Privacy Policy

Privacy Policy for TypeMenu - Digital Menus for Restaurants & Takeaways

Last Updated: 20 June 2025

TypeMenu Ltd is committed to protecting your privacy and being transparent about how we collect, use, and safeguard personal data.

This policy applies to visitors, business customers, and users of the TypeMenu platform and our corporate website. If you are a food customer placing an order through a storefront powered by TypeMenu, please also refer to the storefront-specific privacy policy displayed on that site.

1. Who We Are

TypeMenu Ltd is a UK-registered company that provides online ordering software to businesses in the hospitality and retail sectors.

We act as:

  • A data controller when collecting and processing data from business customers who use our SaaS platform (e.g. account setup, billing, support).
  • A data processor when handling personal data submitted through storefronts operated by our clients (e.g. food orders placed by their end customers).

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller (registration number ZC015326).

2. Data We Collect

When you sign up for an account or use our platform as a business customer, we may collect:

  • Business contact details (name, email, phone number).
  • Company and billing details (business name, address, VAT number, payment method).
  • Authentication and security data (username, IP address, device/browser details, session activity).
  • Usage data (login history, feature usage, support requests).

We collect this data to:

  • Provide access to the platform and manage your account.
  • Fulfil billing and subscription obligations.
  • Respond to support enquiries and technical issues.
  • Improve platform functionality and performance.
  • Meet legal and regulatory obligations.

We never sell your data or use it for third-party advertising.

3. Data Processed on Behalf of Our Clients

If you place an order through a website powered by TypeMenu, we process limited personal data on behalf of the business you’re ordering from. This may include:

  • Name, contact information, and delivery address.
  • Cart contents, order details, and preferences.
  • Payment method details (but not card numbers — payments are handled securely by third-party processors such as Stripe).
  • IP address and browser/device metadata for fraud prevention and service security.

In this context, the business you order from is the data controller. We process data strictly on their instructions, to fulfil your order and maintain service integrity.

4. Third-Party Services and International Transfers

We rely on trusted third-party providers to deliver parts of our service, including:

  • Payment processors (e.g., Stripe).
  • Communications providers (e.g., SMS and email carriers).
  • Hosting and infrastructure providers (e.g., cloud platforms).

Some of these providers may process data outside the UK/EEA. In such cases, we ensure appropriate safeguards (such as the UK International Data Transfer Agreement, EU Standard Contractual Clauses, or equivalent protections) are in place.

5. Cookies

We use cookies to:

  • Maintain secure login sessions.
  • Remember user preferences.
  • Improve website performance and analytics.

Details of cookies used are set out in our [Cookie Policy]. For end customers, storefront-specific cookie information is displayed on the ordering site.

6. How Long We Keep Your Data

  • Business customer account data is retained for as long as your account remains active, and for up to six years afterwards to comply with tax and accounting obligations.
  • Order data processed on behalf of storefront businesses is retained according to their instructions and policies.

After these periods, data is securely deleted or anonymised.

7. Your Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you.
  • Request correction of inaccurate data.
  • Request deletion of your data where applicable.
  • Restrict or object to processing in certain circumstances.
  • Request data portability.

If you’re a business customer, please contact us at support@typemenu.com to exercise your rights.

If you’re a customer of a storefront, please contact the business directly. As a processor, we can only act on their instructions.

8. Security

We take appropriate technical and organisational measures to protect personal data, including encryption, secure hosting, and access controls. However, no system is entirely secure; users are responsible for maintaining the confidentiality of their own login credentials.

9. Changes to This Policy

We may update this Privacy Policy from time to time. If changes are material, we will notify business customers by email or via the platform. The latest version will always be available on our website.

10. Contact Us

If you have questions about this policy or how your data is handled, you can contact us at:

Email: support@typemenu.com

You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO) if you believe your rights have been infringed.