Privacy Policy

1. Information We Collect

Account & Restaurant Data

• Restaurant owners: Name, email address, phone number (WhatsApp), restaurant name, branch details, and billing information when upgrading to Pro.
• Menu content: Menu items, categories, images, prices, and descriptions you upload to the platform.
• Account credentials: Email and password (passwords are hashed and never stored in plaintext), or Google OAuth tokens if you sign in with Google.

Usage Analytics

• Usage data: Pages visited, features used, time spent in the dashboard, and actions taken.
• Device information: Browser type, operating system, IP address, and device identifiers.

Customer & Order Data

When your customers scan your QR menu and place orders, QuickMenu processes minimal data. Customers are not required to create accounts. Order information (items, table, name) is transmitted via WhatsApp and stored temporarily in your dashboard for up to 24 hours for completed orders.

2. How We Use Your Information

We use the information we collect to:

• Provide, operate, and maintain the QuickMenu platform and all its features.
• Send order notifications to restaurant owners and staff via Firebase Cloud Messaging.
• Process payments and manage subscription plans (Free/Pro).
• Send transactional emails (account confirmation, password reset, billing receipts).
• Provide customer support and respond to inquiries.
• Analyze aggregate usage trends to improve our product using anonymized data only.
• Comply with legal obligations and enforce our Terms of Service.

3. Data Storage & Security

QuickMenu uses Google Firebase (Firestore, Firebase Storage, Firebase Authentication) hosted on Google Cloud infrastructure. Data is stored in secure, encrypted data centers compliant with UAE data residency requirements.

Security Measures

• All data in transit is encrypted using TLS 1.2+.
• All data at rest is encrypted using AES-256.
• Firestore Security Rules enforce that only authenticated restaurant owners can write to their own data.
• Firebase Authentication handles credential management; we never have access to raw passwords.
• Regular security audits and vulnerability assessments are performed.

4. Cookies & Tracking

QuickMenu uses a minimal set of cookies and local storage to provide a functional experience. We do not use third-party advertising cookies, tracking pixels, or cross-site trackers.

Essential Cookies

• Authentication session: Firebase Auth stores an encrypted session token to keep you logged in to the owner dashboard.
• Language preference: A small value stored in localStorage/SharedPreferences to remember your chosen language (AR/EN).

Analytics

• Firebase Analytics: We use Firebase Analytics to understand how the app is used in aggregate. This data is anonymized and does not personally identify individual users.

For full details on managing cookies, see our Cookie Policy.

5. Third-Party Services

WhatsApp (Meta)

Orders placed through QuickMenu are sent as WhatsApp messages from the customer's account to the restaurant's number. QuickMenu does not store or intercept WhatsApp message content. Meta's Privacy Policy applies to those communications.

Google Firebase

We use Firebase for authentication, database (Firestore), file storage, and push notifications. Google's Firebase Privacy Policy governs how this infrastructure handles data.

Google Sign-In

If you choose to sign in with Google, we receive your Google account name and email address. We do not receive your Google password or any other account data.

Google Maps

When customers use "Use My Location" in the delivery order flow, their device GPS coordinates generate a Google Maps link included in the WhatsApp order message. Location data is not stored on our servers.

6. Your Rights

Depending on your jurisdiction (including the UAE, Saudi Arabia, Qatar, and EU/GDPR regions), you have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate data. You can update most information directly in the owner dashboard.
• Erasure: Request deletion of your account and all associated data ("right to be forgotten").
• Portability: Request your data exported in a machine-readable format.
• Objection: Object to certain types of processing, including direct marketing.
• Restriction: Request that we restrict processing of your data in certain circumstances.

7. Data Retention

• Active accounts: Account and menu data is retained indefinitely while your account remains active.
• Deleted accounts: All account data is permanently deleted within 30 days of account closure upon request.
• Order data: Completed orders are auto-deleted from the dashboard after 24 hours. Raw analytics records may be retained for up to 90 days.
• Menu content & images: Retained while your account is active; deleted upon account closure.
• FCM tokens: Device tokens for push notifications are stored securely and invalidated when a device is removed.

8. Children's Privacy

QuickMenu is not directed to children under 16 years of age. We do not knowingly collect personal information from minors. If you believe a child has provided us with personal information, please contact us immediately and we will delete it promptly.

9. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. For material changes, we will notify active users via email at least 14 days before the changes take effect.

Your continued use of QuickMenu after the effective date of any changes constitutes your acceptance of the updated policy. If you do not agree to the changes, please stop using the Service and contact us to close your account.

10. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the handling of your data, please reach out:

• Email: getquickmenu@gmail.com
• WhatsApp: +880 196 934 3158
• Address: getquickmenu.com