Privacy Policy
Last updated: June 1, 2026
Menu Lyns ("Menu Lyns," "we," "us," or "our") provides a software platform that helps hospitality businesses create digital QR menus, manage locations, accept guest orders, and understand menu engagement through analytics. This Privacy Policy explains how we collect, use, disclose, and protect information when you use our website, dashboard, and related services (collectively, the "Service").
By creating an account, subscribing, or otherwise using the Service, you acknowledge that you have read this Privacy Policy. If you do not agree, please do not use the Service.
1. Who this policy applies to
This policy applies to:
- Business users — restaurant owners, managers, and team members who register for and manage accounts on Menu Lyns.
- Guests — people who scan a QR code or open a public menu link without creating a Menu Lyns account. Guest interactions are processed on behalf of the hospitality business that operates the menu.
When you operate a menu on Menu Lyns, you are responsible for providing appropriate notices to your guests about how you use their information, in addition to this policy.
2. Information we collect
Account and profile information
When you sign up or manage your account, we may collect:
- Name, email address, phone number, and country
- Restaurant or business name and workspace details
- Authentication credentials (passwords are stored in hashed form by our auth provider)
- Profile preferences, including dashboard language
- Information from third-party sign-in (e.g. Google), as permitted by your settings
Subscription and billing
Paid plans are processed by our payment partner, Paddle. Paddle collects payment card and billing details directly. We receive subscription status, plan identifiers, transaction references, and limited billing metadata needed to provide access to paid features—not full payment card numbers.
Menu and business content
You may upload or enter menu structure, item names and descriptions, prices, images, branding (such as colors and logos), QR code settings, location details, and team membership information. You control this content and are responsible for its accuracy and lawfulness.
Guest and analytics data
When guests view or interact with your menus, we may process:
- Menu scan and visit timestamps associated with your place
- Device or browser identifiers used to recognize returning visitors within your workspace
- Preferred menu language and engagement signals used in analytics dashboards
- Order details submitted through the menu (items, notes, table or context you configure)
- Feedback you choose to collect from guests
We design guest analytics to help you understand aggregate menu performance, not to sell guest personal data to third parties for their own marketing.
Technical and usage data
We automatically collect certain technical information, such as:
- IP address, browser type, device type, and operating system
- Pages viewed, features used, and approximate interaction timestamps
- Session cookies and similar technologies needed for authentication and security
- Error logs and diagnostic data to maintain reliability
3. How we use information
We use information to:
- Provide, operate, and improve the Service
- Create and manage your account, workspaces, and team access
- Display public menus and process guest orders on your behalf
- Generate analytics, translation suggestions, and operational insights for your business
- Process subscriptions, invoices, and payment-related communications via Paddle
- Send service-related emails (e.g. verification, security alerts, billing notices)
- Respond to support requests and enforce our Terms of Service
- Detect fraud, abuse, and security incidents
- Comply with legal obligations and protect our rights
4. Legal bases (EEA/UK users)
Where applicable data protection law requires a legal basis, we rely on: performance of a contract (providing the Service you requested); legitimate interests (security, product improvement, and analytics that are not overridden by your rights); consent (where required, e.g. certain marketing); and legal obligation.
5. How we share information
We do not sell your personal information. We may share information with:
- Service providers who help us run the Service, including hosting, database, authentication (e.g. Supabase), email delivery, and payment processing (Paddle), under contractual confidentiality and security obligations
- Your team members according to roles and permissions you assign within a workspace
- Other parties when required by law, to protect rights and safety, or in connection with a merger, acquisition, or asset sale (with notice where required)
6. International transfers
We and our subprocessors may process data in countries other than where you live. When we transfer personal data internationally, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms where required by law.
7. Data retention
We retain information for as long as your account is active or as needed to provide the Service, resolve disputes, enforce agreements, and meet legal requirements. You may request deletion of your account subject to applicable law and legitimate retention needs (e.g. billing records).
8. Security
We implement administrative, technical, and organizational measures designed to protect information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.
9. Your rights and choices
Depending on your location, you may have rights to access, correct, delete, restrict, or object to certain processing of your personal information, and to data portability or withdrawal of consent where processing is consent-based.
To exercise rights relating to your Menu Lyns account, contact us at support@qrmenu.app. We may need to verify your identity. Guests should contact the restaurant that operates the menu for requests about guest-specific data we process on the restaurant's behalf.
10. Children
The Service is intended for businesses and is not directed to children under 16. We do not knowingly collect personal information from children. If you believe we have collected such information, contact us and we will take appropriate steps to delete it.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the revised version on this page and update the "Last updated" date. Material changes may be communicated by email or in-app notice where appropriate. Continued use after changes become effective constitutes acceptance of the updated policy.
12. Contact us
Questions about this Privacy Policy or our data practices: support@qrmenu.app