Your menu is a business asset. We treat it as one: encrypted in transit and at rest, retained only as long as necessary, never shared with third parties for anything outside the audit process. This page documents exactly what we collect, where it lives, and how long we keep it.
All MenuRegistry infrastructure runs in the United States. The specific components:
We collect the minimum necessary to operate the service. By category:
Email address (required for login and transactional email). Name is optional. We do not collect phone numbers, addresses, or other personal details.
Payment processing is handled entirely by Stripe. MenuRegistry never receives or stores card numbers, CVV codes, or bank account details. We hold your Stripe customer ID and subscription metadata (tier, billing cycle, status) only.
The menu content you upload or paste (PDF file, image file, or text), the generated audit results (per-dish allergen matrix, risk flags), and audit metadata (timestamp, content hash, input format). This is the core data the service produces and retains for your audit log.
IP address, user-agent string, and request paths are logged for 90 days. These logs are used for fraud detection, abuse prevention, and service reliability. They are not used for behavioral analytics or advertising.
We keep different categories of data for different lengths of time based on their purpose:
The following third-party services process data on our behalf. We have reviewed the data handling terms for each:
Application hosting, serverless functions, file storage, database
Automated menu analysis (audit engine)
Anthropic does not train its models on customer API data per their commercial terms. Anthropic commercial terms ↗
Payment processing and subscription management
Transactional email (account confirmation, receipts)
Depending on your jurisdiction, you have rights over your personal data. These include the right to access a copy of the data we hold on you, the right to correct inaccurate data, the right to request deletion of your data, and the right to data portability (receiving your data in a machine-readable format).
To exercise any of these rights, email hello@menuregistry.com from the email address associated with your account. We will respond within 30 days. Account deletion requests are processed within 72 hours for active data and within 30 days for backup systems.
In the event of a confirmed security incident that affects your data, we will notify affected customers within 72 hours of confirming the incident. Notification will be sent to the email address on your account and will include a description of the data affected, the scope of the incident, and the steps we have taken in response.
If you believe you have identified a security vulnerability in MenuRegistry, please report it to hello@menuregistry.com. We will acknowledge receipt within one business day.
Questions about data handling? Email hello@menuregistry.com. Also see our Privacy Policy for the full legal treatment.