SnapMenu

Privacy Policy

Last updated: November 2025

1. Introduction and Controller

This Privacy Policy explains how SnapMenu collects and processes personal data in connection with its hosted menu platform and related services.

For the purposes of the EU General Data Protection Regulation (GDPR), SnapMenu is operated by an individual based in Cyprus, who acts as:

  • Data controller for personal data related to SnapMenu's own website, account management, billing, support, and analytics configured for SnapMenu's own purposes.

  • Data processor for personal data contained in Venue-supplied content and configuration where SnapMenu hosts or displays that data on behalf of the Venue.

You can contact SnapMenu about privacy matters at snapmenucy@gmail.com.

2. Personal Data We Collect

2.1 Account and Venue Administration Data

When you create or manage an Account or onboard a Venue, SnapMenu may collect:

  • Name and contact details of the account holder or venue contact person (for example email address and phone number).

  • Login credentials and authentication data.

  • Business information such as Venue name, subdomain or custom domain, and basic contact information displayed in the menu interface.

2.2 Payment and Billing Data

Payments are processed through third party providers such as Stripe. When you pay for a subscription:

  • SnapMenu's payment processor collects your payment card details and related billing information directly on its own systems.

  • SnapMenu receives limited payment information such as transaction identifiers, subscription details, amounts, and billing status in order to manage your subscription and account.

2.3 Usage and Analytics Data

SnapMenu uses Google Tag Manager (GTM) and Google Analytics 4 (GA4), or direct GA4 integration, to track usage of the SnapMenu website, landing pages, and, where enabled, client menu pages.

The analytics system may record:

  • Page views and navigation events.

  • QR code scan events identified via UTM parameters.

  • Menu interaction events such as group selection, layout changes, dietary filter usage, language changes, contact clicks, and information modal opens.

  • Basic technical and contextual data such as establishment identifiers, locale, UTM campaign parameters, approximate location derived from IP address, device and browser information, referrer URLs, and timestamps.

  • Aggregated error and search events used for troubleshooting and product improvement.

Analytics may be disabled in non-production environments or certain deployments, and may be configured using different GTM containers or GA4 measurement IDs for staging and production.

2.4 Communications Data

If you contact SnapMenu by email or other channels, SnapMenu will process the content of your communication and any contact details you provide in order to respond and keep a record of correspondence.

2.5 Data SnapMenu Processes for Venues

Venues configure Menu Data and related content, which may include menu items, translations, dietary flags, images, establishment information, and routing configuration for subdomains and custom domains.

This Menu Data is generally business information about the Venue's offerings and is not intended to identify individual persons. To the extent that Menu Data includes personal data (for example, where a Venue chooses to include a person's name or contact details), SnapMenu processes that data as a processor on behalf of the Venue.

3. Non-Personal Menu Data

SnapMenu processes Menu Data solely for the purpose of hosting and displaying the Venue's menu to Customers and enabling related functions such as multi-language support, groups, layout options, dietary filters, and theme configuration.

SnapMenu may use aggregated, anonymized statistics about menu usage and configuration for service improvement and reporting, provided such statistics do not identify individual persons.

4. Purposes and Legal Bases of Processing

SnapMenu processes personal data for the following purposes and legal bases under GDPR:

  • Account and subscription management to create and manage Accounts, onboard Venues, process payments, and provide customer support. Legal basis: performance of a contract or steps taken at your request before entering into a contract.

  • Service operation and security to operate, maintain, and secure the platform, including logging, monitoring, and preventing abuse. Legal basis: legitimate interests in providing a secure and reliable service, and compliance with legal obligations.

  • Analytics and product improvement to understand how the platform is used, measure QR code scans and engagement with menu content, and improve features. Legal basis: legitimate interests in improving the service and supporting Venues, and, where required by local law for certain cookies or tracking technologies, consent.

  • Communications to respond to inquiries, send operational notices, and provide support. Legal basis: performance of a contract and legitimate interests in maintaining business relationships.

  • Compliance to comply with legal obligations, such as accounting and record-keeping requirements, and to respond to lawful requests from public authorities. Legal basis: compliance with legal obligations.

  • Marketing to send occasional information about new features or offers to existing customers, subject to applicable direct-marketing rules. Legal basis: legitimate interests in promoting the service, or consent where required.

5. Cookies and Similar Technologies

SnapMenu and its analytics providers use cookies, tags, and similar technologies to operate the service and collect usage data. This may include:

  • Essential cookies that are necessary for basic operation and security.

  • Analytics cookies and tags used by GA4 and GTM to track events such as page views, QR code scans, menu interactions, and contact clicks.

Where required by law, SnapMenu will seek consent before using non-essential cookies or similar technologies.

6. Recipients and International Transfers

SnapMenu may share personal data with:

  • Hosting and infrastructure providers that store and serve the platform.

  • Payment processors (for example Stripe) that process subscription payments.

  • Analytics providers such as Google, through GA4 and GTM, which receive usage and event data as described above.

  • Professional advisors such as accountants or lawyers where necessary for legitimate business purposes.

  • Public authorities where required by law or to protect rights and interests.

Some recipients may be located outside the European Economic Area. In such cases, SnapMenu will ensure that appropriate safeguards are in place, such as the use of the European Commission's Standard Contractual Clauses or equivalent lawful transfer mechanisms.

7. Data Retention

SnapMenu retains personal data only for as long as necessary for the purposes described in this Policy or as required by law. In particular:

  • Account and subscription data are retained for the duration of the business relationship and for a reasonable period afterward for record-keeping and legal purposes.

  • Payment-related records are retained for periods required by tax and accounting laws.

  • Analytics data are retained according to the settings and policies of the analytics provider and may be aggregated or anonymized over time.

  • Communications data are retained for as long as necessary to manage the correspondence and maintain a record of interactions.

SnapMenu may delete or anonymize data earlier if it is no longer needed.

8. Data Subject Rights

Under GDPR, you have the following rights in relation to your personal data, subject to conditions and limitations in the law:

  • Right of access to obtain confirmation whether SnapMenu processes your personal data and receive a copy.

  • Right to rectification of inaccurate or incomplete personal data.

  • Right to erasure of personal data in certain circumstances.

  • Right to restriction of processing in certain circumstances.

  • Right to data portability, where legally applicable, for personal data you provided to SnapMenu.

  • Right to object to processing based on legitimate interests, including profiling, and to direct marketing.

  • Where processing is based on consent, the right to withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise your rights, contact snapmenucy@gmail.com. SnapMenu may need to verify your identity before responding. Where SnapMenu acts as a processor on behalf of a Venue, SnapMenu will redirect your request to the relevant Venue where appropriate.

You also have the right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus or with your local data protection authority.

9. Security

SnapMenu implements technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. No system is completely secure, and SnapMenu cannot guarantee absolute security, but reasonable efforts are made to protect the information processed through the service.

10. Children

SnapMenu is a business-focused service and is not intended for use by children as data subjects in their own right. SnapMenu does not knowingly collect personal data directly from children.

11. Changes to This Policy

SnapMenu may update this Privacy Policy from time to time. When changes are made, the "Last Updated" date may be revised and reasonable efforts will be made to inform affected users where appropriate. Continued use of the service after changes take effect indicates acceptance of the updated Policy.

12. Contact

For any questions or requests regarding this Privacy Policy or the processing of your personal data, contact: snapmenucy@gmail.com.

Privacy Policy