Privacy Policy
Last updated: June 27, 2026
MenuIQ, LLC — A Delaware Limited Liability Company
Introduction
MenuIQ, LLC ("MenuIQ," "we," "us," or "our") operates a digital menu platform with AI-powered allergen identification and a consumer mobile application, MenuIQ AI. This Privacy Policy explains how we collect, use, share, and protect your information when you use the MenuIQ platform, website, mobile applications, and related services (collectively, the "Service").
MenuIQ is a digital menu and dining-discovery platform — not an ordering or delivery service. We do not fulfill food orders or track delivery logistics. We do process subscription payments (through Apple and Stripe, depending on platform), and the MenuIQ AI app collects health-related dietary information you choose to provide so it can personalize your results. This policy describes those practices in detail.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
This policy covers three audiences, and not every section applies to you:
Restaurant Operators — businesses that create accounts to build and publish digital menus.
Menu Browsers — anyone who views a published restaurant menu on the web or by QR code.
MenuIQ AI App Users — people who use our consumer mobile app to discover restaurants, scan and translate menus, and get a Personal Fit Score.
1. Information We Collect
1.1 Restaurant Operator Information (Account Holders)
When you create a Restaurant Operator account, we collect:
Account Information: Email address, password (stored as a bcrypt hash — we never store passwords in plain text), and restaurant name and contact details.
Menu Content: Menu item names, descriptions, ingredients, pricing, and images you upload, including Allergen Information (both AI-generated suggestions and your manual edits).
Subscription and Billing: Web subscriptions are processed by Stripe. We receive transaction confirmations, subscription status, and billing history. We never receive or store your full credit card number, CVV, or banking credentials.
Usage Data: Login timestamps, features used, menu edits, AI scan requests, and account activity.
Communications: Any messages you send to our support team.
1.2 Menu Browser Information (Published Menus)
People who view published restaurant menus on the web or by QR code do not create accounts. We collect minimal information automatically: device type, operating system, browser type, IP address (for security and fraud prevention), pages viewed, time on page, and referring URL. See Section 8 (Cookies). We do not collect names or email addresses from menu browsers.
1.3 MenuIQ AI App Information
The MenuIQ AI mobile app is live. You can use core features as a guest; some data below is collected only if you create an account, and certain items are not linked to your identity in guest mode. Depending on the features you use, we collect:
Account & Identifiers: If you sign in, your email and display name/handle via Apple Sign-In or Google Sign-In, plus internal identifiers (a user ID, your sign-in provider ID, a hashed email, and any referral code).
Health & Dietary Profile (Sensitive — see Section 1.4): The allergens, dietary preferences, wellness goals, pregnancy mode status, and related health conditions or cross-contamination sensitivities you choose to provide. We use this to generate your Personal Fit Score and to flag items to avoid. This information is stored on our servers, linked to your account, and used as context when we analyze menus (see Section 3).
Menu Scans & Content: Photos, PDFs, or links of menus you submit; the dishes and details we extract from them; your saved/"hearted" items; and menus you share.
Profile Photo (optional): If you add a profile photo, we screen it for inappropriate content using Google Cloud Vision before storing it.
Personal Fit Score: A computer-generated estimate, produced by our automated models, of how well a restaurant or dish aligns with your profile (see Sections 3 and 4).
Location: With your permission: precise location used on your device to show the map and nearby results; scan-time coordinates (approximately 11 meters) sent to our servers to identify the restaurant you're at; and coarse profile location (approximately 1 km) for features such as showing people near you. We do not share your location with third parties. You can decline location access; some discovery features will be limited.
Contacts (optional): If you choose to find friends, email addresses from your address book are hashed (SHA-256) on your device before transmission and used only to match existing MenuIQ users. We do not store your raw contacts.
Purchases: Subscription tier and status. On iOS, subscriptions are processed through Apple In-App Purchase and managed via RevenueCat; on the web, through Stripe.
Usage & Diagnostics: Scan counts and interaction counts; and crash/error diagnostics (with authentication details stripped) via Sentry in production.
1.4 Sensitive Health Information — How We Handle It
The allergen, dietary, pregnancy, and health-condition data you provide in the MenuIQ AI app is sensitive personal information (health-related data) under the CCPA/CPRA, GDPR, and most state privacy laws. We handle it with enhanced protections:
We collect only what you choose to provide, and use it solely to personalize your results — generating your Personal Fit Score, flagging items to avoid (including in pregnancy mode), and tailoring menu analysis.
