Privacy Notice
Last updated: June 2026
1. Who we are
MenuScan is operated by My Manage LLC. We are the data controller for personal data processed through the service. Contact: crowd1events@gmail.com.
2. What we collect
- Account data: email, name, role (traveler / restaurateur), login credentials.
- Content: menus you upload, translations you generate, restaurant details.
- AI Waiter conversations: when a diner chats with the AI waiter on a restaurant menu page, the messages exchanged (user prompts and assistant replies), the table number, and the chosen language are stored and made visible to the restaurant owner in their dashboard.
- Usage & technical: IP address (hashed), device type, browser, pages viewed, translation history.
- Support: messages you send us.
Payment card data is collected directly by Stripe — we never see or store it.
3. Why we use it & legal basis
- Provide the service and your account (contract).
- Translate menus via AI (contract).
- Prevent fraud and enforce quotas (legitimate interest).
- Improve the product (legitimate interest).
- Customer support (contract / legitimate interest).
- Send transactional emails (contract); marketing only with consent.
- Comply with legal obligations (tax, fraud, audit).
4. Who we share it with
- Stripe — payment processor; processes payments, stores card data, and manages subscriptions.
- Supabase & Cloudflare — hosting and infrastructure subprocessors.
- AI translation providers (Google Gemini via Lovable AI Gateway) — to translate menu text.
- Authorities — where required by law.
- Professional advisers — legal, accounting.
5. International transfers
Some of our subprocessors are located outside the UK/EEA. Where applicable we rely on Standard Contractual Clauses or adequacy decisions to safeguard transfers.
6. Data retention
We keep account data while your account is active and for up to 12 months after deletion to handle disputes and legal obligations. Translation logs are kept for up to 12 months. AI Waiter conversations are kept as long as the restaurant account is active and the owner has not deleted them from the dashboard. Anonymous IP hashes are kept for up to 90 days.
7. Your rights
You may access, correct, delete, restrict, or port your personal data, object to processing, or withdraw consent. To exercise these rights or complain, contact crowd1events@gmail.com. EU/UK users may complain to their supervisory authority. We aim to respond within one month.
8. Security
We use industry-standard technical and organisational measures including encryption in transit, encrypted-at-rest databases, hashed credentials, access controls, and Row Level Security.
9. Cookies
We use essential cookies for authentication and session management. We do not use marketing cookies. You can manage cookies in your browser settings.