MenuBear
Start free

Data Processing Agreement (DPA)

Last updated: June 2026 · Effective on account creation

This Data Processing Agreement ("DPA") forms part of the Terms of Service between LIONBYTE SOFTWARE S.R.L. (Str. Razelor nr. 6, Sector 1, 012643 București, Romania — Trade Register J40/4856/2020, CUI 42482428), operating the Menubear platform ("Menubear", "Processor"), and the Customer ("Controller"). It governs how Menubear processes personal data on the Controller's behalf in connection with the Service, in accordance with Article 28 of the EU General Data Protection Regulation (GDPR).

1. Roles

The Customer is the Controller of personal data about its restaurant guests (e.g. order details, reservation contact information, table-session data). Menubear acts as the Processor of that data, on the Controller's documented instructions encoded in the configuration of the Service.

Menubear is the Controller of personal data about the Customer's own users (staff accounts: email, role, login activity) and billing data (Stripe). That processing is described in our Privacy Policy.

2. Subject Matter, Duration, Nature & Purpose

  • Subject matter: Processing of personal data necessary to deliver the digital menu, ordering, reservation, table session, and loyalty features of the Service.
  • Duration: For as long as the Controller maintains an active account, plus the deletion window in Section 7.
  • Nature & purpose: Storage, transmission, retrieval, and display of guest data to operate the Service.
  • Categories of data: Guest names, phone numbers, email addresses, order contents, reservation times and party size, free-text guest notes, anonymous device-scoped tokens.
  • Categories of data subjects: Guests of the Customer's restaurant(s).

3. Controller Obligations

  • The Controller is responsible for the lawful basis on which guest data is collected (typically performance of a contract or legitimate interest for in-restaurant ordering, and consent where required).
  • The Controller must inform guests about Menubear's role as a processor — referencing this DPA satisfies that requirement.
  • The Controller must ensure their staff accounts use strong credentials and that role assignments (WAITER / MANAGER / ADMIN) reflect the principle of least privilege.

4. Processor Obligations

  • Process personal data only on the Controller's documented instructions, including transfers outside the EEA where required.
  • Ensure persons authorized to process the data are bound by confidentiality.
  • Implement appropriate technical and organizational measures (Section 5).
  • Assist the Controller in responding to data subject requests (access, deletion, portability) — see Section 7.
  • Notify the Controller without undue delay (and in any case within 72 hours) of any personal data breach affecting the Controller's data.
  • Make available to the Controller all information necessary to demonstrate compliance with Article 28 GDPR.
  • Inform the Controller immediately if, in Menubear's opinion, an instruction infringes the GDPR or other applicable data protection law.

5. Security Measures

  • Transport encryption (TLS 1.2+) for all network traffic.
  • At-rest encryption of database and file storage.
  • Row-level security policies enforcing per-restaurant data isolation in the database.
  • Role-based access control at the application layer (WAITER / MANAGER / ADMIN / SUPER_ADMIN).
  • Audit logging of administrative actions and Stripe billing events.
  • Rate limiting on public endpoints (orders, reservations, menu reads).
  • Routine review of subprocessor security posture (Section 6).

6. Subprocessors

The Controller authorizes Menubear to engage the following subprocessors. Menubear will give 30 days' notice before adding or replacing a subprocessor; the Controller may object in writing during that period, in which case Menubear will work in good faith to provide a commercially reasonable alternative.

  • Supabase — Database, authentication, edge functions, realtime, and file storage signaling. Hosted in the EU (eu-central-1).
  • Cloudflare R2 — Object storage for menu images and short-form videos.
  • Stripe — Billing for the Controller's Menubear subscription (no guest data).
  • Brevo (Sendinblue) / Resend — Transactional email delivery for guest order and reservation confirmations.
  • Sentry — Error and performance telemetry. Error capture is configured not to send personal identifiers and runs as strictly necessary stability monitoring; performance tracing and session replay are consent-gated, with on-screen text masked in replays. Sentry applies server-side data scrubbing on ingestion.
  • PostHog (EU) — Product analytics in the Controller's dashboard and guest menu, consent-gated (loaded only after the guest accepts the cookie banner). Hosted in the EU.
  • Vercel — Hosting for the Menubear web applications.

7. Data Subject Requests, Deletion & Return

Menubear assists the Controller in honoring guest rights under Articles 15–22 GDPR (access, rectification, erasure, restriction, portability, objection). Guest deletion requests are actioned by emailinghello@menubear.app with sufficient information to identify the data subject; Menubear confirms completion within 30 days.

On termination of the Controller's account, Menubear deletes the Controller's data within 30 days unless retention is required by law (e.g. tax records). On request and before deletion, the Controller may obtain an export of its data by emailinghello@menubear.app.

8. International Transfers

Where personal data is transferred outside the EEA (e.g. Sentry, Stripe, parts of Cloudflare's network), Menubear relies on the European Commission's Standard Contractual Clauses (2021/914) supplemented by adequate technical measures.

9. Audits

On reasonable written request, and no more than once per twelve-month period, Menubear will provide the Controller with summaries of relevant security policies, subprocessor SOC 2 / ISO 27001 attestations, and infrastructure documentation. On-site audits are not available; remote audits and written questionnaires are.

10. Liability and Order of Precedence

Liability under this DPA is governed by the Terms of Service. In case of conflict between this DPA and the Terms of Service, this DPA prevails with respect to data protection matters.

11. Acceptance

By creating an account or continuing to use the Service after the effective date above, the Controller accepts this DPA. A counter-signed copy is available on request tohello@menubear.app.