Privacy Policy for FoodMenuChat
FoodMenuChat Privacy Policy Effective Date: November 7, 2025 Last updated: November 7, 2025 Service: FoodMenuChat (menu + ordering facilitator) Company (Processor): ConnectoDigital LLC, New York, NY, USA Email:
Related Terms:
Data Processing Addendum (DPA)
This Policy explains how we (ConnectoDigital LLC) handle information for the FoodMenuChat Service. For data we process on behalf of restaurants, the restaurant is the Controller and we are the Processor. This Policy also describes how we process information as a business in our own right (for example, account and billing data). What FoodMenuChat Is (and Isn’t) FoodMenuChat hosts digital menus, provides QR codes, captures basic order details, and opens a starter message in a customer’s WhatsApp/SMS app. We do not process payments. Restaurants confirm final pricing and orders, and collect payment offline (cash/card). Information We Process 2.1 Restaurant Account & Admin Users (Controller Data or Our Own Business Data) • Account profile (name, email, phone), login credentials, role/permissions • Workspace settings, subscription and billing metadata (no card numbers stored by us if paid via external processor) • Support communications and logs (dates, times, IP address, device info) 2.2 Restaurant Content (Controller Data) • Menu items, categories, images, prices, availability, and notes the restaurant uploads 2.3 End-Customer Order Data (Controller Data) • Fields restaurants choose to collect (for example: name, phone number, order items, order notes) • Message metadata/handles necessary to open WhatsApp/SMS on customer device • System logs (IP address/device identifiers) when linkable to a person Restaurants control which fields are collected (required/optional). If a restaurant chooses to minimize, the system still works (for example, phone + order items only). 2.4 Sources of Information • Directly from restaurant admins (account setup, menu uploads) • Directly from end-customers via restaurant menu/order pages • Automatically via the Service (logs, device/browser data) How We Use Information We use information to: • Provide, operate, maintain, and improve FoodMenuChat • Host menus and facilitate order intake and message initiation • Secure the Service (fraud/abuse prevention, logging, troubleshooting) • Provide support, communicate about changes, and bill for subscriptions • Comply with law, and enforce our
When acting as Processor, we process personal data only on the restaurant’s documented instructions, as set out in the
and this Policy. Messaging, Carriers, and Platform Limits We initiate a starter message to WhatsApp/SMS; the customer must manually send it. We don’t control message delivery, latency, or blocking by carriers or platforms. Restaurants should verify suspicious/ghost orders before preparing food. Payment Processing We do not process payments for food orders between restaurants and their customers. All customer payments for food orders occur offline between the restaurant and its customers. We do process payments for our service subscriptions using third-party payment processors (currently Paddle, with potential use of PayPal, Stripe, Lemon Squeezy, or others). These processors handle billing information according to their own privacy policies. Cookies & Similar Technologies We use necessary cookies for authentication, session management, and security. We may use analytics to understand product usage in aggregate. Browser settings allow you to control cookies; some features may not work without required cookies. Cookie categories (summary): • Essential Cookies — Enable core functionality and security — Duration: Session / up to 1 year • Analytics Cookies — Track usage and improve services — Duration: up to 2 years • Marketing Cookies — Deliver relevant advertisements — Duration: up to 1 year • Preference Cookies — Remember your settings and preferences — Duration: up to 1 year You can control cookie settings through your browser preferences. Sharing, Third-Party Services, and Sub-Processors We use trusted vendors (“Sub-processors”) to host and operate the Service (for example: cloud hosting, CDN/WAF, email support, logging). We require them to protect data via contract and to process only as needed to provide the service. Current Sub-processors List:
/page/privacy-policy-subprocessors
We may disclose information if required by law or to protect rights, safety, and the integrity of the Service. Our service may integrate with third-party services. These services have their own privacy policies. Examples include: • Payment processors (Stripe, PayPal, Paddle, and others) • Analytics providers (usage patterns) • Cloud services (secure hosting/storage) • Communication tools (email and messaging for customer support) International Transfers Your information may be transferred to and processed in countries other than your own. If data is transferred internationally, we use appropriate safeguards where legally required (for example, Standard Contractual Clauses, adequacy decisions, certification schemes, and codes of conduct). Security We use administrative, technical, and physical safeguards such as: role-based access, MFA for admins, encryption in transit, tenant isolation, least-privilege access, backups, logging, and incident response procedures. Retention We keep personal data for as long as needed to provide the Service and meet legal/operational requirements. After a restaurant terminates, data is generally deleted or anonymized following the 15-day export window. Data Subject Requests When we act as Processor, we forward requests (access, correction, deletion) to the restaurant (Controller). If you are an end-customer, please contact the restaurant directly. If you contact us, we will notify the restaurant when appropriate. Your Choices • Restaurants can configure which fields to collect from end-customers • Admins can access/update account information from the dashboard • Anyone can contact us at
for questions about this Policy or our practices Children’s Privacy The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child provided data, contact us and we will take appropriate action. Changes to this Policy We may update this Policy from time to time. We will post changes with a new effective date and, for material changes, provide notice via email or in-app prior to the effective date. Contact Questions? Email
. Controller–Processor Appendix (Summary) Controller: Restaurant (decides what to collect and why; sets field requirements) Processor: ConnectoDigital LLC (operates FoodMenuChat per Controller instructions) DPA:
Sub-processors:
/page/privacy-policy-subprocessors
Additional Information for EU Users (GDPR) If you are located in the European Union, you have additional rights under GDPR, including: • Legal basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations • Data protection authority: You have the right to lodge a complaint with your local data protection authority • Automated decision making: We do not engage in automated decision-making that significantly affects you California Privacy Rights (CCPA) If you are a California resident, you have additional rights under CCPA, including: • Right to know: Request information about categories and specific pieces of personal information we collect • Right to delete: Request deletion of your personal information • Right to opt-out: Opt-out of the sale of your personal information • Non-discrimination: We will not discriminate against you for exercising your CCPA rights