Privacy Policy

Effective date:
17 June 2026
Last updated:
17 June 2026

This Privacy Policy explains how Menuzi handles personal data. It is designed to meet both the EU General Data Protection Regulation (GDPR) and Egypt's Personal Data Protection Law (Law No. 151 of 2020 and its Executive Regulations). The English version of this policy prevails in case of any discrepancy with a translation.

Who is responsible for your data

The data controller is Bytes Maestros AB (Sweden, org.nr 559468-7831, Sjödalsvägen 18, 141 47 Huddinge, Sweden), which provides and operates Menuzi. In Egypt, the Service is operated by our authorised operator Menuzi Software Solutions LLC under licence; it handles local support, billing and marketing and is your local point of contact and representative for data-protection matters in Egypt.

Privacy contact: privacy@menuzi.com.

Scope

This policy covers our marketing site (menuzi.com), our application (app.menuzi.com), and the guest-facing published menus (menus.menuzi.com). It covers personal data of business account holders, website visitors, and guests who view published menus. It does not turn Menuzi into a processor of guest data — we do not run ordering, reservations, or guest accounts.

What we collect

Marketing-site visitors

We use a cookieless, privacy-friendly analytics tool that does not collect personal data or track you across sites. We do not set advertising or cross-site tracking cookies, and we do not load third-party fonts or embeds that track you.

Account holders

First and last name, email address, a hashed password, and your business name. For customers in Egypt, we also collect a phone number. We store the timestamp of your acceptance of our Terms and Privacy Policy and, separately, whether you opted in to marketing.

Menu content

The menus, text, images, branding and prices you create or provide — including content you provide for menu import. This is mostly business content but may incidentally contain personal data (for example, a name or phone number printed on a menu).

Support

Information you provide when you contact support@menuzi.com.

Guests

We do not ask guests for personal data. Our servers and providers process technical data such as an IP address in security logs and error monitoring to deliver and protect the menus.

Why we use your data

  • To provide and operate the Service (create, host, publish and serve your menus).
  • To authenticate you and secure your account.
  • To run menu import (extract a draft menu from what you provide).
  • To communicate with you (transactional email; marketing only with your consent).
  • To secure, monitor and debug the Service (error monitoring, abuse prevention).
  • To analyse, improve and develop our products and services, including generating aggregated and/or de-identified insights and analytics. We do not use your content to train our own machine-learning models.
  • To comply with legal obligations.

For users in the EU/EEA, we rely on the following GDPR legal bases:

PurposeLegal basis
Providing the Service, your account, and hosting and publishing menusPerformance of a contract (Art. 6(1)(b))
Security, fraud and abuse prevention, error monitoring, product improvement and insightsLegitimate interests (Art. 6(1)(f))
Marketing emailsConsent (Art. 6(1)(a)) — you may withdraw it at any time
Legal and regulatory complianceLegal obligation (Art. 6(1)(c))

For Egypt (PDPL), processing is based on your consent and/or the necessity grounds recognised under the PDPL; cross-border transfers are addressed below.

How long we keep it

We keep account and menu data for as long as your account is active. After you close your account, we delete or anonymise it within 90 days, except where we must keep certain records longer to meet a legal obligation (for example accounting records, retained for the statutory period — currently up to 7 years in Sweden and 5 years in Egypt). Material you provide for menu import is deleted within 90 days of the import. Backups are rotated and purged on a rolling cycle (no longer than 90 days), and error-monitoring logs are kept for around 90 days.

Who we share it with

We share personal data only with subprocessors that help us run the Service (hosting, storage, email, error monitoring, analytics, and providers that help process menu content). Each is listed with its role and location on our Subprocessors page, and is bound by a data-processing agreement. We do not sell your personal data. We may disclose data where required by law or to protect our rights.

International data transfers

Our infrastructure is in the EU and, for some providers, the United States. Where personal data is transferred outside the EEA, we rely on EU Standard Contractual Clauses and the providers' data-protection commitments.

For customers in Egypt: because our infrastructure is located outside Egypt, your data is transferred abroad to deliver the Service. We carry out these transfers on the basis of your consent and in accordance with the cross-border-transfer requirements of the PDPL, with appropriate safeguards in place.

Your rights

EU/EEA (GDPR): access, rectification, erasure, restriction, portability, objection (including to processing based on legitimate interests and to direct marketing), and the right to withdraw consent. You may lodge a complaint with your supervisory authority; our lead authority is the Swedish Authority for Privacy Protection (IMY).

Egypt (PDPL): access, correction, erasure, objection and withdrawal, and the right to be informed; you may complain to the Personal Data Protection Center (PDPC).

To exercise any right, email privacy@menuzi.com. We will respond within the time limits set by applicable law.

Cookies

We keep cookies to the minimum needed to run the Service. No consent banner is required for our current cookies because they are strictly necessary or cookieless.

CookiePurposeDurationType
Session cookie (app)Keep you signed inSessionStrictly necessary
Onboarding correlation cookie (app)Link your pre-sign-up onboarding sessionShort-livedStrictly necessary
Language preference (app)Remember your chosen languageUp to 1 yearFunctional

Our marketing-site analytics is cookieless and sets no tracking cookies. If we ever introduce advertising or non-essential cookies, we will add a consent mechanism first.

How we protect your data

We use technical and organisational measures including encryption in transit, hashed passwords, access controls, and EU-region error monitoring. We avoid putting personal data in logs and error reports. No method is perfectly secure, but we work to protect your data and will notify you and the relevant authority of a breach as required by law.

Automated decision-making

We do not make decisions producing legal or similarly significant effects about you solely by automated means. Where we use third-party providers to help process the content you provide (see "Who we share it with" and our Subprocessors page), they act only on our instructions under data-processing terms and do not use your content to train their own models.

Children

The Service is for businesses and is not directed at children. We do not knowingly collect personal data from children. Guests are not asked for any personal data.

Changes to this policy

We may update this policy and will change the "Last updated" date; for material changes we will give appropriate notice.

Contact

Privacy questions or requests: privacy@menuzi.com. Controller: Bytes Maestros AB, Sjödalsvägen 18, 141 47 Huddinge, Sweden. Egypt point of contact: Menuzi Software Solutions LLC, Safwet El Mostakbal Project No. 215, Port Said Street, Ground Floor, Sporting, Alexandria, Egypt.

enar