Privacy Policy
Last updated: May 15, 2026
Version 2.0
1. Data controller
Meenu, Inc. (“Meenu”, “we”, “us”) is responsible for the processing of personal data via meenu.app, the Meenu dashboard and the AI ordering platform. You can reach us at support@meino.io.
For restaurants using Meenu to process orders from their Guests, Meenu acts as a processor within the meaning of Article 28 GDPR. In that case the restaurant itself is the controller for Guest data. The terms are set out in our Data Processing Agreement (DPA), which forms part of the terms of service.
2. Data we process
We process the following categories of personal data:
- Account data — name, email address, phone number, organisation, role and hashed passwords.
- Restaurant data — location address, menus, table layouts, opening hours and logo.
- Order data — selected items, allergen information, order notes, order status and associated table.
- Payment data — Stripe customer ID, transaction ID and the last four digits of the card. We do not receive or store full card numbers.
- Chat messages — questions and answers between Guests and the AI waiter during an ordering session.
- Technical data — IP address, browser user agent, device type, session identifier and log files.
- Usage data — anonymised statistics on page visits, clickstream and feature usage.
3. Purposes and legal bases
We process personal data on the following legal bases under Article 6 GDPR:
| Purpose | Legal basis |
|---|---|
| Providing the Meenu platform | Performance of contract (art. 6.1.b) |
| Processing orders and payments | Performance of contract (art. 6.1.b) |
| Fraud prevention and security | Legitimate interest (art. 6.1.f) |
| Product and service improvement | Legitimate interest (art. 6.1.f) |
| Marketing and newsletters | Consent (art. 6.1.a) |
| Statutory obligations (tax) | Legal obligation (art. 6.1.c) |
4. Sub-processors and third parties
We engage carefully selected sub-processors to deliver our service. We have a data processing agreement in place with each one.
| Party | Purpose | Region |
|---|---|---|
| Supabase, Inc. | Database, authentication, storage | EU (Frankfurt) |
| Stripe Payments Europe Ltd. | Payments and subscriptions | EU / US (SCCs) |
| OpenAI Ireland Ltd. | AI waiter chat processing | EU / US (SCCs) |
| Vercel, Inc. | Hosting and analytics | EU / US (SCCs) |
| Google LLC | OAuth sign-in (optional) | EU / US (SCCs) |
5. International transfers
A number of sub-processors are established in the United States. For these transfers we rely on the Standard Contractual Clauses (SCCs) of the European Commission, supplemented with additional technical and organisational measures such as encryption in transit and at rest.
6. Retention periods
| Data category | Retention period |
|---|---|
| Account data | Duration of subscription + 12 months |
| Order and payment data | 7 years (statutory tax retention) |
| AI waiter chat messages | 30 days |
| Technical logs | 90 days |
| Marketing consents | Until withdrawal |
7. Security
We implement appropriate technical and organisational measures to protect personal data, including TLS encryption of all traffic, AES-256 encryption of data at rest, Row Level Security at the database layer, two-factor authentication for employees, periodic penetration testing and an incident response procedure.
8. Your rights
Under the GDPR you have the following rights:
- Right of access to your personal data (art. 15).
- Right to rectification of inaccurate data (art. 16).
- Right to erasure (“right to be forgotten”, art. 17).
- Right to restriction of processing (art. 18).
- Right to data portability (art. 20).
- Right to object to processing based on legitimate interest (art. 21).
- Right to withdraw consent at any time (art. 7(3)).
Send a request to support@meino.io. We will respond within one month. We may ask for additional identification to verify your request.
9. Right to complain
If you are not satisfied with how we handle your data, you can lodge a complaint with the Dutch supervisory authority, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
10. Changes
We may update this privacy policy from time to time. We will announce material changes at least 30 days in advance by email or via the dashboard. The most current version is always available on this page.
11. Contact
Questions about this privacy policy or the processing of personal data? Contact our Privacy Officer at support@meino.io.