Privacy Policy

1. Introduction

EnuMenu ("we," "our," or "us") is a brand operated by Kiran Sp. z o.o., a company registered in Poland. EnuMenu is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

Please read this Privacy Policy carefully. By using the Service, you consent to the practices described in this policy.

Data Controller

Kiran Sp. z o.o., operating under the EnuMenu brand, is the data controller responsible for your personal data.

• Company: Kiran Sp. z o.o.
• Brand: EnuMenu
• Address: Działkowa 95 lok. 10, 05-808 Pruszków, Poland
• Data protection contact: info@enumenu.com

2. Information We Collect

2.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: When you create a restaurant account, we collect your email address, password, restaurant name, and business contact details.
• Menu Content: Information about your menu items, including names, descriptions, prices, images, and allergen information.
• Staff Information: Names and email addresses of staff members you add to your account.
• Subscription Payment Information: Billing details for subscription payments (processed through Paddle - we do not store your card details).
• Customer Session Data: When customers use your restaurant's ordering system, we collect their chosen nickname and table session information.

2.2 Information Collected Automatically

When you use our Service, we automatically collect:

• Device Information: Browser type, operating system, and device identifiers.
• Usage Data: Pages visited, features used, and interaction patterns.
• Log Data: IP address, access times, and referring URLs.
• Cookies: Session cookies for authentication and preferences (see Section 7).

2.3 Information from Third Parties

We may receive information from third parties, including:

• Payment processors (Paddle) for EnuMenu subscription verification
• Analytics providers to improve the Service

2.4 Information We Do NOT Collect

EnuMenu does not collect or have access to:

• Customer payment card details for food and beverage orders (processed directly by Stripe or Przelewy24)
• Customer bank account information
• Full payment credentials used for restaurant orders

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Service
• Process EnuMenu subscription transactions and send related information
• Send technical notices, updates, and support messages
• Respond to your comments, questions, and requests
• Monitor and analyse usage trends and preferences
• Detect, prevent, and address technical issues and fraud
• Comply with legal obligations

4. How We Share Your Information

We may share your information in the following circumstances:

4.1 Service Providers

We share information with third-party service providers who perform services on our behalf, including:

• Subscription payment processing (Paddle)
• Cloud hosting and infrastructure
• Email delivery services
• Analytics providers

4.2 Payment Providers for Customer Orders

When Restaurants enable in-app payments for customer orders:

• Customer payment information is shared directly with the Payment Provider (Stripe or Przelewy24)
• EnuMenu does not have access to or store customer payment card details
• The Restaurant's payment credentials are securely stored and used only to facilitate transactions
• Payment Providers are independent data controllers for the payment data they process

For information about how Payment Providers handle your data, please see:

• Stripe Privacy Policy: stripe.com/privacy
• Przelewy24 Privacy Policy: przelewy24.pl/obowiazek-informacyjny-rodo

4.3 Restaurant-Customer Relationship

When customers place orders through our Service:

• Restaurants can see customer nicknames and order details
• Customers can see restaurant menu information
• This sharing is necessary for the ordering service to function

4.4 Legal Requirements

We may disclose information if required by law, regulation, legal process, or governmental request.

4.5 Business Transfers

If we are involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

4.6 With Your Consent

We may share information with your consent or at your direction.

5. Data Retention

We retain your information for as long as necessary to:

• Provide the Service to you
• Comply with legal obligations
• Resolve disputes and enforce agreements

Restaurant accounts and associated data are retained until account deletion. Customer session data is retained for a limited period for operational purposes and order history.

6. Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

• Encryption of data in transit (TLS/SSL)
• Secure password hashing
• Regular security assessments
• Access controls and authentication
• Secure storage of Restaurant payment provider credentials (encrypted at rest)

While we strive to protect your information, no method of transmission over the internet is 100% secure.

7. Cookies and Tracking

We use the following types of cookies:

• Essential Cookies: Required for the Service to function (authentication, session management).
• Functional Cookies: Remember your preferences and settings.
• Analytics Cookies: Help us understand how you use the Service.

You can control cookies through your browser settings. See our Cookie Policy for more details.

8. International Data Transfers

Your information may be transferred to and processed in countries outside your country of residence.

8.1 For UK Users

Transfers outside the UK are protected by appropriate safeguards under UK GDPR.

8.2 For EEA Users

Transfers outside the EEA are protected by Standard Contractual Clauses or adequacy decisions.

8.3 For US Users

Data may be processed on servers in the UK and Europe.

8.4 Data Processing Locations

Our primary servers are located in the European Union.

8.5 Third-Party Processors

Our service providers, including Payment Providers, may process data in various locations. We ensure appropriate safeguards are in place.

9. Third-Party Links

Our Service may contain links to third-party websites, including Payment Provider websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.

10. Children's Privacy

Our Service is not directed to children under 16. We do not knowingly collect personal information from children under 16. If you believe we have collected information from a child under 16, please contact us immediately.

11. UK GDPR and GDPR Rights (For UK and EEA Users)

If you are located in the United Kingdom or European Economic Area, you have additional rights under UK GDPR and EU GDPR respectively:

• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restriction of processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent
• Right to lodge a complaint with a supervisory authority

Our legal basis for processing includes: contract performance, legitimate interests, legal obligation compliance, and consent.

For UK users: The supervisory authority is the Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or by phone at 0303 123 1113.

For EEA users: You may contact the relevant supervisory authority in your country of residence.

12. California Privacy Rights (For California Residents)

California residents have additional rights under CCPA:

• Right to know what personal information is collected
• Right to know whether personal information is sold or disclosed
• Right to opt out of the sale of personal information
• Right to access personal information
• Right to equal service and price

We do not sell personal information to third parties.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

• Company: Kiran Sp. z o.o.
• Brand: EnuMenu
• Email: info@enumenu.com
• Address: Działkowa 95 lok. 10, 05-808 Pruszków, Poland

For GDPR-related enquiries, you may also contact the relevant supervisory authority in your country.