Privacy Policy

Last Updated: June 29, 2025

Your Privacy Matters: What The Menu? uses AI to translate menu photos you provide. We protect your data and give you control over your information. This policy explains how we handle your photos and personal data with transparency and care.

Information we collect and why

We collect information to provide our AI-powered menu translation service effectively while protecting your privacy:

Images you upload

We do not store your images on our servers. When you scan a menu photo, we securely transmit your image directly to our AI processing partners (including OpenAI, Google Gemini, or Anthropic Claude) for real-time translation. Your images are processed solely for translation purposes and are handled according to our AI partners' data processing policies. We do not retain, save, or store any images you upload to our service.

Account information (required for paid features)

Account creation is mandatory if you are purchasing any of our paid passes. This is the only way you can utilize the features we provide on our paid accounts. We collect your email address and password to provide enhanced features like translation history, payment processing, and access to premium functionalities. You can use our free tier features without creating an account.

Usage and location information

We collect technical information to improve our service and for marketing purposes:

IP Address: Automatically collected for security and fraud prevention
Anonymous Location Data: We track general geographic regions where our service is being used
Browser and Device Information: Technical details to optimize performance
Usage Patterns: How you interact with our app to improve user experience

We use this location and usage data for marketing purposes and to improve the quality of our service, including understanding which regions use our service most and optimizing our AI translation models for different geographic markets.

How we use your information

Legal basis (GDPR): We process your data based on your explicit consent for AI analysis and our legitimate interest in providing and improving our service.

AI Image Processing: Your uploaded images are transmitted in real-time to AI services (OpenAI, Google Gemini, or Anthropic Claude) to provide menu translations
Service Improvement: We analyze usage patterns and location data to enhance translation accuracy and user experience
Marketing and Analytics: Location and usage data help us understand our user base and improve our marketing efforts
Payment Processing: When you purchase premium features, Stripe processes your payment information securely
Customer Support: We use your account information to respond to questions and provide assistance
Legal Compliance: We may process data to comply with legal obligations and prevent fraud

                AI Processing Notice: We use artificial intelligence from various providers (OpenAI, Google Gemini, Anthropic Claude) to analyze your menu photos. This processing may include object recognition, text extraction, and language translation. While we strive for accuracy, AI translations may contain errors and should be verified independently. We reserve the right to change our AI processing partners at any time without notice.
            

Information sharing and third parties

We share your information only as necessary to provide our service:

AI Processing Partners

We use multiple AI services to process your images for translation, including but not limited to OpenAI, Google Gemini, and Anthropic Claude. Key protections include:

Your images are transmitted securely using encryption
Images are processed in real-time and not stored by us
Each AI partner has their own data processing and retention policies
We may change AI processing partners at any time to improve service quality
Data Processing Agreements ensure compliance with privacy regulations where applicable

Stripe (Payment Processing)

For premium features, we use Stripe to process payments securely. Stripe is PCI DSS Level 1 certified and maintains strict security standards. We do not store your complete payment information on our servers. We reserve the right to change payment gateways at any time without notice.

Hosting Infrastructure

Our application is hosted on cloud infrastructure that may include services like Netlify, AWS, Google Cloud, or other providers. These services provide data encryption, security monitoring, and compliance certifications. We reserve the right to change our hosting providers at any time without notice to improve service reliability and performance.

Data retention and security

How long we keep your data

Images: Not stored by us - transmitted directly to AI partners for processing
Account Data: Retained until you delete your account
Usage and Location Logs: Retained for 24 months for marketing analysis and service improvement
Payment Records: Retained for 7 years for tax and legal compliance

Security measures

We protect your data using industry-standard security measures:

HTTPS encryption for all data transmission to AI partners
Secure API connections with our AI processing partners
Regular security monitoring and audits
Limited access to personal data on a need-to-know basis
Secure payment processing through certified providers

Service provider changes

Important Notice: We reserve the right to change our hosting providers, AI processing agents (OpenAI, Google Gemini, Anthropic Claude, or others), payment gateways, or any other service providers at any time without prior notice. These changes may be made to improve service quality, reliability, cost-effectiveness, or to add new features. When such changes occur, your data will continue to be protected according to this privacy policy and applicable laws.

Your privacy rights

You have significant control over your personal data:

Access and download

You can request a copy of all personal data we have about you, including account information and usage history.

Correction and deletion

You can update account information at any time or request deletion of your data. Since we don't store images, there are no images to delete from our servers.

Data portability

You can export your account data in machine-readable format to use with other services.

Opt-out rights

You can opt out of non-essential data processing and marketing communications at any time.

EU and UK Users: Under GDPR, you have additional rights including the right to object to automated decision-making, request human review of AI decisions, and file complaints with your local data protection authority.

International data transfers

Your data may be processed in the United States and other countries where our service providers operate. We ensure adequate protection through:

Standard Contractual Clauses approved by the European Commission
EU-US Data Privacy Framework certification where applicable
Regular compliance monitoring and audits
Encryption during international data transfers

Cookies and tracking

We use essential cookies to provide our service and optional cookies to improve your experience:

Essential Cookies: Required for basic functionality (login, preferences)
Analytics Cookies: Help us understand usage patterns and location data (with your consent)
Payment Cookies: Set by our payment providers for secure payment processing

You can control cookie preferences in your browser settings or through our cookie consent manager.

Marketing and analytics

We use the anonymous location data and usage information we collect for:

Understanding which geographic regions use our service most frequently
Optimizing our AI translation models for different markets and languages
Improving our marketing campaigns and targeting
Making data-driven decisions about feature development and service improvements
Analyzing trends in menu translation requests by region

Children's privacy

Our service is not intended for children under 13. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to this policy

We may update this privacy policy to reflect changes in our practices, legal requirements, or service providers. We will notify you of significant changes by email (if you have an account) and by posting the updated policy on our website. Your continued use after changes indicates acceptance of the updated policy.

Contact us about privacy

If you have questions about this privacy policy or how we handle your data:

Email: hello@whatthemenu.com

We will respond to privacy inquiries within 30 days (or 1 month for GDPR requests).