Skip to main content

Politique de confidentialité

Version v2.3 | Last updated: 16.04.2026

This is an English convenience translation. In case of conflict, the German version prevails.

TermsPrivacyRefundImprint

This privacy policy describes how personal data is processed by MenueQR.

1. Controller

Shatokhin Dmytro
Sommerstr. 6a, 31515 Wunstorf (Luthe), Germany
Email: [email protected], Phone: +380964086897

The controller is established in Germany.

2. Purposes and legal bases

  • contract performance/account operations (Art. 6(1)(b) GDPR),
  • legal obligations incl. accounting/tax (Art. 6(1)(c) GDPR),
  • security, abuse prevention, and stability (Art. 6(1)(f) GDPR),
  • consent for optional analytics/marketing (Art. 6(1)(a) GDPR).

3. Categories of data

  • registration/account data (name, email, account status),
  • usage/event/technical data (logs, browser, OS, device),
  • user content (menu texts, images),
  • communications (support, contact, AI-related interaction),
  • payment data handled by external payment providers (e.g. Stripe).

4. Special categories

MenueQR does not intentionally collect special categories of personal data.

5. Cookies, localStorage, analytics

Essential cookies/storage for operation, login, session, and interface settings are used on contract/legitimate-interest bases, and where applicable under technical-necessity exemptions.

Google Analytics 4 (GA4) is enabled only after prior explicit consent via the consent banner. Without consent, GA4 is not loaded.

Legal basis for analytics-related terminal storage and access: consent (Art. 6(1)(a) GDPR together with Sec. 25(1) TDDDG where applicable).

Where consent is granted, GA4 may use first-party cookies and similar identifiers. According to Google, GA4 does not log or store full IP addresses and uses IP data only transiently to derive coarse location information.

6. Processors / recipients

Depending on features: Vercel, Render, Cloudflare, Stripe, Google, OpenRouter, email providers, and Telegram.

7. International transfers

Transfers outside the EEA rely on appropriate safeguards, mainly SCCs and/or adequacy decisions.

8. Retention

  • account data: until deletion,
  • logs: typically 30-90 days,
  • backups: typically up to 30 days,
  • post-account deletion: generally up to 30 days (subject to legal retention duties),
  • billing/tax data: as legally required.

9. Data subject rights (DSAR)

Access, rectification, erasure, restriction, portability, and objection requests can be sent to [email protected]. Usual response period: up to 30 days.

10. Marketing / anti-spam

Regular marketing emails are not currently active. Future campaigns may use opt-in and double opt-in.

11. Minors, Art. 22 GDPR, incidents

The service is not intended for persons under 18. No solely automated decision-making with legal effects is currently carried out.

Data incidents are handled and reported where required by law.

12. DPA and changes

A public DPA is not published by default but may be provided to B2B customers on request.

Cookie settings

We use essential cookies to run the platform. Analytics (GA4 with IP anonymization) is enabled only after your consent.

More info: Privacy | Terms | Imprint