Privacy Policy
Last updated: June 2026
This Privacy Policy explains how Menubear handles personal data. Menubear plays two distinct roles depending on whose data is being processed. Read the sections that apply to you.
A. About the two roles
- Menubear as Controller — for your own account data when you sign up as a restaurant operator (Sections 1–5 below).
- Menubear as Processor — for personal data about your restaurant guests, which you (the restaurant) collect through the Menubear product and store on our infrastructure. We process it on your documented instructions under ourData Processing Agreement (Section 6).
1. Data we collect from restaurant operators (Controller)
When you create an account, we collect:
- Account identity: name, email address, hashed password.
- Restaurant profile: business name, slug, contact details, plan.
- Billing data: Stripe customer and subscription identifiers. Card details are handled by Stripe, never by us.
- Product telemetry: page views and feature usage in the dashboard and guest menu, after consent (PostHog, EU-hosted). On our public marketing site we use cookieless, anonymous traffic analytics (PostHog, EU-hosted) that set no cookies and build no personal profile.
- Stability telemetry: error reports (Sentry) are collected without consent as strictly necessary monitoring — limited to the technical details of the error, with personal identifiers disabled, no cookies set, and no profile building. Performance tracing and session replay are enabled only after consent (Section 9).
2. Legal basis
- Performance of a contract (Art. 6(1)(b) GDPR) — to deliver the Service you signed up for.
- Legitimate interest (Art. 6(1)(f)) — to keep the Service running, secure, and improving. This covers the always-on error monitoring described in Sections 1 and 9, which is strictly necessary to operate the Service and captures no more than the technical error context.
- Consent (Art. 6(1)(a)) — for non-essential analytics in the dashboard and guest menu (captured via the cookie banner) and any marketing communications. Cookieless, anonymous analytics on the public marketing site rely instead on legitimate interest (Art. 6(1)(f)), as they set no cookies and identify no one.
3. How we use your data
- To provide, secure, and maintain your account.
- To process subscription payments via Stripe.
- To send transactional email (signup, billing receipts, security alerts).
- To improve the dashboard based on aggregated, opt-in analytics.
4. Retention
Account data is retained while your subscription is active. After you delete your account or ask us to, we delete it within 30 days. Records required by law (e.g. invoicing) are kept for the statutory retention period and then deleted.
5. Your rights as a Controller account holder
If you are in the EU / UK / EEA you have the right to access, correct, delete, export, restrict, or object to processing of your personal data, and to withdraw consent at any time. Contact hello@menubear.app. We will respond within 30 days.
You also have the right to lodge a complaint with a supervisory authority. Our lead authority is the Romanian National Supervisory Authority for Personal Data Processing (ANSPDCP, dataprotection.ro); you may equally complain to the data protection authority of your own EU member state.
6. Data about your restaurant guests (Processor)
When a guest places an order, books a reservation, or joins a table session through your Menubear-powered menu, personal data may be collected — guest name, phone, email, free-text notes, order contents, reservation time. You decide what to collect; we store and transmit it on your behalf.
Your obligations as Controller and our obligations as Processor are set out in theData Processing Agreement. The DPA forms part of ourTerms of Service and binds both sides from the moment you accept the Terms.
Guest deletion requests reach us either through you (via the dashboard) or directly athello@menubear.app. We forward direct guest requests to the relevant restaurant Controller for action and assist where required.
7. Third-party processors
Menubear relies on the following processors and infrastructure providers:
- Supabase — Database, auth, edge functions, realtime, storage signaling (EU, eu-central-1).
- Cloudflare R2 — Object storage for menu media.
- Stripe — Subscription billing. Card data flows directly to Stripe and is never stored on Menubear.
- Brevo / Resend — Transactional email delivery.
- Sentry — Error and performance telemetry. Error capture runs without consent and is configured not to send personal identifiers (no IP-based identification, no user profiles). Performance tracing and session replay run only after consent, with on-screen text masked in replays; Sentry additionally applies server-side data scrubbing on ingestion.
- PostHog (EU) — Product analytics in the operator dashboard and guest menu (disabled until consent is given), and cookieless, anonymous traffic analytics on the public marketing site (no cookies, no personal profiles).
- Crisp — Live chat support on the marketing site. Loaded only after you accept the live-chat consent banner; it then sets first-party cookies to maintain your chat session.
- Vercel — Hosting for the marketing site, dashboard, and guest menus.
8. International transfers
Where data is transferred outside the EEA, we rely on the European Commission's Standard Contractual Clauses (2021/914) and verify that each provider applies adequate technical and organizational safeguards.
9. Cookies and similar technologies
Strictly necessary cookies are used for authentication and to remember your locale and consent choices — no opt-in is required for these. Error monitoring (Sentry) likewise runs without consent as strictly necessary stability monitoring: it sets no cookies, sends no personal identifiers, and captures only the technical details of errors so we can fix them. In the dashboard and guest menu, analytics cookies and extended diagnostics (PostHog product analytics, Sentry performance tracing and session replay) are enabled only after you accept them in the consent banner; you can change that choice at any time by clearing site data or via the in-app banner. Our public marketing site uses cookieless, anonymous analytics that set no cookies. The only cookies it can set belong to our live chat (Crisp), which loads solely after you accept the live-chat consent banner shown there; decline, and no chat cookies are set. You can revisit that choice at any time by clearing site data.
10. Security
We use TLS in transit and encryption at rest, enforce per-restaurant data isolation via row-level security policies in the database, scope file storage by restaurant identifier, and rate-limit public endpoints. The full list of measures is in theDPA, Section 5.
11. Breach notification
We notify affected Controllers without undue delay — and within 72 hours — of a personal data breach affecting their data, with the information required under Article 33 GDPR. We notify our own data subjects (operator account holders) under the same standard.
12. Changes to this policy
Material changes are announced by email and at least 14 days before they take effect. Smaller changes are reflected here with an updated "Last updated" date above.
13. Contact
Controller of operator account data: LIONBYTE SOFTWARE S.R.L., Str. Razelor nr. 6, Sector 1, 012643 București, Romania — Trade Register J40/4856/2020, CUI 42482428 (see theLegal Notice).
Privacy contact: hello@menubear.app.