Privacy policy
Last updated:
March 1, 2026
MenuIQ, LLC — A Delaware Limited Liability Company
Introduction
MenuIQ, LLC ("MenuIQ," "we," "us," or "our") operates a digital menu platform with AI-powered allergen identification. This Privacy Policy explains how we collect, use, share, and protect your information when you use the MenuIQ platform, website, mobile application, and related services (collectively, the "Service").
MenuIQ is a digital menu platform — not an ordering, payment, or delivery service. We do not process consumer payments, fulfill food orders, or track delivery logistics. Our data footprint reflects this focused scope.
By using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.
1. Information We Collect
1.1 Restaurant Operator Information (Account Holders)
When you create a Restaurant Operator account, we collect:
Account Information: Email address, password (stored as a bcrypt hash — we never store passwords in plain text), and restaurant name and contact details.
Menu Content: Menu item names, descriptions, ingredients, pricing, and images you upload. This also includes Allergen Information — both AI-generated suggestions and your manual edits.
Subscription and Billing: Payment is processed by Stripe. We receive transaction confirmations, subscription status, and billing history. We never receive or store your full credit card number, CVV, or banking credentials.
Usage Data: Login timestamps, features used, menu edits made, AI scan requests, and account activity.
Communications: Any messages you send to our support team.
1.2 Consumer Information (Menu Browsers)
Consumers browse published restaurant menus without creating accounts. We collect minimal information:
Automatically Collected: Device type, operating system, browser type, IP address (for security and fraud prevention), pages viewed, time on page, and referring URL.
Cookies and Similar Technologies: See Section 8 (Cookie Policy) below.
We do not collect names, email addresses, or other personal identifiers from Consumers browsing menus. Consumers do not create accounts and do not transact through the Service.
1.3 Scanner Feature Information (Future Mobile App)
When the Scanner Feature becomes available, we will collect:
Uploaded Images: Photos or images of menus that you submit for AI analysis. These images are processed by our AI system to identify menu items and potential allergens.
AI Results: The allergen analysis generated from your uploaded images.
Device Information: Standard mobile app telemetry (device type, OS version, app version, crash reports).
Allergen Preferences (Optional): If you choose to set allergen preferences to personalize your results, this information is classified as health-related data and receives enhanced protection. See Section 1.4.
No account is required to use the Scanner Feature. We do not collect names, email addresses, or other personal identifiers from Scanner Feature users.
1.4 Allergen Preference Data — Sensitive Health Information
If you choose to set allergen preferences in the Scanner Feature, this data is classified as sensitive personal information (health data) under applicable privacy laws, including CCPA, GDPR, and most state privacy laws. We handle this data with enhanced protections:
Allergen preferences are stored locally on your device only — we do not upload this data to our servers
Preferences are used solely to highlight potential allergens in your scan results
This data is never sold, shared with third parties, or used for advertising
You can view, edit, or delete your allergen preferences at any time in app Settings
Deleting the app removes all locally stored allergen preference data
2. How We Use Your Information
2.1 Service Delivery
We use your information to provide and operate the Service, including menu management, AI-powered allergen identification, account administration, and subscription management.
2.2 AI Allergen Identification
Our AI system processes menu item text and images to identify potential allergens. For Restaurant Operators, menu descriptions are analyzed by AI to generate allergen suggestions that you review and edit before publication. For Scanner Feature users, uploaded menu images are processed by AI in real-time to return allergen analysis.
Important: AI-generated Allergen Information is advisory only and may be inaccurate. See our Terms of Service for complete AI disclaimers.
2.3 Analytics and Improvement
We use aggregated, anonymized usage data to understand how the Service is used and to improve features, performance, and reliability. We do not use individual browsing behavior for profiling or targeted advertising.
2.4 Communications
We send transactional emails to Restaurant Operators (account verification, password resets, subscription confirmations, material changes to Terms or Privacy Policy). We do not send marketing emails without your opt-in consent.
2.5 Legal Compliance
We may use your information to comply with applicable laws, respond to valid legal requests, and enforce our Terms of Service.
3. How We Share Your Information
We do not sell, rent, or trade your personal information. We do not share your information with third parties for their direct marketing purposes. We do not use your information for targeted advertising.
We share information only with the following service providers who process data on our behalf under contractual restrictions:
Anthropic, PBC (AI Processing): Menu item text and images are transmitted to Anthropic's API for real-time AI analysis. Anthropic has committed not to use API data for model training. Data is processed in real-time and is not retained by Anthropic after processing.
Railway Corporation (Cloud Hosting): Account and application data is hosted on Railway's infrastructure.
Cloudflare (Media Storage and CDN): Menu images and assets are stored on Cloudflare R2 and delivered via Cloudflare's content delivery network.
Stripe (Payment Processing): Subscription payment data is processed by Stripe. We never receive your full payment credentials. Stripe's handling of your data is governed by Stripe's Privacy Policy.
