Privacy Policy / Datenschutzerklärung

Last updated: 2026-07-03

1. Controller / Verantwortlicher

Roman Rusavskyi, individual entrepreneur (ФОП) registered in Ukraine, Fontanska Doroha St. 4, 65039 Odesa, Odesa Oblast, Ukraine — e-mail: growempire94@gmail.com (the “we” in this policy). We process personal data in accordance with the EU General Data Protection Regulation (GDPR).

2. What we process

a) Restaurant accounts (owners & staff)

  • Account data: e-mail address, password hash (managed by our auth provider Supabase).
  • Restaurant content you enter: venue name, menus, dishes, prices, allergen data, photos, opening hours.
  • Daily counters of AI feature usage (translation, photo import) per restaurant — no content is stored with them.

b) Menu guests (diners)

  • No account, no tracking cookies. Guest preferences (language, theme, allergy filter, cart) are stored only in your browser (localStorage) and never sent to us.
  • Menu view statistics: an anonymous per-day counter per restaurant, plus a random identifier stored only in your browser (localStorage, “menusafe-vid”) that is sent once per visit and stored on our side only as an irreversible per-venue hash to count unique visitors. No IP address, device ID or cross-site profile is stored, and the identifier cannot be linked across different restaurants.
  • Reviews: your star rating and optional comment. To prevent abuse we store a one-way hash derived from your IP address and the restaurant; the raw IP is never stored and the hash cannot be reversed into it.

3. Processors / Auftragsverarbeiter

  • Supabase (database, authentication, file storage) — EU-hosted project.
  • Vercel (website hosting/CDN).
  • OpenRouter (AI translation and menu-photo recognition) — only the menu texts or the menu photo the owner submits are transmitted; guest data is never sent to AI providers.
  • Paddle (Paddle.com Market Ltd) — payment processing and Merchant of Record for paid plans. When you upgrade, your billing and card details are handled by Paddle; MenuSafe never receives your full card number.We store only your plan, subscription status and Paddle’s subscription/customer identifiers.

4. Legal bases

Art. 6(1)(b) GDPR (contract performance — providing the menu service to venues), Art. 6(1)(f) GDPR (legitimate interest — abuse prevention, anonymous usage statistics), Art. 6(1)(a) GDPR (consent — where explicitly requested).

5. Retention

Account and menu data are kept while the account exists and deleted upon account deletion. Review anti-abuse hashes serve rate-limiting for a rolling hour; review content remains until the venue owner or we delete it.

6. Your rights / Ihre Rechte

You have the right to access, rectification, erasure, restriction of processing, data portability and objection (Art. 15–21 GDPR), and to lodge a complaint with a supervisory authority (Art. 77 GDPR). Contact: growempire94@gmail.com.

7. Cookies & local storage

We use only technically necessary cookies: your login/session, your selected language, and which restaurant/menu you are editing (for owners). Guest preferences (language, theme, allergy filter, cart) and the anonymous visitor identifier described above live only in your browser’s localStorage. No advertising or cross-site tracking is used, so no cookie consent banner is required. When you open the checkout to buy a paid plan, Paddle may set its own cookies/scripts strictly to process that payment.