Privacy Policy

1. Data Controller

MenuModa ("we", "us", "our") is the data controller responsible for your personal data. We are incorporated and operating in the Republic of Bulgaria.

Contact: info@menumoda.eu · Phone: +359 898 773 870

2. Who This Policy Applies To

This policy covers two categories of people:

• Restaurant subscribers — restaurant owners and staff who use the MenuModa admin platform.
• End customers — guests who browse a restaurant's digital menu and place delivery orders through MenuModa-powered pages.

3. Data We Collect

End customers (placing orders)

When you place a delivery order through a restaurant's menu, the following data is collected and stored:

• Full name — required to identify your order
• Phone number — required for delivery contact
• Delivery address — required to deliver your order
• Special instructions / notes — optional, if you choose to provide them
• Order contents — items ordered, quantities, price snapshot at time of order, order total
• Timestamps — when the order was placed and its status changes

We do not collect or store payment card data. No card details pass through our systems.

Restaurant admins (subscribers)

• Email address — used for login and account communication
• Restaurant information — name, logo, branding, menu content you provide
• Subscription billing — handled entirely by Stripe; we do not store card details

Technical data (all users)

• Session cookies — set by Supabase for authentication (admin users only)
• Shopping cart — stored in your browser's local storage; never sent to our servers until you place an order
• Language preference — stored as a cookie (NEXT_LOCALE)
• Analytics — anonymous page views and performance metrics via Vercel Analytics; no personally identifiable information is collected

4. Legal Basis for Processing (GDPR Art. 6)

• Art. 6(1)(b) — Contract performance: Processing your name, phone, address and order details is necessary to fulfill the delivery order you placed, and to provide the admin platform to restaurant subscribers.
• Art. 6(1)(a) — Consent: Anonymous analytics and the cookie acceptance checkbox at checkout. You may withdraw consent at any time by contacting us.
• Art. 6(1)(c) — Legal obligation: Retaining order and financial records as required by Bulgarian accounting and tax law.

5. What We Do Not Collect

• Payment card numbers, CVV codes or bank account details
• Biometric data
• Sensitive personal categories under GDPR Art. 9 (health, religion, ethnicity, etc.)
• Data from persons under 16 years of age (our service is not directed at minors)

6. Third-Party Processors

We share data with the following processors under appropriate data processing agreements:

We do not sell, rent or trade your personal data to any third party for marketing purposes.

7. Data Retention

• Order records (customer name, phone, address, order details) — retained for 5 years as required by Bulgarian Accountancy Act (Art. 42).
• Admin accounts — retained for the duration of the active subscription plus 1 year after cancellation, then deleted.
• Anonymous analytics — retained for 2 years, then aggregated or deleted.
• Shopping cart data — stored locally in your browser and cleared when you complete an order or clear your browser data.

8. Your Rights Under GDPR

You have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data, subject to legal retention obligations
• Right to restriction — request that we limit how we process your data
• Right to data portability — receive your data in a structured, machine-readable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, email us at info@menumoda.eu. We will respond within 30 days.

9. Supervisory Authority

If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the Bulgarian supervisory authority:

Commission for Personal Data Protection (CPDP)
Website: www.cpdp.bg
Phone: +359 2 91 53 518
Address: 2 Prof. Tsvetan Lazarov Blvd, 1592 Sofia, Bulgaria

10. Changes to This Policy

We may update this policy from time to time. The "Last updated" date at the top will reflect any changes. For material changes affecting your rights, we will notify active restaurant subscribers by email at least 14 days before the change takes effect.