← Back to home

Privacy Policy

Your privacy matters. Here's how we handle your data.

Last updated: February 19, 2026

1. Our Privacy Philosophy

Mutfaaq is a restaurant management tool. We help you create digital menus, manage orders, and run your restaurant more efficiently. We collect only the data necessary to provide this service, and we never sell your information. Your restaurant data belongs to you.

2. Data Controller

The data controller for information processed through Mutfaaq is:

MYNTE STUDIO WEBDESIGN FZCO
Freezone Company (FZCO)
United Arab Emirates
Trade License: 69477

For privacy-related inquiries, contact us at [email protected].

3. Information We Collect

3.1 Account and Restaurant Data

When you create an account and set up your restaurant, we collect:

  • Your name, email address, and password
  • Restaurant name, address, and contact details
  • Menu content: categories, products, descriptions, pricing, and images
  • Modifier groups and customization options
  • Team member information (names, email addresses, roles)

3.2 Order and Table Data

When customers place orders through your digital menu, we collect:

  • Order details: items, quantities, modifiers, and special instructions
  • Table assignments and session information
  • Order timestamps and status history

3.3 Payment Information

We use Stripe to process subscription payments. We do not store your full credit card number, expiration date, or CVV on our servers. Stripe handles payment data in accordance with PCI DSS standards. We store only:

  • Last four digits of your card (for display purposes)
  • Billing address
  • Stripe customer and subscription identifiers

3.4 Automatically Collected Data

When you or your customers use the Service, we automatically collect:

  • IP address and approximate location (country/region level)
  • Browser type, device type, and operating system
  • Pages visited, features used, and time spent
  • Referring URL and search terms used to find our Service

4. Customer Data (QR Code Visitors)

When your restaurant's customers scan a QR code and browse your menu, we want to be transparent about what happens:

  • No account required: Customers do not need to create an account to view your menu or place orders
  • Minimal data: We collect only the technical data necessary to serve the menu page (IP address, browser type, device info)
  • Order data: If a customer places an order, we store the order details associated with the table session, not with a personal profile
  • No tracking: We do not use third-party advertising trackers on customer-facing menu pages

5. How We Use Your Data

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your subscription payments
  • Display your menus to your customers via QR codes
  • Process and manage orders placed through the platform
  • Send transactional emails (account confirmation, password resets, billing receipts)
  • Provide customer support
  • Detect and prevent fraud, abuse, and security issues
  • Analyze usage patterns to improve the product (in aggregate, anonymized form)

6. Legal Basis for Processing

We process your data based on the following legal grounds:

  • Contract performance: Processing necessary to provide the Service you've subscribed to
  • Legitimate interest: Improving and securing our Service, preventing fraud
  • Legal obligation: Compliance with applicable laws and regulations
  • Consent: Where required, such as for marketing communications (which you can opt out of at any time)

7. Data Sharing

We do not sell your data. We share information only in the following limited circumstances:

  • Service providers: Third-party services that help us operate (see Section 11)
  • Legal requirements: When required by law, court order, or governmental authority
  • Business transfers: In connection with a merger, acquisition, or sale of assets (you will be notified)
  • With your consent: When you explicitly authorize sharing

8. Data Retention

We retain your data for as long as your account is active. After account deletion:

  • Account and restaurant data is permanently deleted within 30 days
  • Backups containing your data are purged within 90 days
  • Billing records may be retained longer as required by tax and accounting regulations
  • Anonymized, aggregated analytics data may be retained indefinitely

9. Data Security

We take reasonable technical and organizational measures to protect your data, including:

  • Encryption in transit (TLS/HTTPS) and at rest
  • Secure password hashing
  • Regular security reviews and dependency updates
  • Access controls limiting who can access production data

No system is perfectly secure. If you discover a security vulnerability, please report it to [email protected].

10. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your data:

  • Access: Request a copy of the personal data we hold about you
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your data (subject to legal retention requirements)
  • Portability: Request your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interest
  • Restriction: Request restriction of processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

11. GDPR Compliance

We are committed to compliance with the General Data Protection Regulation (GDPR). As our servers are hosted in Germany (EU), your data benefits from the protections afforded by European data protection law.

Data Processing Agreement

If you require a Data Processing Agreement (DPA) for your use of Mutfaaq, please contact us at [email protected].

Data Protection Officer

For GDPR-related inquiries, you can reach our data protection contact at [email protected].

Supervisory Authority

If you believe your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.

12. Third-Party Services

We use the following third-party services to operate Mutfaaq:

Stripe — Payment processing
Handles subscription billing securely. See Stripe's Privacy Policy.
Cloudflare — CDN, DNS, and DDoS protection
Routes and protects web traffic. See Cloudflare's Privacy Policy.
Hetzner — Server hosting
Our servers are hosted in Hetzner's German datacenters (Falkenstein/Nuremberg), ensuring your data stays within the European Union. See Hetzner's Privacy Policy.
Monocle — Error monitoring
Tracks application errors to help us detect and fix issues quickly. See Monocle's Privacy Policy.
Brevo — Email delivery and marketing
Handles transactional email delivery and waitlist management. When you sign up for our waitlist, your email address is shared with Brevo for double opt-in confirmation and contact storage. See Brevo's Privacy Policy.

13. Cookies

We use cookies and similar technologies for:

  • Essential cookies: Session management, authentication, and CSRF protection. These are strictly necessary and cannot be disabled.
  • Preference cookies: Remembering your settings such as dark mode preference and language.

We do not use advertising or third-party tracking cookies.

14. International Data Transfers

Your data may be processed in countries other than your own. Our servers are hosted in Germany (European Union) by Hetzner. Some third-party services we use (such as Stripe, Cloudflare, and Brevo) may process data outside the EU. Where data is transferred internationally, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable, in accordance with GDPR requirements.

15. Children's Privacy

Mutfaaq is designed for business use by restaurant owners and operators. The Service is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will promptly delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time. For significant changes, we will notify you via email or through the Service. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of the Service after changes constitutes acceptance of the updated policy.

17. Contact

For questions or concerns about this Privacy Policy or our data practices, contact us at:

[email protected]