Privacy Policy
Effective date: 2026-05-05
This Privacy Policy explains what personal data MenuVista AR (“MenuVista”, “we”) collects, why we collect it, and the rights you have over it. We act as a data controller for the account information we collect about restaurant operators, and as a data processor for end-customer information that restaurants choose to collect through our Service (e.g. order names and contact details).
1. Data we collect
When you create an account or use the Service, we collect:
- Account details: full name, email, password (hashed by AWS Cognito), restaurant name, phone, address, website.
- Content: menu items, descriptions, prices, dish photos, 3D models, logos.
- Billing data: subscription plan, billing email, Stripe customer/subscription identifiers (we do not store card numbers — Stripe does).
- Operational data: order records you create, QR-code scan counts, AR generation jobs.
- Technical data: IP address, browser/device type, pages visited, errors, used to keep the Service secure and reliable.
2. How we use it
- Provide, secure, and improve the Service (legitimate interest, contract).
- Process payments and manage subscriptions through Stripe (contract).
- Send transactional email (welcome, password reset, billing, trial reminders) via Resend (contract).
- Generate AR/3D assets through third-party providers when you enable AR (contract).
- Comply with legal obligations and respond to lawful requests.
We do not sell personal data and we do not use your menu content to train third-party AI models for purposes other than producing the AR asset you requested.
3. Sub-processors
We share data with the following sub-processors strictly to operate the Service:
- Amazon Web Services (US) — hosting, database (Aurora PostgreSQL), object storage (S3), authentication (Cognito), CDN.
- Stripe (US/EU) — payment processing.
- Resend (US) — transactional email delivery.
- Meshy, Replicate, Tripo3d (US) — image-to-3D generation when AR is enabled for a dish.
Where data leaves the EEA/UK, transfers rely on standard contractual clauses or equivalent safeguards offered by the processor.
4. Cookies & similar technologies
We use first-party cookies that are strictly necessary for authentication and session management. We do not use cookies for advertising or cross-site tracking.
5. Retention
- Account & menu data: kept while your account is active. After cancellation, deleted within 90 days unless we are required to retain longer for legal or accounting reasons.
- Order data: retained per your operational needs and applicable tax/accounting law (typically 6–7 years).
- Backups: rolled off within 30 days of deletion.
- Operational logs: retained for up to 90 days.
6. Your rights (GDPR / UK GDPR / CCPA)
You can ask us to:
- access the personal data we hold about you;
- correct inaccurate data;
- delete data (right to erasure), subject to legal exceptions;
- export your data in a machine-readable format (data portability);
- restrict or object to certain processing.
Send requests to privacy@getmenuvista.com. We will respond within 30 days. If you are in the EEA/UK and believe we have mishandled your data, you also have the right to lodge a complaint with your local supervisory authority.
7. Security
Passwords are hashed by AWS Cognito; payment data is held by Stripe; data in transit is TLS-encrypted. Database and storage are encrypted at rest. Access to production systems is restricted by IAM and audited.
8. Children
The Service is not directed to children under 16, and we do not knowingly collect data from them.
9. Changes to this policy
We will notify you of material changes by email or in-app notice and update the effective date above. Continued use of the Service after the change means you accept the update.
10. Contact
Privacy questions, requests, or complaints: privacy@getmenuvista.com.
Back to home · Terms of Service