Last updated: November 7, 2025

1. What FoodMenuChat Is (and Isn't)

FoodMenuChat hosts digital menus, provides QR codes, captures basic order details, and opens a starter message in the customer's WhatsApp/SMS app. We do not process payments. Restaurants confirm final pricing and orders, and collect payment offline (cash/card).

2. Information We Process

2.1 Restaurant Account & Admin Users (Controller or Our Own Business Data)

• Account profile (name, email, phone), login credentials, role/permissions
• Workspace settings, subscription and billing metadata (no card numbers stored by us if paid via external processor)
• Support communications and logs (dates, times, IP address, device info)

2.2 Restaurant Content (Controller Data)

• Menu items, categories, images, prices, availability, and notes the restaurant uploads

2.3 End-Customer Order Data (Controller Data)

• Fields restaurants choose to collect (e.g., name, phone number, order items, order notes)
• Message metadata/handles necessary to open WhatsApp/SMS on the customer device
• System logs (IP address/device identifiers) when linkable to a person

2.4 Sources of Information

• Directly from restaurant admins (account setup, menu uploads)
• Directly from end-customers via restaurant menu/order pages
• Automatically via the Service (logs, device/browser data)

3. How We Use Information

• Provide, operate, maintain, and improve FoodMenuChat
• Host menus and facilitate order intake and message initiation
• Secure the Service (fraud/abuse prevention, logging, troubleshooting)
• Provide support, communicate about changes, and bill for subscriptions
• Comply with law, enforce our Terms of Service

When acting as Processor, we process personal data only on the restaurant's documented instructions, as set out in the DPA and this Policy.

4. Messaging, Carriers, and Platform Limits

We initiate a starter message to WhatsApp/SMS; the customer must manually send it. We don't control message delivery, latency, or blocking by carriers or platforms. Restaurants should verify suspicious/ghost orders before preparing food.

5. Payment Processing

We do not process payments for food orders between restaurants and their customers. All customer payments for food orders occur offline between the restaurant and its customers. We do process payments for our service subscriptions using third-party payment processors (currently Paddle, with potential use of PayPal, Stripe, Lemon Squeezy, or others). These processors handle billing information according to their own privacy policies.

6. Cookies & Similar Technologies

We use necessary cookies for authentication, session management, and security. We may use analytics to understand product usage in the aggregate. Browser settings allow you to control cookies; some features may not work without required cookies.

7. Sharing & Sub-Processors

We use trusted vendors ("Sub-processors") to host and operate the Service (e.g., cloud hosting, CDN/WAF, email support, logging). We require them to protect data via contract and only process as needed to provide the service. See our current list at /privacy_policy/subprocessors/.

We may disclose information if required by law or to protect rights, safety, and the integrity of the Service.

8. International Transfers

If data is transferred internationally, we use appropriate safeguards (e.g., Standard Contractual Clauses) where legally required.

9. Security

We use administrative, technical, and physical safeguards: role-based access, MFA for admins, encryption in transit, tenant isolation, least-privilege access, backups, logging, and incident response procedures.

10. Retention

We keep personal data for as long as needed to provide the Service and meet legal/operational requirements. After a restaurant terminates, data is generally deleted or anonymized following the 15-day export window.

11. Data Subject Requests

When we act as Processor, we forward requests (access, correction, deletion) to the restaurant (Controller). If you are an end-customer, please contact the restaurant directly. If you contact us, we will notify the restaurant when appropriate.

12. Your Choices

• Restaurants can configure which fields to collect from end-customers
• Admins can access/update account information from the dashboard
• Anyone can contact us at support@foodmenuchat.com for questions about this Policy or our practices

8. Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience:

Category	Purpose	Duration
Essential Cookies	Enable core functionality and security	Session/1 year
Analytics Cookies	Track usage and improve services	2 years
Marketing Cookies	Deliver relevant advertisements	1 year
Preference Cookies	Remember your settings and preferences	1 year

You can control cookie settings through your browser preferences.

9. Third-Party Services & Sub-Processors

Our service integrates with third-party services. These services have their own privacy policies:

• Payment Processors: Stripe, PayPal, Paddle, and others handle payment information according to their privacy policies
• Analytics: We use analytics services to understand usage patterns
• Cloud Services: Data may be stored on secure cloud platforms
• Communication: Email and messaging services for customer support

For detailed information about our sub-processors and their data processing activities, please see our Sub-Processors List.

10. Data Processing Addendum

If you are a restaurant using FoodMenuChat, our Data Processing Addendum (DPA) governs how we process personal data on your behalf. The DPA includes details about:

• Roles and responsibilities (Controller vs Processor)
• Data categories and processing purposes
• Security measures and breach notification
• Data subject rights assistance
• International data transfers

10. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place for international transfers, including:

• Standard contractual clauses
• Adequacy decisions by relevant authorities
• Certification schemes and codes of conduct

13. Children's Privacy

The Service is not directed to children under 13, and we do not knowingly collect data from them. If you believe a child provided data, contact us and we will take appropriate action.

14. Changes to this Policy

We may update this Policy from time to time. We will post changes with a new effective date and, for material changes, provide notice via email or in-app prior to the effective date.

15. Contact

Questions? Email support@foodmenuchat.com.

14. Additional Information for EU Users

If you are located in the European Union, you have additional rights under the GDPR:

• Legal Basis: We process your data based on consent, contract performance, legitimate interests, or legal obligations
• Data Protection Authority: You have the right to lodge a complaint with your local data protection authority
• Automated Decision Making: We do not engage in automated decision-making that significantly affects you

15. California Privacy Rights

If you are a California resident, you have additional rights under the CCPA:

• Right to Know: Request information about the categories and specific pieces of personal information we collect
• Right to Delete: Request deletion of your personal information
• Right to Opt-Out: Opt-out of the sale of your personal information
• Non-Discrimination: We will not discriminate against you for exercising your CCPA rights