We may also disclose information if required by law, in response to valid legal process (subpoena, court order, or government request), to protect our rights or safety, or in connection with a merger, acquisition, or sale of assets (in which case your information would remain subject to this Privacy Policy).
4. Artificial Intelligence and Automated Decision-Making
4.1 How Our AI Works
MenuIQ uses artificial intelligence to analyze menu item descriptions and images and identify potential allergens. The AI processes text and visual data using pattern recognition to match ingredients and dish descriptions against known allergen profiles.
4.2 AI Limitations
AI-generated Allergen Information is advisory only and may contain errors, omissions, or inaccuracies. The AI may miss allergens, incorrectly flag allergens, or fail to account for cross-contamination, hidden ingredients, or variations in restaurant preparation. AI Output is a starting point, not a verified determination.
4.3 AI Training
Menu images uploaded by Restaurant Operators are not used to train AI models. Anthropic has committed not to use API data for model training. We may use anonymized, aggregated data (such as common allergen patterns across menu categories) to improve our internal systems, but individual menu content is not used for AI training purposes.
4.4 Automated Decision-Making Technology (ADMT) Disclosure
As required by the California Consumer Privacy Act (CCPA), we disclose the following about our use of automated decision-making technology:
Business Purpose: We use AI to identify potential allergens in restaurant menu items, helping Restaurant Operators tag allergens and helping Consumers identify potential allergens before ordering.
Data Processed: Menu item names, descriptions, ingredient lists, preparation method descriptions, and menu images.
Logic Involved: Our AI uses pattern recognition and natural language processing to match menu text and images against databases of known allergens and common ingredient profiles.
Output: The AI produces allergen tags (e.g., "may contain peanuts," "likely contains dairy") that are suggestions, not verified facts.
Your Rights: Restaurant Operators can edit or override any AI-generated allergen tag before publication. Scanner Feature users can request information about how specific AI results were generated by contacting support@menuiq.ai. California residents may opt out of AI processing of their data by not using the Scanner Feature; the restaurant platform requires AI processing as a core function of the Service.
5. Data Retention
We retain your information only as long as necessary for the purposes described in this policy:
Data Type | Retention Period | Reason |
|---|---|---|
Restaurant Operator account data | Duration of account + 30 days after deletion request | Service delivery and account recovery |
Menu content and Allergen Information | Duration of active subscription; deleted when subscription ends | Service delivery |
Payment and transaction records (via Stripe) | 7 years | Tax and legal compliance |
Consumer browsing analytics | 13 months | Service improvement; anonymized after this period |
Scanner Feature uploaded images | Processed in real-time; not retained after analysis is complete | Privacy-forward approach; no storage |
Allergen preferences (Scanner Feature) | Until user deletes or uninstalls app | Stored on-device only; user-controlled |
Cookie consent records | 24 months | Regulatory audit trail |
IP addresses | 90 days | Security and fraud prevention |
Support communications | 2 years | Issue resolution and quality |
When data is deleted, it is permanently removed from our active systems within 30 days. Backup copies may persist for up to 90 days before automatic deletion.
6. Data Security
We implement industry-standard technical and organizational measures to protect your information:
All data in transit is encrypted using TLS 1.2 or higher
Passwords are stored using bcrypt hashing with salt
Role-based access controls limit employee access to personal data
Regular security testing and vulnerability scanning
Infrastructure hosted on SOC 2 compliant providers
No system is perfectly secure. While we take reasonable measures to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.
7. Your Privacy Rights
7.1 All Users
All users have the right to:
Access: Request a copy of the personal information we hold about you
Correction: Request correction of inaccurate information
Deletion: Request deletion of your personal information
Data Portability: Request your menu data in a machine-readable format (Restaurant Operators)
To exercise these rights, email support@menuiq.ai with "Privacy Rights Request" in the subject line. We will respond within 30 days (or 45 days for complex requests, with notice).
7.2 California Residents (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act, as amended by the California Privacy Rights Act:
Right to Know: You may request the categories and specific pieces of personal information we have collected, the categories of sources, the business purposes for collection, and the categories of third parties with whom we share your information.
Right to Delete: You may request deletion of your personal information, subject to certain exceptions (such as data needed for legal compliance).
Right to Correct: You may request correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. A "Do Not Sell or Share My Personal Information" link is available in app Settings and on our website for transparency, even though we do not engage in these practices.
Right to Limit Use of Sensitive Information: If you provide allergen preference data (classified as sensitive health information), you may request that we limit its use to providing the Service. Since allergen preferences are stored locally on your device and not uploaded to our servers, this right is satisfied by design.
Right to Non-Discrimination: We will not penalize you for exercising your privacy rights.
Authorized Agents: You may designate an authorized agent to submit requests on your behalf. We may require verification of the agent's authority.
Categories of Information Collected in the Past 12 Months:
Category | Collected | Business Purpose |
|---|---|---|
Identifiers (email, name) | Yes — Restaurant Operators only | Account management |
Commercial information (subscription, billing) | Yes — Restaurant Operators only | Subscription management |
Internet activity (browsing, usage data) | Yes — All users | Service improvement |
Geolocation data (IP-derived, approximate) | Yes — All users | Security, fraud prevention |
Professional information (restaurant details) | Yes — Restaurant Operators only | Service delivery |
Sensitive information (allergen preferences) | Future — Scanner Feature users only | Personalized allergen results |
We have not sold personal information in the preceding 12 months and do not intend to do so.
7.3 Virginia, Colorado, Connecticut, Oregon, and Texas Residents
Residents of these states have rights similar to California residents, including the rights to access, correct, delete, and opt out of certain data processing. To exercise these rights, contact support@menuiq.ai.
Virginia and Connecticut residents: We will request your opt-in consent before collecting precise geolocation data through our mobile app.
Oregon residents: We do not sell your location data.
Texas residents: Allergen preference data is treated as sensitive data with enhanced notice and security protections.
7.4 European Residents (GDPR)
If you are located in the European Economic Area, United Kingdom, or Switzerland, we process your personal information based on the following lawful bases:
Performance of a Contract: Processing necessary to provide the Service to Restaurant Operators (account management, menu processing, AI allergen identification).
Legitimate Interests: Analytics and service improvement, fraud prevention and security. We balance these interests against your privacy rights.
Consent: Marketing communications (you may withdraw consent at any time), cookie tracking (opt-in required for EU users), and processing of health-related data (allergen preferences in the Scanner Feature, where explicit consent is required under Article 9).
Your Additional Rights: Right to data portability, right to restrict processing, right to object to processing, right to withdraw consent at any time, and right to lodge a complaint with your local supervisory authority. You also have the right to human review of automated decisions under Article 22.
Cross-Border Data Transfers: Your data is processed in the United States. We rely on the EU-US Data Privacy Framework and Standard Contractual Clauses (SCCs) for lawful data transfers.
8. Cookie Policy
8.1 What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help the website function, remember your preferences, and collect usage data.
8.2 Cookies We Use
Essential Cookies (Always Active)
Cookie | Purpose | Duration |
|---|---|---|
Session cookie | Maintains login session for Restaurant Operators | Session |
CSRF token | Prevents cross-site request forgery attacks | Session |
Cookie consent | Remembers your cookie preferences | 12 months |
Analytics Cookies (Opt-In for EU; Opt-Out for US)
Cookie | Provider | Purpose | Duration |
|---|---|---|---|
Analytics tracking | [Analytics Provider] | Understand usage patterns, page views, feature adoption | 13 months |
Marketing/Advertising Cookies: We do not currently use marketing or advertising cookies. If this changes, we will update this policy and request your consent where required.
8.3 Managing Cookies
You can manage cookie preferences through:
Our cookie consent banner (displayed on first visit)
Your browser settings (most browsers allow you to block or delete cookies)
The "Cookie Settings" link in our website footer
For EU/EEA users: No non-essential cookies are set until you provide consent. "Accept All" and "Reject Non-Essential" options are presented with equal prominence.
For California residents: We honor Global Privacy Control (GPC) browser signals. If your browser sends a GPC signal, we treat it as an opt-out of non-essential cookies.
9. "Do Not Sell or Share" — Your Choices
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. However, we provide the following controls for transparency:
Website: "Do Not Sell or Share My Personal Information" link available in the footer
Mobile App (Future): "Do Not Sell or Share" toggle available in Settings
GPC Signal: We honor Global Privacy Control browser signals automatically
Data Deletion: Available by emailing support@menuiq.ai or through account settings
10. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you are under 13, please do not use the Service. If we learn that we have collected personal information from a child under 13, we will delete that information promptly. If you believe a child under 13 has provided us with personal information, please contact us at support@menuiq.ai.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.
For material changes, we will provide notice by email (to Restaurant Operators) or by posting a prominent notice on the Service at least 30 days before the changes take effect. We will update the "Last Updated" date at the top of this policy.
Your continued use of the Service after the effective date of changes constitutes your acceptance of the updated policy.
This Privacy Policy is reviewed and updated at least once every 12 months, as required by the CCPA.
12. Contact Us
For privacy questions, data requests, or concerns:
Email: support@menuiq.ai (use "Privacy Rights Request" in the subject line for data requests)
Mail:
MenuIQ, LLC
367 St Marks Ave #1116
Brooklyn, NY 11238
Response Time: We respond to privacy requests within 30 days (or 45 days for complex requests, with notice to you).
This Privacy Policy is drafted for review purposes and does not constitute legal advice. MenuIQ should have an attorney review this policy before publication.