Privacy Policy

Last updated: January 1, 2025

1. Introduction

MenuCraft ("we", "our", or "us") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform at menucraft.io (the "Service").

2. Information We Collect

2.1 Account Information

When you register, we collect your name, email address, and password (stored as a secure hash). Optionally, you may provide a phone number and profile photo.

2.2 Store & Menu Data

We store the restaurant information, menus, categories, items, prices, and images you upload. This data is yours and you retain full ownership.

2.3 Customer Order Data

When your customers place orders through your digital menu, we collect order details including items ordered, customer name, phone number, table number, and delivery address. This data is stored securely and associated with your account.

2.4 Usage & Analytics Data

We collect anonymized usage data including page views, device type, browser, country, and referrer to help you understand your menu performance and improve our service.

2.5 Payment Information

We do not store your credit card details. All payment processing is handled by Stripe, which is PCI-DSS Level 1 certified. We only store your Stripe customer ID and subscription status.

3. How We Use Your Information

  • Providing and maintaining the Service
  • Processing payments and managing subscriptions
  • Sending transactional emails (order confirmations, account alerts)
  • Providing customer support
  • Improving and personalizing the Service
  • Complying with legal obligations
  • Sending product updates (with your consent)

4. Data Sharing

We do not sell, trade, or rent your personal information to third parties. We share data only with:

  • Service Providers: Stripe (payments), Resend (email), UploadThing (file storage), Vercel (hosting) — all bound by data processing agreements.
  • Legal Requirements: When required by law, court order, or governmental authority.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, with appropriate notice.

5. Data Retention

We retain your account data for as long as your account is active. Analytics data is retained according to your subscription plan (90 days on free plans, up to 2 years on Enterprise). After account deletion, we purge all personal data within 30 days, except where retention is required by law.

6. Your Rights (GDPR & CCPA)

Depending on your location, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data ("right to be forgotten")
  • Data portability (export your data in JSON/CSV format)
  • Object to or restrict processing
  • Withdraw consent at any time

To exercise these rights, email us at [email protected].

7. Security

We implement industry-standard security measures including TLS encryption in transit, bcrypt password hashing, database encryption at rest, regular security audits, and role-based access controls. However, no method of transmission over the internet is 100% secure.

8. Cookies

We use essential cookies for authentication sessions, preference cookies for theme/language settings, and analytics cookies (with your consent) to understand usage patterns. You can manage cookie preferences in your browser settings.

9. Children's Privacy

Our Service is not directed to children under 13. We do not knowingly collect personal information from children under 13. If you believe we have inadvertently collected such data, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of material changes by email or prominent notice on our website at least 30 days before the change takes effect.

11. Contact Us

For privacy-related questions or to exercise your rights: