Privacy Policy

Last updated: February 23, 2026

MenuMadeMagic ("we," "us") is operated by Griffin Velichko from Vancouver, British Columbia, Canada. This policy explains what data we collect, how we use it, and your rights.

The short version: we collect what we need to run the service, we don't sell your data, and we use trusted third-party providers to process payments and host your content.

1. Data We Collect

Account Information

When you sign up, we collect:

• Email address — used for authentication, account recovery, and service communications
• Password — stored securely (hashed) by our auth provider, Supabase. We never see or store your password in plain text.

Restaurant & Menu Data

When you create a menu, you provide:

• Restaurant name, address, phone number, website, and hours of operation
• Menu items — names, descriptions, prices, and categories
• Photos — item images and menu photos uploaded for AI parsing
• Logo and branding preferences (colors)

This data is stored to display your published menu and is visible to anyone who visits your menu page.

Payment Information

Payments are processed by Stripe. We never store your credit card number, CVC, or full billing details on our servers. Stripe handles all payment data under their own privacy policy and PCI-DSS compliance. We only store your Stripe customer ID to manage your subscription.

Menu Analytics (Pro Plan)

When someone views a published menu, we collect anonymous analytics:

Data	Purpose
Visitor hash (anonymized, rotates daily)	Unique visitor counts without tracking individuals
Device type (mobile/desktop/tablet)	Help you understand how customers view your menu
Country and city (from IP, via Cloudflare)	Geographic insights
Referrer URL	Understand where traffic comes from
Section dwell time	Show which menu sections are most popular
View timestamp	Peak hours and daily trends

We do not store IP addresses. Visitor identity is hashed with a daily-rotating salt, making it impossible to trace views back to individual people.

Email Leads

If you enter your email on our signup page before completing registration, we store it to follow up with you about completing your account. You can request removal at any time.

2. How We Use Your Data

• Provide the service — display your menu, process subscriptions, generate QR codes
• AI menu parsing — when you upload a menu photo, it is sent to Google Gemini's API for text extraction. Google processes the image to return structured menu data. We do not use your photos for any other purpose.
• Analytics — aggregate anonymous view data into dashboards for Pro plan users
• Communications — send you account-related emails (confirmation, password reset, billing notifications)
• Improve the service — understand usage patterns to make the platform better

We do not sell, rent, or share your personal data with third parties for marketing purposes.

3. Third-Party Services

We use the following services to operate MenuMadeMagic:

Service	Purpose	Data Shared
Supabase	Authentication, database, file storage	Account info, menu data, photos
Stripe	Payment processing	Email, payment details
Cloudflare	Hosting, CDN, DDoS protection	Request metadata (IP, headers)
Google (Gemini AI)	Photo-to-menu text extraction	Menu photos (when you use AI parsing)

Each provider operates under their own privacy policy and data protection standards.

4. Cookies & Tracking

We use minimal cookies:

• Authentication cookie — a session token to keep you logged in. This is essential for the service to function.

We do not use third-party tracking cookies, advertising pixels, or analytics services like Google Analytics.

5. Data Storage & Security

• Your data is stored on Supabase's infrastructure (AWS, US regions) and served via Cloudflare's global CDN
• All data is transmitted over HTTPS (TLS encryption)
• Passwords are hashed using industry-standard algorithms
• Payment data is handled entirely by Stripe (PCI-DSS Level 1 compliant)
• Database access is restricted through row-level security policies

6. Data Retention

• Active accounts: data is retained as long as your account is active
• Canceled subscriptions: your menu data is preserved (unpublished) so you can re-subscribe later
• Deleted menus: soft-deleted and retained for a reasonable period, then permanently removed
• Account deletion: upon request, we will delete your account and associated data within 30 days
• Analytics data: anonymous view data may be retained for aggregate reporting

7. Your Rights

You have the right to:

• Access — request a copy of your personal data
• Correction — update inaccurate information (you can do this directly in your dashboard)
• Deletion — request deletion of your account and data
• Portability — request your data in a standard format
• Withdraw consent — stop using the service at any time

To exercise any of these rights, email us at info@menumademagic.com.

8. Canadian Privacy Law (PIPEDA)

As a Canadian business, we comply with the Personal Information Protection and Electronic Documents Act (PIPEDA). We collect personal information only for identified purposes, with your knowledge and consent. You may withdraw consent at any time by closing your account or contacting us.

9. International Users

If you are located in the European Economic Area (EEA) or other jurisdictions with data protection laws, please note that your data is processed and stored in the United States and Canada. By using MenuMadeMagic, you consent to this transfer. We process your data based on contractual necessity (providing the service you signed up for) and legitimate interest (improving the platform).

10. Children's Privacy

MenuMadeMagic is designed for business use by restaurant owners and operators. We do not knowingly collect data from anyone under the age of 16. If you believe a child has created an account, please contact us and we will delete it promptly.

11. Changes to This Policy

We may update this privacy policy from time to time. If we make significant changes, we'll notify you via email or through the platform. The "last updated" date at the top will always reflect the most recent version.

12. Contact

Questions or concerns about your privacy? Reach us at:

info@menumademagic.com
MenuMadeMagic · Vancouver, BC, Canada