Privacy Policy
Last updated: May 2026
What we collect
- Restaurant data — your restaurant name, public listing URLs (Google Business Profile, DoorDash, Uber Eats, your website), menu items, recipes, and plating notes you share with us so we can produce your photos.
- Customer data — email, restaurant address, and payment metadata when you subscribe through Stripe.
- Email engagement — opens, clicks, replies, bounces, and unsubscribe actions tied to messages we send you.
- Usage analytics — aggregated, non-identifying page views collected via PostHog.
How we use it
- Generate and enhance menu photography and deliver paid orders.
- Send transactional and marketing emails about MenuLift.
- Improve our pipeline and detect fraud or abuse.
Subprocessors
We share data with the following subprocessors strictly to operate the service:
- Vercel — hosting
- Supabase — database
- Stripe — payments
- Resend — email delivery
- Cloudflare R2 — image storage
- Anthropic, fal.ai, OpenAI — AI inference (image generation, recipe interpretation, copy)
- PostHog — analytics
- Inngest — workflow orchestration
- Clerk — admin auth (MenuLift operators only)
Retention
- Source photos and recipe briefs: retained for the life of your subscription so we can re-shoot or revise on request.
- Generated and enhanced photos: retained for the life of your account so you can re-download.
- Email engagement records: retained for 24 months for deliverability analysis.
Your choices
- Unsubscribe — every email we send includes a one-click unsubscribe link. Once you unsubscribe we won't email you again.
- Deletion — email hello@menulift.app from the address on file to request deletion of all data associated with your restaurant. We delete within 30 days.
- California / GDPR rights — California residents and EU residents have the right to access, correct, or delete personal data we hold about them. Use the contact email above and we will respond within 30 days.