Privacy Policy

1. Information We Collect

Depending on how you interact with our Services, we collect different types of information:

• For Restaurant Managers and Staff: When you register for an account, we collect your name, business email address, password, billing information, and restaurant profile details (such as address, phone number, branch names, and branding choices).
• For Diners (QR Menu Visitors): When you scan a QR code at a participating restaurant, we do not require you to create an account, log in, or provide personal identifiers like your name, phone number, or email. We collect temporary, non-identifying technical data including:
  • Diner device User-Agent strings (to optimize display layout).
  • The specific table code (to record scan counts and analytics mapping).
  • Timestamp of the scan (used for analytics and scan rate limiting).

2. How We Use Your Information

We use the information we collect to operate, improve, and secure our platform. Specific uses include:

• Providing QR menu hosting and administrative dashboards to restaurant teams.
• Analyzing menu performance, scan rates, and table-specific interactions.
• Preventing abuse, link-tampering, and spam scans (e.g. rate-limiting duplicate logs through client device tokens and debouncing analytics mapping).
• Processing payments and managing subscription billing via our secure processors.
• Communicating critical system updates, security alerts, and feature releases.

3. Security of Data and Row-Level Isolation

The security of your database records is our highest priority.

We utilize Row-Level Security (RLS) policies within our database cluster to guarantee that data remains completely isolated. Restaurant managers and wait staff can only access, view, or modify menus, location settings, and validation logs belonging exclusively to their designated workspace ID. Diners accessing menus via public URLs are strictly limited to select-only (read-only) operations for live, active, and published menu versions.

4. Data Sharing and Third-Party Subprocessors

We do not sell diner data or restaurant information to advertisers. We share information only with trusted third parties to facilitate our services:

• Supabase (Database and Auth): For user authentication, workspace membership storage, and operational databases.
• Stripe (Payment Processing): To securely handle payment details and subscriptions. Stripe acts as an independent controller of payment metadata.
• Legal Compliance: We may disclose information if required to do so by applicable law, or in response to valid requests by public authorities.

5. Your Data Rights

Depending on your location, you may have specific rights regarding your personal information, including the right to access, correct, or request the deletion of your account.

To request account deletion or archive your active workspace parameters, you can navigate directly to the **Danger Zone** tab under your dashboard Settings. Alternatively, you can contact us at privacy@queaah.com.

6. Cookies and Tracking Technologies

We use strictly necessary cookies to keep restaurant administrators logged into their workspace dashboards. We do not place marketing cookies or cross-site behavioral tracking scripts on diner public menu pages.