Privacy Policy

MenuCraft Studio https://menucraft.studio

Last updated: February 23, 2026

This Privacy Policy describes how MenuCraft Studio ("we", "us", or "our") collects, uses, stores, and protects your personal data when you use our website and services at https://menucraft.studio (the "Service").

We are committed to protecting your privacy in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and other applicable data protection laws.

1. Data Controller

The data controller responsible for your personal data is:

MenuCraft Studio Email: hello@menucraft.studio

For any privacy-related inquiries, please contact us at the email address above.

2. What Data We Collect

2.1 Data You Provide to Us

  • Account and contact information: name, email address, phone number (when you register or place an order).
  • Uploaded content: food photographs that you upload for AI-powered enhancement through our Service.
  • Order information: details about the services you purchase, pricing plan selected, and order history.
  • Communications: messages you send to us via email or contact forms.

2.2 Payment Data

Payment processing is handled entirely by Stripe, Inc. We do not store, process, or have access to your full credit card numbers. Stripe acts as an independent data controller for payment data. Please review Stripe's privacy policy at https://stripe.com/privacy for details on how they handle your payment information.

2.3 Data Collected Automatically

  • Analytics data: we use Umami, a privacy-focused, self-hosted analytics tool. Umami does not use cookies, does not collect personal data, and does not track users across websites. All analytics data is aggregated and anonymous.
  • Technical data: our servers may automatically log IP addresses, browser type, and referring URLs for security and operational purposes. This data is retained for a limited period and is not linked to your account.
  • Cookies: we use only essential technical cookies required for the Service to function (e.g., session management, authentication). We do not use advertising or tracking cookies.

3. How We Use Your Data

We process your personal data for the following purposes and legal bases:

  • To provide our Service (legal basis: performance of a contract) — processing your orders, enhancing your uploaded photos using AI, delivering results to you.
  • To process payments (legal basis: performance of a contract) — facilitating transactions through Stripe.
  • To communicate with you (legal basis: legitimate interest) — responding to your inquiries, sending order updates and notifications.
  • To improve our Service (legal basis: legitimate interest) — analyzing aggregated, anonymous usage patterns to improve features and user experience.
  • To comply with legal obligations (legal basis: legal obligation) — meeting tax, accounting, and regulatory requirements.

4. How We Handle Your Photos

Your uploaded food photographs are central to our Service. Here is how we handle them:

  • Photos are uploaded to our secure servers solely for the purpose of AI enhancement and manual quality review.
  • We do not use your photos for any purpose other than delivering the service you requested, unless you provide explicit consent.
  • Photos are stored on our servers during the processing period and for a reasonable time after delivery to allow for revisions.
  • You may request deletion of your photos at any time by contacting us.
  • We do not share your photos with third parties except as necessary to perform the enhancement service (e.g., processing through our AI systems).

5. Data Sharing and Third Parties

We do not sell your personal data. We share your data only with the following categories of recipients:

  • Stripe, Inc. — for payment processing. Stripe is based in the US and complies with GDPR through Standard Contractual Clauses (SCCs).
  • Hosting providers — our servers and infrastructure providers who store and process data on our behalf, acting as data processors under GDPR.

All third-party processors are bound by data processing agreements ensuring GDPR-compliant handling of your data.

6. International Data Transfers

Some of our service providers (such as Stripe) may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the European Commission, to protect your data in accordance with GDPR.

7. Data Retention

We retain your personal data only for as long as necessary:

  • Account data: retained for as long as your account is active, and deleted within 30 days of account deletion request.
  • Uploaded photos: retained during processing and for up to 90 days after delivery to facilitate revisions, then deleted unless you request earlier removal.
  • Order and payment records: retained for up to 7 years as required by tax and accounting regulations.
  • Technical logs: retained for up to 30 days for security purposes.

8. Your Rights Under GDPR

As a data subject under GDPR, you have the following rights:

  • Right of access: request a copy of the personal data we hold about you.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your personal data ("right to be forgotten").
  • Right to restrict processing: request that we limit how we use your data.
  • Right to data portability: receive your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interests.
  • Right to withdraw consent: where processing is based on consent, withdraw it at any time.

To exercise any of these rights, please contact us at hello@menucraft.studio. We will respond to your request within 30 days.

You also have the right to lodge a complaint with your local data protection supervisory authority.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • Encrypted data transmission using SSL/TLS (HTTPS).
  • Secure server infrastructure with access controls.
  • Regular security reviews and updates.
  • Limited access to personal data on a need-to-know basis.

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Children's Privacy

Our Service is designed for business use and is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting the updated policy on our website and updating the "Last updated" date. We encourage you to review this page periodically.

12. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact us:

MenuCraft Studio Email: hello@menucraft.studio