Who We Are

“OneMenu,” “we,” “our,” or “us” refers to OneMenu, a sole proprietorship with its principal place of business at 3663 Washington Ave, Houston, TX 77007. We provide software that helps restaurants centrally manage menu data and synchronize that data to supported third‑party platforms you choose to connect (the “Service”).

Scope

This Privacy Policy describes how we collect, use, disclose, and protect personal information when you access or use the Service, visit our websites, contact support, or interact with our communications. It also explains choices and rights you may have under applicable laws.

Personal Information We Collect

We collect information in three ways: (a) directly from you, (b) automatically through the Service, and (c) from third parties you authorize (e.g., Integrations). Categories may include:

Account & Contact Data: name, email, phone, role, password (hashed), authentication tokens, and organization/restaurant details (name, address, city, state, postal code).
Business Profile Data: menu items, categories, prices, availability, images, dietary flags, store hours, location identifiers.
Integration Data: tokens/keys, linked account IDs, mapping configuration, sync logs, success/failure metadata from connected third‑party platforms you authorize.
Billing & Subscription Data: plan, status, invoices, tax IDs, and payment‑related data processed by our payment processor (e.g., Stripe). We do not store full payment card numbers.
Usage & Device Data: IP address, device and browser type, operating system, app version, language, referring URLs, pages viewed, clickstream, log files, and diagnostic information.
Support & Communications: messages, attachments, feedback, and related metadata (timestamps, contact details).
Cookies & Similar Technologies: identifiers and telemetry used for session management, security, analytics, and feature performance. See Cookies & Tracking.

Note: OneMenu is not a marketplace or payment processor. We do not seek to collect end‑customer order details or payment information. If your configuration or an Integration causes such data to flow through the Service, we will process it only to provide the Service and as otherwise described here.

Sources of Personal Information

You: when you register, configure menus, connect Integrations, contact us, or otherwise use the Service.
Automated Means: through cookies, logs, analytics, and telemetry.
Third Parties: platforms you authorize (e.g., marketplace APIs) and vendors acting on our behalf (e.g., payment processing, hosting, email delivery, analytics).

How We Use Personal Information (and Legal Bases)

Provide the Service: account creation, authentication, menu synchronization, and integration management. (Legal bases: contract; legitimate interests)
Operate, Maintain, and Improve: troubleshooting, analytics, research, quality assurance, usage trends, and product development. (Legitimate interests; consent where required)
Billing & Administration: subscriptions, invoicing, tax, fraud prevention. (Contract; legal obligation; legitimate interests)
Security: monitoring, incident detection, and abuse prevention. (Legitimate interests; legal obligation)
Communications: service updates, transactional emails, and—with your consent where required—optional marketing. (Legitimate interests; consent)
Compliance: legal obligations, dispute resolution, and enforcing our Terms. (Legal obligation; legitimate interests)

How We Share Personal Information

Service Providers (Processors): e.g., cloud hosting, error monitoring, email/SMS delivery, analytics, customer support, and payment processing (such as Stripe). We require appropriate contractual safeguards, including confidentiality and security commitments.
Integrations You Authorize: when you enable a third‑party platform, you instruct us to exchange relevant Customer Data with that platform.
Legal/Compliance: to comply with law, protect rights and safety, or respond to lawful requests (e.g., subpoenas, court orders).
Business Transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to continued protection of personal information.

We do not sell personal information for money. We also do not “share” personal information for cross‑context behavioral advertising as defined by certain state laws, unless expressly stated in a supplemental notice and subject to your opt‑out rights.

Targeted Advertising, Sale/Share, and Profiling

Depending on your jurisdiction, you may have the right to opt out of targeted advertising, the “sale” or “sharing” of personal information, and certain profiling. Where required, we will honor global opt‑out preference signals (e.g., Global Privacy Control) and provide an in‑product mechanism to manage preferences.

Data Retention

We retain personal information for as long as necessary to provide the Service and fulfill the purposes described above, including security, fraud prevention, and legal compliance. Retention periods vary by data type and our role as controller or processor. Backups and logs may be retained for limited periods to ensure continuity and integrity. You may request deletion as described below.

Security

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is completely secure.

International Data Transfers

Where applicable, we use approved transfer mechanisms (e.g., Standard Contractual Clauses) and implement supplementary safeguards for cross‑border transfers of personal data.

Your Privacy Rights

Depending on your location, you may have rights to access, correct, delete, obtain a copy (portability), restrict or object to processing, opt out of targeted advertising, sale/share, and certain profiling, and to withdraw consent. You also may have the right to appeal our decision regarding your request.

How to Exercise Rights: Submit a request via support@one1menu.com or via our Contact Us. We may need to verify your identity and relationship to a customer organization.
Authorized Agents: Where permitted, authorized agents may submit requests with proof of authorization and identity.
Appeals: If we deny your request, you may appeal by replying to our decision email or following the instructions provided.

Regional Disclosures

United States

We strive to follow U.S. state privacy laws that may apply based on where you reside and how you use the Service. These include, for example, California’s CCPA/CPRA, Colorado’s Privacy Act (and rules addressing minors and biometrics), Connecticut’s Data Privacy Act (including Global Privacy Control requirements), Oregon’s OCPA, Texas’s Data Privacy and Security Act (including universal opt‑out), Tennessee’s TIPA, Virginia’s VCDPA, and others as updated from time to time. Where required, we honor universal opt‑out signals and provide rights as described above.

California: additional rights include opting out of sale/share and limiting use of sensitive personal information; enforcement by the CPPA.
Colorado: specific rules on minors’ data (effective 2025) and biometrics; AG rulemaking and opinion letters.
Connecticut: universal opt‑out signals effective 2025 and amendments under SB 1295.
Oregon: OCPA effective 2024; nonprofit coverage phases in 2025.
Texas: TDPSA effective 2024 with universal opt‑out requirements commencing 2025.
Tennessee: TIPA effective 2025.
Virginia: VCDPA effective 2023.

Children’s Privacy

The Service is not directed to children under 13, and we do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided personal information, please contact us so we can delete it.

Cookies & Tracking

We use cookies, local storage, and similar technologies to keep you signed in, provide core functionality, measure performance, and improve the Service. Where required, we will obtain consent for non‑essential cookies and provide a way to change your preferences at any time.

Strictly Necessary: authentication, security, load balancing.
Functional: remembering settings and preferences.
Analytics: usage trends and diagnostics.
Marketing: only if/when we deploy marketing pixels and with appropriate consent/opt‑out mechanisms.

Cookie Preferences: [Link to cookie banner or settings]

Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify you via the Service or email and indicate the new effective date. Your continued use of the Service after the effective date signifies acceptance.

Contact Us

Questions or requests? Email support@one1menu.com or mail 3663 Washington Ave, Houston, TX 77007.