration, click events |
| Device & Technical Data | IP address, browser type, operating system, device type, screen resolution |
| Location Data | General geographic location inferred from IP address (country/region level) |
| Cookie & Tracking Data | Session identifiers, preference cookies, analytics data (see Section 6) |
3.3 Information Collected from Diners
Diners who scan a QR code to view a restaurant's menu interact with a publicly accessible web page. We collect:
- IP address and basic device/browser metadata (collected automatically by our servers)
- General geographic region (inferred from IP, country/region level only)
- Anonymous usage analytics (e.g., which menu sections were viewed)
We do not require diners to create accounts, submit names, email addresses, payment details, or any other personally identifying information in order to view a menu.
4. How We Use Your Information
We use the information we collect for the following purposes:
Providing and Improving the Service
- Creating and managing your account
- Processing payments and managing subscriptions
- Delivering and displaying your digital menus to diners
- Enabling AI-powered menu creation from uploaded images
- Providing customer support and resolving disputes
Communication
- Sending transactional emails (receipts, password resets, account notifications)
- Sending product updates, tips, and announcements (you may opt out at any time)
- Responding to support inquiries
Analytics and Performance
- Understanding how the platform is used to improve features and user experience
- Identifying and fixing technical issues
- Generating aggregate, anonymized usage reports
Security and Legal Compliance
- Detecting and preventing fraud, abuse, and unauthorized access
- Complying with applicable laws and regulations
- Enforcing our Terms of Service
Legal Bases for Processing (GDPR — EU/EEA Users)
| Purpose | Legal Basis |
|---|---|
| Account creation and service delivery | Article 6(1)(b) — Performance of a contract |
| Payment processing | Article 6(1)(b) — Performance of a contract |
| Security and fraud prevention | Article 6(1)(f) — Legitimate interests |
| Marketing communications | Article 6(1)(a) — Consent (with opt-out) |
| Legal compliance | Article 6(1)(c) — Legal obligation |
| Product analytics and improvement | Article 6(1)(f) — Legitimate interests |
5. How We Share Your Information
We do not sell your personal information. We do not share your information with third parties for their own marketing purposes.
We share data only in the following circumstances:
Service Providers
We work with trusted third-party providers who process data on our behalf, subject to strict confidentiality and data processing agreements:
| Provider Category | Purpose |
|---|---|
| Payment Processor (e.g., Stripe) | Securely processing subscription payments |
| Cloud Hosting (e.g., AWS or equivalent) | Storing platform data and serving menus |
| Email Service Provider | Sending transactional and marketing emails |
| Analytics Provider (e.g., Google Analytics) | Aggregated, anonymized platform usage analytics |
| Authentication Security (e.g., Google reCAPTCHA) | Bot detection and form security |
| Customer Support Tools | Managing support tickets and communications |
Legal Obligations
We may disclose your information if required by law, court order, subpoena, or governmental authority, or when disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers
If menus.eco is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.
With Your Consent
We may share information in any other circumstance with your explicit prior consent.
6. Cookies and Tracking Technologies
We use cookies and similar technologies to operate and improve our Services.
Types of Cookies We Use
| Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential Cookies | Required for login sessions, security, and basic platform functionality | No — these are necessary for the service to function |
| Analytics Cookies | Understand how visitors use our site (page views, session data, feature usage) | Yes — via cookie preferences or opt-out links |
| Preference Cookies | Remember your display settings and language preferences | Yes — via cookie preferences |
| Marketing/Tracking Pixels | May be used to measure the effectiveness of our own advertising campaigns | Yes — via cookie preferences |
You can control cookie settings through your browser preferences. Most browsers allow you to refuse or delete cookies; note that disabling essential cookies may prevent some features from working properly.
For EU/EEA visitors, we obtain consent before setting non-essential cookies in accordance with the ePrivacy Directive and GDPR.
7. Data Retention
We retain your personal information for as long as your account is active or as needed to provide the Services.
| Data Type | Retention Period |
|---|---|
| Account and profile data | Duration of account + 30 days after deletion request |
| Billing and transaction records | 7 years (legal and tax compliance) |
| Menu content and uploads | Duration of account + 30 days after deletion request |
| Support communications | 3 years from last interaction |
| Analytics data (aggregated) | Up to 26 months, then permanently anonymized |
| Server logs (IP, device data) | 90 days rolling |
When your account is closed or a deletion request is honored, we securely delete or anonymize your data within 30 days, except where we are required by law to retain it longer (e.g., financial records).
8. Your Rights and Choices
All Users
- Opt Out of Marketing Emails: Click "Unsubscribe" in any marketing email. Transactional emails (receipts, security alerts) cannot be turned off while your account is active.
- Update Your Information: Log in to your account dashboard to correct or update your profile and billing information.