To analyze a menu against your needs, the relevant dietary context is sent together with the menu to our AI provider, Google (Gemini API), for processing (see Section 3).
This data is stored on our servers and linked to your account so your profile and Fit Scores persist across devices and sessions.
We never sell this data, never share it for advertising or cross-context behavioral advertising, and never use it for marketing.
You can view, edit, or delete your health and dietary profile at any time in the app, or by emailing support@menuiq.ai. See Section 7.
Correction note: A prior version of this policy stated that allergen preferences were "stored locally on your device only" and "not uploaded to our servers." That is not how the MenuIQ AI app works — your profile is processed by our AI provider and stored server-side to power the Personal Fit Score across sessions. This version states our actual practice.
2. How We Use Your Information
2.1 Service Delivery. To operate the Service: menu management and publishing for Operators; menu browsing; and, in the app, restaurant discovery, the Personal Fit Score, menu scanning, translation, pregnancy-mode flagging, saving/sharing, and social features (following others, recommendations).
2.2 AI Menu Analysis & Personalization. We use AI to (a) identify potential allergens and dietary attributes in menu text and images, and (b) generate your Personal Fit Score by comparing menu data against your dietary/health profile. See Section 4.
2.3 Translation. In the app, we use AI to translate menus and describe dishes.
2.4 Analytics and Improvement. We use aggregated, de-identified usage data to improve features, performance, and reliability. We do not use individual browsing behavior for profiling for advertising or for targeted advertising.
2.5 Communications. Transactional messages (account verification, password resets, subscription confirmations, material changes to our Terms or this policy). We do not send marketing emails without your opt-in consent.
2.6 Safety, Security, and Legal Compliance. To protect the Service and users, prevent fraud and abuse, comply with law, and enforce our Terms.
3. How We Share Your Information
We do not sell your personal information, do not share it for cross-context behavioral advertising, and do not use it for targeted advertising. We share information only with service providers who process data on our behalf under contractual restrictions, and as described below.
Google LLC — Gemini API (AI Processing). Menu text and images you submit, together with the dietary context needed to analyze them, are sent to Google's Gemini API for real-time analysis (allergen/dietary identification, Fit Score inputs, translation, dish descriptions). Google processes this data as our service provider, under the Google Gemini API terms applicable to our account, solely to provide the analysis. (Engineering to confirm the Gemini API tier: on the paid tier Google does not use submitted data to train its models; on the free/AI-Studio tier it may. We do not assert a no-training commitment here until that is confirmed.)
Google LLC — Cloud Vision API (Image Moderation). If you upload a profile photo, it is screened by Google's Cloud Vision API for inappropriate content before it is stored. Google processes the image as our service provider for this purpose only; we use this to keep the community safe, not to identify you.
Payment & subscription sub-processors. When you purchase a subscription, we share what is needed to process and manage it. We never receive or store your full payment card number — card data is handled directly by the processor.
Stripe, Inc. (web payments) — processes your name, email, billing address, the last four digits and card type of your payment method, and your IP address for fraud prevention. See Stripe's Privacy Policy.
Apple Inc. (iOS in-app purchases) — Apple processes your payment under its own terms; we receive only a transaction identifier and subscription status, never your payment details. See https://www.apple.com/legal/privacy/.
RevenueCat, Inc. (subscription management) — validates App Store receipts and manages your subscription entitlement; receives purchase/receipt data, an app-specific user identifier, and device/platform information. See https://www.revenuecat.com/privacy/.
Apple / Google (Sign-In). If you choose to sign in, your provider authenticates you and shares basic profile data (email, name) with us.
Railway (Cloud Hosting) and Cloudflare (Media Storage & CDN). Account and application data is hosted on Railway; menu images and media are stored on Cloudflare R2 and delivered via Cloudflare's CDN. (Confirm current stack — see top.)
Sentry (Diagnostics). Crash and error diagnostics, with authentication details stripped, in production.
We may also disclose information if required by law or valid legal process; to protect our rights, users' safety, or the public; or in connection with a merger, acquisition, or sale of assets (in which case your information remains subject to this policy or a successor policy at least as protective).
