Legal

Privacy policy

This privacy policy describes how MenuPublish (“we”, “us”) collects, uses, and shares information when you use our website, demo, and product.

What we collect

  • Account information — name, email, business name, and (if you subscribe to a paid plan) billing information processed by Stripe.
  • Menu submissions — photos, PDFs, or files you upload, along with the parsed data we extract from them.
  • Usage data — IP address, browser type, pages viewed, and similar diagnostic information.
  • Analytics — if you accept our cookie banner, we use Google Analytics (via Google Tag Manager) to measure aggregate product usage. See our cookie disclosure.

How we use it

We use this information to provide and operate MenuPublish, parse and publish your menus, communicate with you about your account, improve the product, prevent abuse, and comply with legal obligations.

What we don’t do

We do not sell your personal information. We do not use your menu submissions to train third-party models. We do not share your contact list, customer data, or billing data with anyone for marketing.

Subprocessors

We share data with vendors only as needed to operate the service:

  • Stripe — billing and subscription management.
  • Postmark — transactional email and inbound menu ingestion.
  • Twilio — SMS/MMS delivery, inbound MMS routing, sender phone-number verification.
  • Anthropic — vision/language models used to parse menu submissions.
  • Cloudflare R2 — storage of uploaded menu files.
  • Google Analytics — anonymized usage analytics, only if you accept cookies.
  • Google Business Profile — when you opt in, we use Google’s Business Profile APIs to publish your parsed menu to your own Business Profile listing. See the “Google Business Profile” section below.

SMS & MMS messaging

When you (or an approved sender) add a mobile phone number to your MenuPublish account, you consent to receive SMS and MMS messages from us. We use SMS for: phone-number verification codes, confirmation replies when you text in menu photos (e.g. “Got page 2”, “Your menu is live”), and routing prompts when one number is approved on multiple accounts.

We do not share or sell your mobile phone number, or any information collected through SMS programs, with third parties for their marketing or promotional purposes. Subprocessor sharing listed above (e.g. Twilio for delivery) is the only exception, and those vendors are contractually bound to use the data solely to deliver the service.

Message frequency varies based on your inbound activity. A typical menu update triggers 2–5 outbound messages (acknowledgement of received pages, publish confirmation). We do not send proactive marketing SMS.

Message and data rates may apply. Standard message and data rates charged by your mobile carrier may apply to any SMS or MMS sent to or from MenuPublish. Check with your carrier for details.

Opt-out: reply STOP to any MenuPublish message to unsubscribe from further SMS/MMS. Reply HELPfor usage instructions. Removing a phone number from your account’s approved senders also revokes SMS access. Opt-out is immediate.

Supported carriers:AT&T, T-Mobile, Verizon Wireless, Sprint, Boost Mobile, U.S. Cellular, MetroPCS, Cricket, and most other US wireless carriers. Carriers are not liable for delayed or undelivered messages.

Google Business Profile

MenuPublish offers an opt-in integration that publishes your parsed menu directly to your own Google Business Profile listing (the food menu that appears on Google Search and Maps). The integration is connected per restaurant location and only after you explicitly authorize it on the “Integrations · Google Business Profile” page inside your account.

What we receive from Google when you connect: an OAuth refresh token and access token scoped to https://www.googleapis.com/auth/business.manage, plus the list of Business Profile locations you manage so you can pick which one to connect. We do not receive or store your Google account email, profile photo, contacts, calendar, or any other Google data.

What we do with it:

  • Read — we call accounts.locations.get with readMask=metadatato check whether the location you selected supports a food menu (Google’s canHaveFoodMenus flag). If false, we refuse to enable publishing for that location.
  • Write — when you click Publish on a menu version you have reviewed and approved in our dashboard, we call accounts.locations.updateFoodMenus to write that one menu’s structured data (sections, items, prices, dietary labels) into your listing.
  • We do not read or modify reviews, posts, photos, attributes, services, products, or any other Business Profile resource. We do not call any other Google API under this scope.

How tokens are stored: refresh and access tokens are encrypted at the application layer with AES-256-GCM before they touch our database. The database sees only ciphertext. Tokens are scoped per restaurant site, never per user, so they cannot be enumerated across accounts. We never log tokens; our publish helper redacts them from error messages before they reach our logging system.

Disconnect & deletion:you can disconnect the integration at any time from the same Integrations page. On disconnect we revoke our refresh token against Google’s token-revocation endpoint and delete the encrypted tokens from our database. Menu content you previously published to Google remains in your listing until you publish a new menu or update it manually inside Google.

MenuPublish’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Your rights

Depending on where you live, you have rights to access, correct, delete, or export your personal information. EU/UK users have rights under GDPR; California users have rights under CCPA/CPRA. To exercise any of these, email [email protected] with the subject line “Privacy request”. We’ll respond within the timeframes required by applicable law.

Retention

We retain account data for as long as your account is active. You can request deletion at any time. Some information may be retained for legal or compliance reasons (e.g. invoices for tax purposes).

Children

MenuPublish is not directed at children under 13. We don’t knowingly collect personal information from children.

Changes

We’ll update this policy as the product evolves. Material changes will be communicated by email and noted at the top of this page.

Contact

Questions or concerns? Email [email protected].

Last updated: May 12, 2026