- Delete Your Account: Contact us at privacy@menus.eco to request account deletion. We will process the request within 30 days.
EU / EEA Residents (GDPR Rights)
If you are located in the European Union or European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):
| Right | Description | Response Time |
|---|---|---|
| Right of Access (Art. 15) | Request a copy of the personal data we hold about you | 30 days |
| Right to Rectification (Art. 16) | Request correction of inaccurate or incomplete data | 30 days |
| Right to Erasure (Art. 17) | Request deletion of your personal data ("right to be forgotten") | 30 days |
| Right to Restrict Processing (Art. 18) | Request that we limit how we process your data | 30 days |
| Right to Data Portability (Art. 20) | Receive your data in a structured, machine-readable format (JSON/CSV) | 30 days |
| Right to Object (Art. 21) | Object to processing based on legitimate interests or for direct marketing | Immediate (marketing); 30 days (other) |
| Right to Withdraw Consent (Art. 7) | Withdraw consent for any processing based on consent | Immediate |
To exercise any of these rights, email privacy@menus.eco. We may verify your identity before processing the request. You also have the right to lodge a complaint with your local data protection authority (DPA).
California Residents (CCPA / CPRA Rights)
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources, the business purposes, and any third parties we share it with.
- Right to Delete: Request deletion of your personal information (subject to certain exceptions).
- Right to Correct: Request correction of inaccurate personal information.
- Right to Opt-Out of Sale or Sharing: We do not sell or share your personal information with third parties for monetary consideration or for cross-context behavioral advertising. You may still submit an opt-out request at privacy@menus.eco.
- Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights. You will receive the same quality of service regardless of whether you submit a privacy request.
To submit a CCPA request, email privacy@menus.eco with the subject line "California Privacy Request." We will respond within 45 days, with one 45-day extension where reasonably necessary.
California Shine the Light (Civil Code § 1798.83): We do not disclose personal information to third parties for their own direct marketing purposes.
9. Data Security
We implement industry-standard technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS/HTTPS) and at rest
- Secure, access-controlled cloud infrastructure
- Role-based access controls limiting employee access to personal data
- Regular security reviews and vulnerability assessments
- Secure payment processing — we never store raw credit card numbers
No method of transmission over the internet or electronic storage is 100% secure. While we take security seriously and apply commercially reasonable safeguards, we cannot guarantee absolute security. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law (within 72 hours for GDPR-covered users; as required by applicable US state breach notification laws).
10. Children's Privacy
Our Services are not directed to, and we do not knowingly collect personal information from, children under the age of 13 (or under 16 for EU/EEA residents under GDPR). If we learn that we have inadvertently collected personal information from a child under the applicable age threshold, we will delete it promptly. If you believe we have collected information from a child, contact us at privacy@menus.eco.
11. International Data Transfers
menus.eco is operated from the United States. If you access our Services from outside the US, your information will be transferred to, stored, and processed in the United States.
For users in the EU/EEA, we ensure that any transfers of personal data outside the European Economic Area are conducted in compliance with GDPR Chapter V, using:
- Standard Contractual Clauses (SCCs) approved by the European Commission, or
- Adequacy decisions where applicable
By using our Services, you acknowledge that your data may be transferred to and processed in the United States, which may have different data protection standards than your home country.
12. Our Commitment to the Environment
menus.eco was built on the mission of helping restaurants eliminate single-use paper menus — reducing paper waste, printing costs, and the emissions associated with reprinting menus every time prices or items change.
As a holder of a verified .eco domain, we have made a commitment to environmental responsibility. While this policy does not itself create enforceable environmental obligations, we are committed to operating our platform infrastructure with efficiency and environmental consciousness in mind.
We do not use your data or your diners' data for purposes that conflict with this mission — we do not sell data, build advertising profiles of diners, or monetize usage data beyond what is necessary to operate and improve the menus.eco platform.
13. Third-Party Links and Services
Our platform may contain links to third-party websites or services. This Privacy Policy does not apply to those third parties. We encourage you to review the privacy policies of any third-party services you access through our platform or your menus.
14. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post the updated policy on this page with a new "Last Updated" date
- Send an email notification to registered account holders
- For significant changes, provide at least 30 days' notice before the changes take effect
Continued use of the Services after the effective date of any changes constitutes your acceptance of the updated policy.
15. Contact Us
For privacy-related questions, requests, or complaints:
menus.eco
Email: privacy@menus.eco
Website: menus.eco
For EU/EEA users, you also have the right to contact your local supervisory authority. A list of EU data protection authorities is available at: https://edpb.europa.eu/about-edpb/about-edpb/members_en
This Privacy Policy was prepared with reference to GDPR (Regulation (EU) 2016/679), the California Consumer Privacy Act (CCPA/CPRA), and international best practices for SaaS privacy policy transparency.