4. Artificial Intelligence and Automated Decision-Making (ADMT)
4.1 Two AI Functions
(a) Menu & allergen analysis. We analyze menu text and images to identify potential allergens and dietary attributes. For Operators, this produces suggestions you review and edit before publishing. In the app, it powers scanning and translation.
(b) Personal Fit Score. We use automated models to generate a score estimating how well a restaurant or dish aligns with the dietary preferences and restrictions in your profile. This is automated processing/profiling of your personal information, including sensitive health-related data.
4.2 AI Limitations
AI output — including allergen identification and the Personal Fit Score — is advisory only and may be inaccurate, incomplete, or outdated. It can miss allergens, mis-flag allergens, and cannot account for cross-contamination, hidden ingredients, recipe changes, or day-to-day kitchen variation. It is a starting point, not a verified determination and not medical, nutritional, dietary, or allergen-safety advice. Always confirm directly with the restaurant before ordering, especially for allergies, intolerances, medical dietary needs, or pregnancy. See our Terms of Service.
4.3 AI Training
We do not sell your data to train third-party models, and we do not use your health/dietary profile to train models. Google processes the menu content and context we send under the Gemini API terms applicable to our account (see Section 3); whether that content may be used to improve Google's models depends on our API tier, which engineering must confirm before we make any representation about it. We may use de-identified, aggregated patterns to improve our own Service.
4.4 ADMT Disclosure (CCPA/CPRA and similar laws)
Business purpose: To identify potential allergens/dietary attributes in menus, and to generate a Personal Fit Score that helps you discover restaurants and dishes that may fit your dietary needs.
Data processed: Menu names, descriptions, ingredients, and images; and, for the Fit Score, the allergen/dietary/pregnancy/wellness profile you provide.
Logic: Automated pattern-matching and scoring of menu data against your stated profile and against known allergen/ingredient profiles.
Output: Allergen/dietary tags and a Personal Fit Score — estimates and suggestions, not guarantees or verified facts, and not decisions that produce legal or similarly significant effects about you.
Your choices and rights: Providing a profile is optional; you can edit or delete it at any time, and you can use the app without a Fit Score. You may request human review of, or more information about, an automated result by emailing support@menuiq.ai. Where required, we obtain your consent before processing sensitive data for personalization, and you may withdraw it. We honor applicable opt-out/limitation rights for automated decision-making and sensitive data (see Section 7).
5. Data Retention
Data Type | Retention Period | Reason |
|---|---|---|
Restaurant Operator account data | Duration of account + 30 days after deletion request | Service delivery and account recovery |
Menu content and Allergen Information | Duration of active subscription; deleted when subscription ends | Service delivery |
App account & profile (incl. dietary/health profile) | Until you delete it or close your account | Personalization; user-controlled |
Menu scans, extracted items, AI results & Fit Score history | [Confirm with engineering — state real period] tied to your account; transient scan transmissions to Google retained briefly by Google for abuse/legal only | Service delivery; history |
Hashed contacts (find-friends) | Not retained after matching | Privacy-forward; matching only |
Payment/transaction records (Stripe / Apple via RevenueCat) | 7 years | Tax and legal compliance |
Browsing & app usage analytics | 13 months, then anonymized | Service improvement |
Precise location (scan-time) | [Confirm — recommend not retained beyond restaurant identification] | Restaurant identification |
Diagnostics (Sentry) | [Confirm Sentry retention] | Stability and debugging |
Cookie consent records | 24 months | Regulatory audit trail |
IP addresses | 90 days | Security and fraud prevention |
Support communications | 2 years | Issue resolution |
When data is deleted, it is removed from active systems within 30 days; backups may persist up to 90 days before automatic deletion.
6. Data Security
We use industry-standard technical and organizational measures: TLS 1.2+ in transit; bcrypt password hashing with salt; on-device SHA-256 hashing of contacts before transmission; role-based access controls; regular security testing; and SOC 2-aligned infrastructure providers. No system is perfectly secure, and we cannot guarantee absolute security; you are responsible for safeguarding your account credentials.
7. Your Privacy Rights
7.1 All Users
You may access, correct, delete, and (for Operators) port your personal information. In the MenuIQ AI app, you can view, edit, and delete your dietary/health profile directly in Settings. To exercise rights, email support@menuiq.ai with "Privacy Rights Request" in the subject line. We respond within 30 days (45 for complex requests, with notice).
