Last updated: February 14, 2026
MenuFlow is committed to protecting your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and your rights under the General Data Protection Regulation (GDPR) and other applicable laws.
MenuFlow ("we", "us", "our") is the data controller for the personal data collected through this website and the MenuFlow platform. If you have any questions about this policy, contact us at easyfix.management@gmail.com.
We collect the following categories of personal data:
When you register, we collect your name and email address. If you sign up via Google, we receive your name, email, and profile picture from Google with your consent.
We store the restaurant information, menus, sections, and items you create, including any photos you upload. This data is yours — we only process it to operate the Service.
We record page views of your public menu pages, including the approximate time of visit and the source (direct link, QR code, or embed). This data is aggregated and shown to you in your analytics dashboard. We do not track individual customer identities.
Payments are processed by Stripe. We do not store your credit card details. We receive and store only a Stripe customer ID and subscription status to manage your account.
We may collect standard server log data such as IP addresses, browser type, and referring URLs for security and debugging purposes. This data is retained for a maximum of 90 days.
We use your personal data for the following purposes:
| Purpose | Legal basis |
|---|---|
| Providing the Service | Perform our contract with you |
| Processing payments | Perform our contract with you |
| Sending service-related emails (e.g. receipts, password resets) | Perform our contract with you |
| Showing you your own menu analytics | Perform our contract with you |
| Improving and securing the Service | Legitimate interests |
| Complying with legal obligations | Legal obligation |
| Sending optional product update emails | Consent (you can unsubscribe at any time) |
We use a small number of essential cookies to keep you logged in and to maintain your session. We do not use advertising cookies or third-party tracking cookies.
The authentication cookies set by Supabase (our database and auth provider) are strictly necessary for the Service to function and do not require your consent.
We do not sell your personal data. We share your data only with the following trusted third-party service providers, strictly as necessary to operate the Service:
All providers are contractually bound to process your data only as instructed by us and in compliance with GDPR.
We may disclose your data if required to do so by law, or if we believe in good faith that such disclosure is necessary to comply with legal process or protect our rights.
When you publish a menu, its content (restaurant name, descriptions, menu items, prices, and photos) becomes publicly accessible at your unique menu URL. Anyone with this URL or your QR code can view the menu without logging in.
If you delete your restaurant or unpublish your menu, it will no longer be accessible to the public.
We retain your account data and menu content for as long as your account is active. If you delete your account, your personal data and all associated content will be permanently deleted within 30 days, except where we are required by law to retain certain records.
Anonymised, aggregated analytics data (view counts without personal identifiers) may be retained indefinitely for statistical purposes.
If you are located in the European Economic Area, you have the following rights:
To exercise any of these rights, contact us at easyfix.management@gmail.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
We implement appropriate technical and organisational measures to protect your personal data, including encrypted connections (HTTPS), database-level row security policies, and restricted access to production systems.
However, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security.
The Service is not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us and we will delete it promptly.
Our infrastructure is primarily hosted within the European Union. In cases where data is processed outside the EU (e.g. by Stripe or Vercel), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses approved by the European Commission.
We may update this Privacy Policy from time to time. We will notify you of significant changes by email or by a notice within the Service. The date at the top of this page indicates when the policy was last updated.
For any privacy-related questions or requests, please contact our privacy team at easyfix.management@gmail.com.