Legal

Privacy Policy

Last updated: 1 January 2026

1. Who We Are

MENUZA AI ("we", "us", "our") is operated by Menuza Systems Inc., based in Kigali, Rwanda. We provide an AI-powered digital menu platform for restaurants.

2. Information We Collect

We collect information you provide directly, including:

  • Account data — email address, password (hashed), restaurant name, and phone number.
  • Menu content — items, prices, descriptions, and images you upload.
  • Usage data — pages visited, features used, and menu analytics events.
  • Payment data — transaction identifiers processed via PawaPay (we do not store card numbers).

3. How We Use Your Information

  • To provide and improve the Service.
  • To process payments and send order or subscription notifications.
  • To generate aggregated, anonymised analytics.
  • To respond to support requests.

We do not sell your personal data to third parties.

4. Data Storage and Security

Your data is stored on Supabase (PostgreSQL) servers. We use row-level security, encrypted connections (TLS), and hashed passwords. Images are stored in Supabase Storage with access controls. We take reasonable technical and organisational measures to protect your data.

5. Third-Party Services

We use the following third-party services:

  • Supabase — database, authentication, and file storage.
  • OpenRouter / Anthropic — AI menu extraction and conversational features.
  • PawaPay — mobile money payment processing.
  • Resend — transactional email delivery.
  • Vercel — application hosting and CDN.

Each service operates under its own privacy policy.

6. Customer Data

When your customers place orders or submit reviews through your public menu, we store the minimum information needed (order details, optional customer name/email for receipts, review content). This data belongs to you as the restaurant operator and is accessible only to you and your staff.

7. Cookies

We use session cookies for authentication. We do not use advertising or tracking cookies. Analytics events are stored server-side in your account, not in your browser.

8. Your Rights

You have the right to access, correct, or delete your personal data at any time. To delete your account and all associated data, contact us at [email protected]. We will process your request within 30 days.

9. Data Retention

We retain your data for as long as your account is active. After account deletion, personal data is purged within 30 days, except where retention is required by law.

10. Changes to This Policy

We may update this Privacy Policy periodically. We will notify you of significant changes by email. Continued use of the Service after changes takes effect constitutes acceptance.

11. Contact

For privacy-related questions or requests, email us at [email protected].