Privacy

Privacy Policy

We built Felmenu for restaurant operators who trust us with their business data. This policy explains exactly what we collect, why, and how you stay in control of it.

Last updated: 1 May 2026

Our privacy commitments

No ads, ever

We don't put advertising trackers or pixels on your menus or your diners' phones.

You own your data

Your menu content is yours. Export or delete it any time — no lock-in.

Secure by default

Encrypted at rest and in transit. Passwords hashed. Access logs audited.

What we collect

When you register: your name and email address.

When you build menus: all content you add — items, prices, photos, descriptions, QR branding, and opening hours.

When you pay: your plan status, the payment method you chose (Vodafone Cash or Instapay), and the reference code on each transfer. We do not store wallet PINs or transaction-message contents — only what you tell us to mark your payment.

When you use the service: device type, browser, IP address, feature interactions, and error logs used strictly for debugging.

  • Diner analytics (scan counts, popular items, visit times) are aggregated and shown only to you — diners are never individually identified.
  • We do not collect data from diners beyond what is necessary to render your menu.

How we use your information

We use your information only to operate and improve Felmenu. Specifically: to authenticate your account, render your menus, process payments, send receipts and security emails, show you analytics, and debug issues.

We do not use your data to train AI or machine-learning models. We do not sell, rent, or share your personal data with data brokers or advertisers.

Sharing with third parties

We share data only with the sub-processors necessary to operate the service. We have data processing agreements with each of them.

  • Cloud infrastructure providers — encrypted hosting and storage
  • Email delivery service — transactional emails only (receipts, password resets)

Storage and security

All data is encrypted at rest using AES-256 and in transit using TLS 1.3. Passwords are hashed using bcrypt before storage — we cannot recover them.

Access to production systems is limited to authorised personnel and requires multi-factor authentication. We conduct security reviews regularly.

In the event of a breach that affects your personal data, we will notify you by email within 72 hours of becoming aware.

Cookies and tracking

We use one session cookie to keep you logged in to the Felmenu dashboard. That is the only cookie we set on your device.

We do not use advertising cookies, social media tracking pixels, or third-party analytics scripts. Your diners' devices receive no cookies at all when they view your menu.

Children's privacy

Felmenu is designed for restaurant and café operators and is not directed at children under 13. We do not knowingly collect personal data from children.

If you believe a child has provided us with personal data, please contact us at privacy@felmenu.com and we will delete it promptly.

Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email at least 30 days before they take effect.

Continued use of the service after the effective date constitutes acceptance of the updated policy.

Data transparency

What we collect and why.

Data type
Purpose
Retention
Account info
Login and account management
Until deletion
Menu content
Rendering your public menus
Until you delete it
Billing records
Subscriptions and receipts
7 years (legal)
Scan analytics
Your dashboard visitor stats
90 days
Error logs
Debugging and reliability
30 days
Support emails
Responding to your inquiries
3 years
Your rights

You are in control.

Access

Request a copy of all personal data we hold about you.

Correction

Ask us to fix any inaccurate personal data.

Deletion

Delete your account and all data from Settings, or email us.

Export

Download your menu content at any time from your dashboard.

Object

Opt out of processing beyond what is strictly necessary.

Restrict

Limit how we use your data while a dispute is being resolved.

Privacy questions or requests?

Email our privacy team. We respond to all requests within 30 days as required by law.