Privacy Policy

Your privacy matters. This policy explains what data we collect, why we collect it, and how you can control it. As a service operating under French law, we fully comply with the General Data Protection Regulation (GDPR).

Who We Are
Data We Collect
How We Use Your Data
Legal Basis for Processing
Data Sharing
Data Retention
Your GDPR Rights
Cookies
Security
Contact & DPO

1. Who We Are

MenuCraft is operated by [BUSINESS_NAME], an auto-entrepreneur registered in France. We are the data controller for personal data collected through this platform.

Contact: [EMAIL]

2. Data We Collect

Account Data

When you register, we collect your name, email address, restaurant name, and password (hashed and never stored in plain text).

Menu Content

All content you create — categories, items, descriptions, images, and settings — is stored to provide the Service.

Payment Data

Payment processing is handled by Stripe. We do not store card numbers or sensitive payment information on our servers. We only store your subscription status and Stripe customer ID.

Usage Data

We collect anonymous usage data such as page views, menu view counts, and general platform analytics to improve the Service. This may include your IP address, browser type, and device information.

Cookies

We use cookies for session management and, with your consent, for analytics. See our Cookie Policy for details.

3. How We Use Your Data

To provide, maintain, and improve the MenuCraft platform
To process payments and manage your subscription
To send transactional emails (account confirmation, receipts)
To respond to support requests
To analyze usage patterns and improve user experience
To comply with legal obligations

We do not sell your personal data to third parties.

4. Legal Basis for Processing

Contract performance — processing your account data to provide the Service
Legitimate interests — improving the platform, preventing fraud
Consent — analytics cookies (you can withdraw consent at any time)
Legal obligation — retaining billing records as required by French law

6. Data Retention

We retain your personal data for as long as your account is active. Upon account deletion:

Your menu content and account data are deleted within 30 days
Billing records are retained for 10 years as required by French accounting law
Anonymized analytics data may be retained indefinitely

7. Your GDPR Rights

As a data subject under GDPR, you have the following rights:

Right to AccessRequest a copy of all data we hold about you

Right to RectificationCorrect inaccurate or incomplete data

Right to ErasureRequest deletion of your personal data

Right to PortabilityReceive your data in a machine-readable format

Right to ObjectObject to processing based on legitimate interests

Right to RestrictLimit how we process your data

To exercise any of these rights, contact us at [EMAIL]. We will respond within 30 days. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés) at cnil.fr.

8. Cookies

We use essential cookies for the platform to function (session, CSRF protection) and optional analytics cookies with your consent. You can manage your cookie preferences at any time via the cookie banner or our Cookie Policy.

9. Security

We take reasonable technical and organizational measures to protect your data, including HTTPS encryption, hashed passwords, and CSRF protection. However, no internet transmission is 100% secure.

10. Contact & DPO

For any privacy-related questions or to exercise your rights:

[BUSINESS_NAME]
Email: [EMAIL]
France

Table of Contents