Privacy Policy

Last Updated: 22 February 2026

TypeMenu Ltd is committed to protecting your privacy and being transparent about how we collect, use, and safeguard personal data.

This policy applies to visitors, business customers, and users of the TypeMenu platform and our corporate website. If you are a food customer placing an order through a storefront powered by TypeMenu, please also refer to the storefront-specific privacy policy displayed on that site.

1. Who We Are

TypeMenu Ltd is a UK-registered company that provides online ordering software to businesses in the hospitality and retail sectors.

We act as:

A data controller when collecting and processing data from business customers who use our SaaS platform (e.g. account setup, billing, support).
A data processor when handling personal data submitted through storefronts operated by our clients (e.g. food orders placed by their end customers).

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller (registration number ZC015326).

2. Data We Collect

When you sign up for an account or use our platform as a business customer, we may collect:

Business contact details (name, email, phone number).
Company and billing details (business name, address, VAT number, payment method).
Authentication and security data (username, IP address, device/browser details, session activity).
Usage data (login history, feature usage, support requests).

We collect this data to:

Provide access to the platform and manage your account.
Fulfil billing and subscription obligations.
Respond to support enquiries and technical issues.
Improve platform functionality and performance.
Meet legal and regulatory obligations.

We never sell your data or use it for third-party advertising.

When you subscribe to our newsletter, submit a contact form, or request emailed results from our tools, we collect:

Email address — used to send the requested content and, if opted in, newsletter communications.
Subscription date and source — to track how you subscribed.

We use this data to:

Send you the content you requested (tool results, newsletter, enquiry responses).
Deliver occasional updates on restaurant technology and direct ordering (newsletter subscribers only).
Understand content engagement to improve what we send.

You can unsubscribe from the newsletter at any time via the link in every email. We never share subscriber lists with third parties.

3. Data Processed on Behalf of Our Clients

If you place an order through a website powered by TypeMenu, we process limited personal data on behalf of the business you’re ordering from. This may include:

Name, contact information, and delivery address.
Cart contents, order details, and preferences.
Payment method details (but not card numbers — payments are handled securely by third-party processors such as Stripe).
IP address and browser/device metadata for fraud prevention and service security.

In this context, the business you order from is the data controller. We process data strictly on their instructions, to fulfil your order and maintain service integrity.

4. Third-Party Services and International Transfers

We rely on trusted third-party providers to deliver parts of our service, including:

Payment processors (e.g., Stripe).
Communications providers (e.g., SMS and email carriers).
Hosting and infrastructure providers (e.g., cloud platforms).
Email delivery (e.g., Resend) — for sending transactional and newsletter emails. Email addresses are processed in accordance with the provider’s data protection agreements.

Some of these providers may process data outside the UK/EEA. In such cases, we ensure appropriate safeguards (such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or equivalent protections) are in place.

5. Cookies

We use cookies to:

Maintain secure login sessions.
Remember user preferences.
Improve website performance and analytics.

Details of cookies used are set out in our [Cookie Policy]. For end customers, storefront-specific cookie information is displayed on the ordering site.

6. How Long We Keep Your Data

Business customer account data is retained for as long as your account remains active, and for up to six years afterwards to comply with tax and accounting obligations.
Newsletter subscriber data is retained while you remain subscribed. After unsubscribing, email addresses are removed within 30 days.
Contact form submissions are retained for up to 12 months to manage ongoing enquiries.
Order data processed on behalf of storefront businesses is retained according to their instructions and policies.

After these periods, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you.
Request correction of inaccurate data.
Request deletion of your data where applicable.
Restrict or object to processing in certain circumstances.
Request data portability.

If you’re a business customer, please contact us at support@typemenu.com to exercise your rights.

If you’re a customer of a storefront, please contact the business directly. As a processor, we can only act on their instructions.

8. Security

We take appropriate technical and organisational measures to protect personal data, including encryption, secure hosting, and access controls. However, no system is entirely secure; users are responsible for maintaining the confidentiality of their own login credentials.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify business customers by email or via the platform. The latest version will always be available on our website.

10. Contact Us

If you have questions about this policy or how your data is handled, you can contact us at:

Email: support@typemenu.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your rights have been infringed.