Privacy Policy

Legal business name: Abdelhak perosnal business ("we", "us", "our"), trading as MenuLingo, provides multilingual menu hosting for restaurants. This Privacy Notice explains what personal data we collect, why we collect it, and the rights you have over it.

1. Who we are (Controller)

Controller status: Abdelhak perosnal business is the data controller responsible for your personal data when you use MenuLingo. You can reach us at inzitazoult@gmail.com.

2. Personal data we collect

• Account data: email address, optional full name, hashed login credentials.
• Menu content: menu items, descriptions, translations and images you upload.
• Usage and device data: IP address, browser/device identifiers, pages viewed, timestamps.
• Support data: messages you send us by email or in-app.
• Billing data: subscription status and plan information. Card and payment details are collected and processed directly by our payment provider, Paddle — we do not store full card numbers.

3. Purposes and legal basis for processing

• To provide the service (account creation, hosting menus, serving QR pages) — performance of a contract.
• To process payments and manage subscriptions — performance of a contract and legal obligation.
• Translations via the MyMemory translation API — performance of a contract.
• Security, fraud prevention and service improvement — our legitimate interests in keeping the service safe and reliable.
• Customer support — performance of a contract and legitimate interests.
• Marketing emails (if any) — your consent, which you can withdraw at any time.

4. Who we share data with

We share personal data only with the following categories of recipients. Paddle is a data-sharing recipient for checkout, payments, subscription management, tax compliance, invoicing and refunds.

• Paddle.com Market Ltd — our Merchant of Record and payment processor. Paddle handles checkout, billing, tax compliance, invoicing, refunds and subscription management on our behalf. See Paddle's privacy policy at paddle.com/legal/privacy.
• Hosting and infrastructure providers that store our database and serve our application.
• MyMemory translation API — receives menu text (without account information) to produce translations.
• Professional advisers (legal, accounting) where necessary.
• Authorities where required by law.

5. Data retention periods

Retention periods: we keep account and menu data for as long as your account is active. If you close your account, we delete or anonymise your personal data within 90 days, except where we must retain it to comply with legal, tax or accounting obligations (typically up to 7 years for billing records). Anonymous analytics may be retained indefinitely.

6. User rights

Your user rights include: access to your personal data; deletion of your personal data; correction of inaccurate data; restriction of processing; objection to processing; data portability; withdrawal of consent at any time; and the right to lodge a complaint with your local data protection authority. To exercise any of these rights, email inzitazoult@gmail.com. We will respond within one month.

7. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), encryption at rest, access controls and regular backups. No method of transmission or storage is completely secure, but we work to protect your data against unauthorised access, alteration or disclosure.

8. International transfers

Your data may be processed in countries outside your own. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

9. Cookies

We use essential cookies needed to keep you signed in and to operate the service. We do not use advertising cookies. You can manage cookies in your browser settings.

10. Changes

We may update this Privacy Notice from time to time. Material changes will be communicated by email or in-app notice.

11. Contact

Questions? Email inzitazoult@gmail.com.