Privacy Policy

Menu.ceo ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered restaurant menu generation and hosting service.

Our service is operated from the United States and is intended for businesses using our platform at menu.ceo and mn.ink.

Personal information

• Contact details such as name and email address
• Business details such as restaurant name, address, phone number, and opening hours
• Payment information processed by Stripe (we do not store full card details)

Content you provide

• Images you upload, including menu photos, restaurant photos, and logos
• Menu data such as items, descriptions, and prices extracted from your uploads
• Additional website and menu page content you submit through the Service

Automatically collected information

• Usage data, such as pages visited, time spent, and actions taken
• Device information, such as browser type, operating system, and device type
• IP address data used for security, fraud prevention, and regional customisation

We use your information to:

• Provide the Service, including menu generation and hosting links such as mn.ink/your-restaurant
• Process payments, invoices, and related receipts
• Communicate service updates and support responses
• Improve product quality, reliability, and features
• Detect abuse, fraud, and security incidents
• Comply with legal and regulatory obligations

We process personal information to:

• Provide and operate the Service you request
• Improve, secure, and troubleshoot our platform
• Meet legal, regulatory, accounting, and tax obligations
• Process information with your consent where required by law

We share information with trusted third parties that help us deliver and operate the Service:

• Stripe: payment processing and transaction management
• Anthropic: AI processing for menu parsing and content generation
• Google: AI processing and analytics infrastructure support
• Cloudflare: hosting delivery, CDN, and security services
• Google Analytics: optional analytics, enabled only with your consent

These providers are contractually required to protect personal data and use it only for specified service purposes.

We retain data for the following periods:

• Website and menu content: while your subscription is active, plus up to 90 days after cancellation
• Account information: until deletion is requested, or up to 90 days after subscription end, unless longer retention is required by law
• Payment and tax records: up to 7 years for legal and accounting obligations
• Uploaded images: while your subscription is active, plus up to 90 days after cancellation

Backup copies may remain for a limited period before secure deletion.

Depending on your U.S. state of residence, you may have rights to:

• Know and access the personal information we hold about you
• Request correction of inaccurate personal information
• Request deletion of your personal information
• Request a copy of your data in a portable format
• Appeal certain privacy-rights decisions where applicable
• Opt out of certain uses, including targeted advertising where applicable

To exercise your rights, contact privacy@menu.ceo. We may need to verify your identity before completing your request.

We are based in the United States, and some providers may process data in other countries. When we transfer data internationally, we use reasonable contractual and technical safeguards designed to protect personal information.

We use cookies and similar technologies to run the Service and understand usage patterns.

• Essential cookies: required for security, login, and core functionality
• Consent cookie: stores your cookie preferences (for example, cookie_consent)
• Optional analytics cookies: Google Analytics cookies set only after consent

See our Cookie Policy for more details.

We implement appropriate technical and organizational security measures, including:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest where applicable
• Access controls and authentication safeguards
• Regular monitoring and security review processes

No method of transmission or storage is completely secure, but we continuously work to protect your information.

Our Service is intended for business users and is not directed to individuals under 18. We do not knowingly collect personal data from children.

We may update this Privacy Policy from time to time. If we make material changes, we will post the updated policy on this page and revise the "Last updated" date.

If you have questions about this Privacy Policy or want to exercise your data rights, contact us: