Privacy Policy
We keep it simple
We collect only what we need to run the service. We never sell your data. We never show you ads. Your menu data belongs to you.
1. What We Collect
We collect information you provide directly and information generated by your use of the Service.
| Data | Why we collect it |
|---|---|
| Name, email address | To create and manage your account |
| Password (hashed) | To authenticate you securely |
| Menu content (names, prices, photos) | To display your menu to guests |
| Billing information | To process payments (handled by Stripe) |
| QR scan counts, page views | To provide analytics on your dashboard |
| IP address, browser type | For security and abuse prevention |
2. How We Use Your Data
We use your data exclusively to provide, maintain, and improve the Service. Specifically:
- To operate your account and display your digital menu
- To send transactional emails (receipts, password resets, important notices)
- To provide customer support when you contact us
- To detect and prevent fraud or abuse
- To improve the Service based on aggregated, anonymized usage patterns
3. Guest Data
When your guests scan your QR code and view your menu, we collect minimal technical data: the time of the visit, the approximate country (from IP), and the device type. This data is aggregated and shown to you as analytics.
We do not identify individual guests, require them to create accounts, or collect their personal information. Guests browse anonymously.
4. Data Sharing
We share data only with trusted service providers who help us run the Service:
- Stripe — payment processing
- AWS S3 / Cloudflare R2 — photo storage
- Postmark / SendGrid — transactional email
Each provider is bound by a data processing agreement and may only use your data to provide services to us. We do not share your data with advertisers, data brokers, or unrelated third parties.
We may disclose data if required by law or to protect the safety of users or the public.
5. Data Storage & Security
Your data is stored on servers located in the European Union. We use industry-standard encryption (TLS in transit, AES-256 at rest) to protect your data.
Passwords are hashed using bcrypt and never stored in plain text. We perform regular backups and security audits.
While we take security seriously, no system is 100% secure. If you discover a vulnerability, please contact us at hello@arrivamenu.com.
6. Cookies
We use a small number of essential cookies to operate the Service:
- Session cookie — keeps you logged in
- CSRF token — protects against cross-site request forgery
We do not use advertising cookies, third-party tracking pixels, or analytics cookies that identify individual users. Your guests' experience of your public menu page is cookie-free.
7. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
Access
Request a copy of all data we hold about you
Correction
Update or correct inaccurate personal data
Deletion
Request deletion of your account and all associated data
Portability
Export your menu data in a machine-readable format
Objection
Object to certain types of processing
Restriction
Request that we limit how we use your data
To exercise any of these rights, email us at hello@arrivamenu.com. We will respond within 30 days.
8. Data Retention
We retain your data for as long as your account is active. If you delete your account, we will permanently delete your personal data and menu content within 30 days, except where we are required by law to retain it longer (e.g., billing records for up to 7 years).
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of significant changes by email at least 14 days before they take effect. The "last updated" date at the top of this page reflects the most recent revision.
10. Contact
If you have questions, concerns, or requests related to your privacy, please contact us at hello@arrivamenu.com. We aim to respond within 2 business days.