Legal

Privacy Policy

Last updated: July 14, 2026

Who we are

Menuate is a menu digitization service operated by Jonathan Karam Romero (trading as "Menuate"). For the purposes of applicable data protection laws, Jonathan Karam Romero is the data controller responsible for the personal data processed through the Menuate dashboard and public menu pages. This policy explains what we collect from restaurants using our dashboard and from guests scanning a Menuate menu.

What we collect

  • Restaurant accounts: email address and authentication identifiers from Google Sign-In.
  • Menu content: photos, PDFs, item names, descriptions, prices, allergens, and translations you upload or generate.
  • Usage analytics: aggregated scans, page views, and concierge questions to help you improve your menu.
  • Payment metadata: subscription status and billing identifiers received from our Merchant of Record. We never see or store card numbers.

How we use it and legal basis

We use your data to operate the service, generate translations, power the guest AI concierge, and provide analytics. Our legal bases for processing are:
  • Performance of a contract — to provide the Menuate service you have subscribed to (account, menu hosting, translations, concierge).
  • Legitimate interests — to secure the service, prevent fraud and abuse, and improve product quality through aggregated analytics.
  • Consent — where required, for optional analytics or marketing communications. You can withdraw consent at any time.
  • Legal obligation — to comply with tax, accounting, and other legal requirements.
We do not sell personal data and do not use guest questions to train third-party models beyond what our AI provider requires for real-time inference.

Data sharing and sub-processors

We share data only with the sub-processors needed to run Menuate:
  • Hosting & database provider — to store your account and menu data.
  • Authentication provider — Google, for Sign-In.
  • AI gateway — for translations and concierge responses.
  • Paddle.com Market Ltd. — our Merchant of Record. Paddle handles all payment processing, subscription billing, invoicing, sales tax, and refunds. When you subscribe, Paddle receives the personal and payment data required to complete the transaction and manage your subscription. See Paddle's privacy notice at paddle.com/legal/privacy.
  • Professional advisers (legal, accounting) and authorities where required by law.

Retention

Menu data is retained while your subscription is active. If you cancel, we retain your menus for 90 days so you can reactivate, then permanently delete them on request or after that window. Billing records held by our Merchant of Record are retained per their own retention policy and applicable tax law.

Security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and least-privilege database policies.

Your rights

Depending on your jurisdiction, you may have the right to access, rectify, erase, restrict, port, or object to processing of your personal data, and to withdraw consent. You can also lodge a complaint with your local data protection authority. To exercise these rights, contact privacy@menuate.app. Guests interacting with a Menuate menu can ask the restaurant to remove any question logs tied to their session.

Contact

Data controller: Jonathan Karam Romero. Questions about this policy? Email privacy@menuate.app.