7.2 California Residents (CCPA/CPRA)
You have the rights to Know, Delete, Correct, Opt-Out of Sale/Sharing (we do neither), Limit Use of Sensitive Personal Information, and Non-Discrimination. Because we now process your dietary/health profile on our servers to provide personalization, your right to limit the use of sensitive personal information is honored through an actual control: you may delete your profile or contact us to limit its use to providing the core Service (you may lose personalization, such as the Fit Score).
Categories of personal information collected in the past 12 months:
Category | Collected | Business Purpose |
|---|---|---|
Identifiers (email, name, device/user IDs) | Yes | Accounts, app functionality |
Commercial information (subscription, billing) | Yes | Subscription management |
Internet/app activity (browsing, usage) | Yes | Service improvement |
Geolocation (precise + coarse, app) | Yes — with permission | Restaurant identification; nearby features |
Professional information (restaurant details) | Yes — Operators | Service delivery |
Sensitive personal information (allergen/dietary/pregnancy/health data; precise geolocation) | Yes — app users who provide it | Personalized results and Fit Score |
User content (menu photos/scans, profile photo, shared items) | Yes — app users | Scanning, analysis, content moderation |
We have not sold or shared personal information for cross-context behavioral advertising, and do not intend to.
7.3 Virginia, Colorado, Connecticut, Oregon, Texas (and similar state laws)
You have rights to access, correct, delete, and opt out of certain processing. Because the app collects sensitive data and precise geolocation:
Virginia & Connecticut: We obtain your opt-in consent before processing sensitive data and before collecting precise geolocation.
California & Oregon: We do not sell location or other personal data.
Texas: Sensitive data (including allergen/health and precise location) receives enhanced notice and security. Contact support@menuiq.ai to exercise these rights.
7.4 European Residents (GDPR/UK GDPR)
Lawful bases: contract (providing the Service), legitimate interests (analytics, security — balanced against your rights), and consent (marketing; non-essential cookies; and explicit consent under Article 9 for health-related dietary/pregnancy data). You have rights of access, rectification, erasure, restriction, portability, objection, withdrawal of consent, the right to lodge a complaint with your supervisory authority, and the right to human review of automated decisions (Article 22) — relevant to the Personal Fit Score. Data is processed in the United States under the EU-US Data Privacy Framework and/or Standard Contractual Clauses.
8. Cookie Policy
Essential cookies (session, CSRF token, cookie-consent record) are always active. Analytics cookies ([name the actual provider — placeholder in prior policy]) are opt-in for EU/EEA users and opt-out for US users. We do not use marketing/advertising cookies; if that changes, we will update this policy and obtain consent where required. Manage cookies via our consent banner, your browser, or the footer "Cookie Settings" link. For EU/EEA users, no non-essential cookies are set before consent, with "Accept All" and "Reject Non-Essential" equally prominent. For California residents, we honor Global Privacy Control (GPC) signals as an opt-out.
9. "Do Not Sell or Share" — Your Choices
We do not sell your personal information or share it for cross-context behavioral advertising. For transparency we still provide: a "Do Not Sell or Share My Personal Information" link on our website and a control in the MenuIQ AI app's Settings; automatic honoring of GPC signals; and data deletion via Settings or support@menuiq.ai.
10. Children's Privacy
The Service is not directed to children under 13, and we do not knowingly collect their personal information. If we learn we have, we will delete it promptly. Contact support@menuiq.ai with concerns. (Note for counsel: confirm whether any teen-directed use or pregnancy features warrant a 16+ gate or additional state-law treatment of minors' data.)
11. Changes to This Privacy Policy
We may update this policy. For material changes, we will provide notice by email (to Operators) or a prominent in-Service notice at least 30 days before the changes take effect, and update the "Last updated" date. Continued use after the effective date constitutes acceptance. We review this policy at least every 12 months, as the CCPA requires.
12. Contact Us
Email: support@menuiq.ai ("Privacy Rights Request" in the subject for data requests) Mail: MenuIQ, LLC, 367 St Marks Ave #1116, Brooklyn, NY 11238 Response time: within 30 days (45 for complex requests, with notice).
This Privacy Policy is drafted for review purposes and does not constitute legal advice. MenuIQ should have an attorney review this policy before publication.
END OF PRIVACY POLICY