Privacy Policy

1. Key Definitions

• Personal Data / Personal Information: Any information that can identify an individual or be linked to an identifiable person (e.g., name, email, phone).
• Business Data: Restaurant-specific operational data (e.g., menu items, pricing, inventory, orders).
• User / Account Holder: Any person or business that registers for or uses MenuMitra services.

2. Information We Collect

2.1 Information You Provide

• Account & Contact: Name, business name, email address, phone number, billing address.
• Payments & Billing: Payment instrument details processed via third-party payment gateways (we do not store full card numbers).
• Business Data: Menu items, pricing, inventory, staff records, order history, receipts.
• Support & Communications: Messages you send to our support or sales teams.

2.2 Automatically Collected Information

• Usage Data: App and website logs, features used, timestamps, crash reports, performance metrics.
• Device & Network Data: Device identifiers, operating system, app version, IP address, anonymized location for BLE functionality.
• Cookies & Similar Technologies: See Section 11.

2.3 Permissions Requested by Our Mobile Apps

We request only the permissions necessary for core functionality:

• Bluetooth / BLE and Location (Android) — to enable staff device sync and BLE communication.
• Notifications — to deliver order alerts, updates, and critical system messages.
• Storage / Media — to cache assets, save receipts and support offline operation.
• Background Services / Boot Completed — to resume POS/background tasks after device restarts.

3. How We Use Your Information

We use data to:

• Provide, operate and maintain MenuMitra services and apps.
• Process orders, billing, and payments.
• Enable real-time staff communication (BLE / notifications).
• Improve product functionality, perform analytics and debug issues.
• Provide customer support and respond to requests.
• Send service-related notices and (with consent) marketing communications.
• Comply with legal obligations and protect our rights.

We do not sell personal data to third parties.

4. Legal Bases for Processing (where applicable)

For users in jurisdictions with data protection laws (e.g., GDPR), our legal bases include:

• Contractual necessity — to provide services you requested.
• Consent — where you opt in to marketing or optional features.
• Legal compliance — to comply with legal obligations.
• Legitimate interests — for fraud prevention, analytics, and service improvement (balanced against user rights).

5. Data Sharing & Third Parties

We share data only for legitimate purposes:

• Service Providers: Cloud hosting, payment processors, notification services (e.g., Expo Notifications), analytics providers, and other vendors who process data on our behalf under contract.
• Business Partners: Integrations or promotions only with your explicit consent.
• Legal Obligations: To respond to lawful requests, investigations, or to protect safety, property or rights.

All third parties are contractually required to protect data and use it only for specified purposes.

6. Data Security

We apply industry best practices to protect your data:

• Encryption: TLS 1.2+ for data in transit; AES-256 or equivalent for data at rest.
• Access Control: Role-based access (Owner, Manager, Waiter, Captain, Partner) and least privilege principles.
• Authentication: Secure password storage and support for multi-factor authentication on sensitive operations.
• Local Encryption: Encrypted local storage for offline mode and secure sync when connectivity restores.
• Operational Security: Regular backups, vulnerability testing, logging and monitoring, and periodic security audits.

While we take strong measures, no system is perfectly secure. If we learn of a breach that creates a risk to users, we will notify affected users and regulators as required by law.

7. Data Retention

• We keep data only as long as necessary to provide services.
• Account & operational records necessary for business, taxation, or legal reasons may be retained up to 7 years after account closure.
• Non-essential data (e.g., anonymized usage logs) will be deleted or anonymized within 90 days of account termination unless otherwise required.

8. International Transfers

MenuMitra may store and process data in India and in other countries where our service providers operate. When transferring data internationally, we use appropriate safeguards (e.g., hosting in regions with adequate protections, Standard Contractual Clauses, or equivalent measures) to protect your information.

9. Your Rights and Choices

Subject to local law, you may have rights including:

• Access: Request a copy of your personal data.
• Correction: Update or correct inaccurate data.
• Deletion: Request deletion of personal data (with exceptions for legal compliance).
• Portability: Request your data in a machine-readable format.
• Restriction / Objection: Restrict processing or object to certain uses (e.g., direct marketing).
• Withdraw Consent: Withdraw any consent you gave (this will not affect processing already completed).

To exercise rights, contact us at menumitra.info@gmail.com. We may need to verify your identity before responding.

10. Children's Privacy

Our services are intended for businesses and adults. We do not knowingly collect personal data from children under 18. If you believe we have collected such data, please contact us. We will delete it promptly when identified.

11. Cookies & Similar Technologies

We use cookies and similar technologies to:

• Remember preferences and login sessions.
• Analyze usage and performance.
• Enable some features and provide better UX.

You can manage cookie preferences through your browser settings or in-app settings where provided. Blocking cookies may affect functionality.

12. Links to Other Websites

Our website or apps may contain links to third-party sites. We are not responsible for their privacy practices. Review their policies before sharing personal information.

13. Changes to This Policy

We may update this Privacy Policy to reflect changes in practices, legal requirements, or product updates. For material changes we will provide notice (via email or in-app) and update the Last Updated date on this page.

14. Contact & Data Protection Officer

For questions, requests or complaints, contact:

Email: menumitra.info@gmail.com
Phone: +91 93178 18283

If you remain unsatisfied after contacting us, you may have the right to lodge a complaint with a supervisory authority in your jurisdiction.

15. Additional Information for App Stores

• This Privacy Policy covers data processed by our mobile applications (Android/iOS).
• App permissions used include BLE/Bluetooth, Location (Android), Notifications, Storage, and background services — only to support core POS and staff coordination features.
• We declare and maintain a Data Safety section in app stores that reflects the data types and processing described here.

16. Minimal Disclosure Summary (Quick Read)

• We collect account, payment, business operations, usage, and device data.
• We do not sell your personal data.
• Data is encrypted, access is role-based, and offline storage is encrypted.
• Contact menumitra.info@gmail.com to exercise data rights.