Privacy Policy

How we collect, use, and protect your personal information

Terms of ServicePrivacy Policy

Effective Date

March 18, 2026

Company

EasyMenus

Contact

hello@easymenus.net

Introduction

This Privacy Policy explains how EasyMenus ("we," "us," "our") collects, uses, and discloses Personal Data of users of our website, platform, and applications (collectively, the "EasyMenus Platform").

By accessing or using the EasyMenus Platform, you consent to the collection, use, storage, disclosure, and transfer of your Personal Data as outlined in this Policy. If you do not agree, you should discontinue use of the Platform.

1. What Data We Collect

Personal Data means any information that can directly or indirectly identify you:

  • Account Information: name, email address, password.
  • Business Information: restaurant name, address, hours, website, contact links.
  • Billing Information: payment details processed by Stripe. We do not store full card details.
  • Content Data: menus, categories, item descriptions, photos, logos, and allergen information you upload.
  • Usage Data: IP address, device/browser type, login times, activity logs.
  • Analytics Data: menu views, item clicks, visitor language and device statistics.
  • Communications Data: messages you send to support, feedback, and requests.
  • Engagement Data: achievements earned, ingredient credits, feature unlocks, and rank progression.

2. Why We Process Personal Data

Under GDPR and similar privacy regulations, we rely on the following lawful bases for processing your Personal Data: contract performance (account creation, service delivery, billing), legitimate interest (analytics, security, engagement system, product improvement), consent (marketing emails, non-essential cookies), and legal obligation (tax compliance, regulatory requirements).

  • Account Management: to create, verify, and manage your EasyMenus account.
  • Service Delivery: to host your digital menus, manage your restaurant profile, and process QR code generation.
  • Payments: to process subscription fees, prepaid ingredient packs, free trials, upgrades, and refunds via Stripe.
  • Analytics: to provide insights into menu performance and visitor behaviour.
  • AI Features: to generate dish photos, custom themes, and menu translations using third-party AI providers (OpenAI, Anthropic).
  • Engagement System: to track achievements, award ingredient credits, and personalise your dashboard experience.
  • Marketing (with consent): to send product updates, tips, weekly digests, and feature announcements.
  • Security: to prevent fraud, bot signups (via Cloudflare Turnstile), and misuse of the Platform.
  • Legal Obligations: to comply with applicable law, tax, or regulatory requirements.

3. Customer Accounts

When you create an EasyMenus account, we collect your name, email address, password (hashed), and restaurant name. If you sign up via a third-party provider (e.g., Google), you authorise us to access certain profile data consistent with your privacy settings.

4. Menu Publishing

When you publish a digital menu, we process and display menu items, categories, descriptions, prices, uploaded images, allergen information, pairing suggestions, add-ons, and staff notes. This information is hosted on our servers and visible to the public via your menu URL.

5. Billing & Payments

  • Payments are processed via Stripe. EasyMenus does not store full payment card details.
  • We retain limited payment metadata (last 4 digits, card brand) for fraud prevention.
  • Subscription history and invoices are retained for accounting and tax compliance.
  • Prepaid plan access packs are processed as one-time Stripe payments.

6. Customer Support

When you contact us, we may collect your name, email, restaurant information, account details, and message content. We retain this information to improve support quality.

7. Analytics & Cookies

We use cookies and tracking technologies to improve the EasyMenus experience:

  • Functional Cookies: store login sessions, preferences, and settings.
  • Analytics Cookies: measure visits, page views, and user flow.
  • Marketing Cookies (with consent): deliver personalised updates.

Cookie consent is managed via Cookiebot. For a detailed list of all cookies used on the Platform, visit our Cookie Declaration. You may disable cookies in your browser or adjust your preferences via the cookie consent banner, but some features may not function properly.

8. Marketing & Communications

We may send you:

  • Service-related notices (OTP codes, billing receipts) — cannot opt out.
  • Product updates, tips, and weekly digests — opt-in only, with one-click unsubscribe.
  • Drip emails to help you complete your menu setup — can be disabled in Settings.

You can manage your email preferences at any time in your account Settings page.

9. Sharing of Data

We may share your Personal Data with:

  • Stripe — payment processing.
  • Amazon Web Services (AWS) — hosting, storage (S3/CloudFront), email (SES).
  • OpenAI / Anthropic — AI-powered features (dish photos, theme generation, translations, allergen detection). Menu item names, descriptions, prices, and categories may be transmitted to these providers' APIs for processing. Personal account data (name, email, billing) is never shared with AI providers. Data sent via API is not used to train their models, per our data processing agreements.
  • Cloudflare — security, Turnstile CAPTCHA, DNS.
  • Google (Tag Manager, Analytics) — website analytics, event tracking, and conversion measurement.
  • Hotjar — session recording and heatmaps for UX improvement. Hotjar anonymises sensitive form fields by default.
  • Cookiebot — cookie consent management.
  • Professional advisors (legal, accounting) — if required.
  • Regulatory authorities — if legally required.

We do not sell or rent your data to advertisers.

10. Data Retention

  • Account and billing data: retained for 7 years for legal compliance.
  • Menu content: retained while your account is active. Deleted within 30 days of account deletion.
  • Analytics events: retained for 12 months, then anonymised.
  • Support data: retained for training and quality improvement.
  • Achievement and credit history: retained while your account is active.

11. Your Rights

Depending on your jurisdiction (including under GDPR, PIPEDA, and CCPA), you have the right to:

  • Access: download all your data via Settings → "Download My Data".
  • Correction: edit your information in the editor or Settings page.
  • Deletion: permanently delete your account via Settings → "Delete My Account". This removes all data including menus, items, analytics, and achievements.
  • Data Portability: export your data as JSON from the Settings page.
  • Withdraw Consent: opt out of marketing emails via unsubscribe links or Settings.
  • Object to Processing: contact us to restrict or object to specific processing.
  • Complaint: file a complaint with your local Data Protection Authority.

Requests can be sent to hello@easymenus.net.

12. Security

We use encryption, TLS/SSL, hashed passwords (bcrypt), secure hosting on AWS, and Cloudflare protection. While we take reasonable precautions, no system is 100% secure. Database backups are performed every 6 hours.

13. International Transfers

If you access the Platform outside Canada, your data may be transferred internationally. Our servers are hosted in AWS regions. We ensure safeguards are in place to protect your data under applicable law.

14. Children's Privacy

EasyMenus is not directed at children under the age of 16. We do not knowingly collect data from minors. If you believe we have, contact us at hello@easymenus.net.

15. Changes to This Policy

We may update this Privacy Policy to reflect legal, technical, or business changes. Updates will be posted with a new Effective Date. If required by law, we will request your consent for material changes.

16. Contact Us

EasyMenus

Email: hello@easymenus.net

Website: easymenus.net

← Terms of Service

© 2026 EasyMenus. All rights reserved. 🍁