Last updated: January 1, 2025
Your privacy matters to us. This Privacy Policy explains what data we collect, why we collect it, and how we use and protect it. We do not sell your personal data to any third party — ever.
1 Introduction
Digital Menu Book ("we", "our", or "us") operates a global digital menu platform. This Privacy Policy outlines how we responsibly collect, use, and protect your information when you use our website and services.
We believe in straightforward, transparent data practices. By using our Service, you consent to the data practices described in this policy.
2 Data We Collect
2.1 Information You Provide
- Account Information: Name, email address, phone number, restaurant name, country, and password when you register.
- Profile & Business Information: Restaurant address, logo, business description, and other customisation data.
- Menu Content: Food items, prices, descriptions, images, and categories you add to your digital menu.
- Payment Information: Billing details processed through our authorised payment gateways. We do not store full card numbers on our servers.
- Support Communications: Messages, emails, and records of your interactions with our support team.
2.2 Automatically Collected Information
- Device & Browser Data: IP address, browser type, operating system, device type, and screen resolution.
- Usage Data: Pages visited, features used, time spent, links clicked, and navigation patterns.
- Session Data: Login timestamps, session duration, and activity logs.
- Cookies & Tracking: As described in the Cookies section below.
2.3 Customer Data (End-User Menu Visitors)
When your restaurant's customers scan your QR menu, we may collect anonymous usage data (e.g., number of scans, most-viewed items). We do not collect personal data of your customers unless they actively place an order, in which case their order details are stored and visible to you as the restaurant operator.
3 How We Use Your Data
We use the data we collect for the following purposes:
- Service Delivery: To create and manage your account, host your digital menu, and process orders.
- Payment Processing: To handle subscription billing and transaction records.
- Communications: To send account notifications, billing alerts, product updates, and customer support responses.
- Analytics & Improvement: To understand how our platform is used and to improve features, performance, and user experience.
- Security: To detect and prevent fraud, abuse, and unauthorised access.
- Legal Compliance: To comply with applicable laws, regulations, and lawful government requests.
Marketing: We may send you product updates and promotional emails. You can opt out at any time by clicking the unsubscribe link in any email or contacting us directly.
4 Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We may share your data with:
- Payment Processors: Authorised payment gateway partners to process transactions securely.
- Cloud Infrastructure Providers: Hosting and storage services that operate our infrastructure under strict data processing agreements.
- Email Service Providers: Transactional and notification email delivery services.
- Analytics Tools: Aggregate and anonymised usage data may be shared with analytics platforms.
- Legal Authorities: When required by law, court order, or governmental authority.
- Business Transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction, with prior notice to you.
All third-party processors are bound by data processing agreements and are prohibited from using your data for their own marketing purposes.
5 Data Storage & Security
Your data is stored on secure, enterprise-grade cloud servers. We implement industry-standard security measures including:
- 256-bit SSL/TLS encryption for all data in transit.
- Encrypted storage for sensitive data including passwords (using bcrypt hashing).
- Regular security audits and vulnerability assessments.
- Restricted access controls — only authorised personnel can access production data.
- Automated backups and disaster recovery procedures.
Important: While we implement strong security measures, no online service can guarantee absolute security. In the event of a data breach that affects your data, we will notify you promptly and take immediate remediation steps.
5.1 Data Retention
We retain your account data securely while your account is active. After account deletion or subscription termination:
- Account data is retained for 30 days to allow restoration if the termination was accidental.
- After 30 days, personal data is permanently deleted from our active systems.
- Some data may be retained in anonymised form for analytics or to comply with global financial record-keeping requirements.
6 Cookies & Tracking
We use cookies and similar tracking technologies to provide and improve our Service. Types of cookies we use:
- Essential Cookies: Required for the platform to function (session management, authentication). These cannot be disabled.
- Preference Cookies: Remember your settings and preferences (e.g., language, timezone).
- Analytics Cookies: Help us understand how users interact with the platform so we can improve it.
You can control non-essential cookies through your browser settings. Note that disabling certain cookies may affect the functionality of our Service.
7 Your Data Rights
As a user, you have the following rights with respect to your personal data:
- Right to Access: Request a copy of the personal data we hold about you.
- Right to Correction: Request correction of inaccurate or incomplete data.
- Right to Deletion: Request deletion of your personal data ("right to be forgotten").
- Right to Data Portability: Request your data in a structured, machine-readable format.
- Right to Withdraw Consent: Withdraw consent for marketing communications at any time.
To exercise any of these rights, please contact us at [email protected]. We will respond within 30 days.
8 Children's Privacy
Our Service is intended for use by business owners and restaurant operators. We do not knowingly collect personal data from children under 18 years of age. If we become aware that a child has provided us with personal information, we will take steps to delete it immediately.
9 Third-Party Links
Our platform may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to read their privacy policies before providing any personal information.
10 Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or technology. When we make significant changes, we will notify you via email and post the updated policy on this page.
Continued use of the Service after changes take effect constitutes your acceptance of the updated policy.