Overview :

This Privacy Policy explains how Menulyn collects, uses, stores, discloses, and protects personal data and business information when you use our website, restaurant SaaS platform, admin dashboard, QR menu pages, table booking tools, online ordering services, mobile applications, kiosk ordering, cash register tools, customer interfaces, and related services.

Menulyn is designed for restaurants, cafes, hotels, fast food outlets, food courts, cloud kitchens, bakeries, bars, lounges, catering businesses, and hospitality businesses in Kenya. The platform helps these businesses manage menus, orders, bookings, customers, staff, delivery, pickup, dine-in operations, payments, reports, and customer engagement.

This policy is intended to meet international privacy standards while being aligned with Kenya's Data Protection Act, 2019 and related regulations administered by the Office of the Data Protection Commissioner (ODPC).

Who This Policy Applies To :

This policy applies to restaurant owners, business administrators, staff users, customers, delivery users, partners, website visitors, support contacts, and any person whose personal data is processed through Menulyn.

For restaurant customer data, the restaurant may act as the primary data controller for information it collects from its customers, while Menulyn may act as a technology provider, processor, or service provider depending on the specific processing activity.

Information We Collect :

• We may collect account information such as name, email address, phone number, password, user role, business profile details, and authentication records.
• We may collect restaurant information such as restaurant name, branch details, business address, logo, menus, food categories, item descriptions, prices, images, operating hours, delivery zones, service charges, tax settings, payment settings, staff roles, and business configuration data.
• We may collect customer transaction information such as cart items, order notes, dine-in details, pickup details, delivery details, table numbers, booking requests, order status, payment references, invoice records, and customer support history.
• We may collect payment-related records such as transaction references, payment method, amount, invoice number, subscription status, billing date, and payment confirmation details. Menulyn does not intentionally store full card numbers where payments are handled by third-party payment processors.
• We may collect device, usage, and security data such as IP address, browser type, device type, operating system, login activity, session activity, error logs, API logs, approximate location based on technical data, and analytics events.

Information Provided Voluntarily :

You may provide additional information when submitting contact forms, requesting a demo, applying as a partner, opening a support ticket, uploading restaurant branding, adding custom domain details, submitting feedback, or sharing documents for setup support.

This information is used to respond to your request, configure your restaurant account, provide support, improve Menulyn services, and personalize your experience where appropriate.

How We Use Information :

• We use information to create and manage restaurant, customer, staff, delivery, and partner accounts.
• We use information to process online orders, QR menu requests, dine-in orders, pickup orders, delivery orders, table bookings, subscriptions, invoices, and support requests.
• We use information to help restaurants manage menus, kitchen workflows, waiter activities, cashier operations, delivery dispatch, kiosk orders, HRM, reports, and customer communication.
• We use information to provide customer support, troubleshoot issues, monitor performance, prevent fraud, improve security, and maintain reliable platform operations.
• We use information to send service messages, order updates, booking confirmations, security alerts, billing notices, product updates, policy notifications, and marketing communications where permitted by law or consent.

Legal Basis for Processing :

Menulyn processes personal data where necessary to perform a contract, provide requested services, comply with legal obligations, protect legitimate business interests, prevent fraud, maintain security, support restaurant operations, or where consent has been obtained.

Where consent is required, you may withdraw consent subject to legal, contractual, operational, or legitimate retention requirements. Withdrawal of consent may affect access to some Menulyn services.

Restaurant Responsibilities :

Restaurants using Menulyn are responsible for ensuring that customer-facing content, menus, prices, food descriptions, operating hours, tax settings, delivery zones, offers, staff access, and privacy notices are accurate and lawful.

Restaurants must use customer data only for legitimate restaurant operations, order fulfilment, customer communication, lawful marketing, reporting, and other purposes permitted by applicable law and Menulyn's Terms of Service.

Restaurants are responsible for controlling staff access, removing users who no longer work for the business, protecting account credentials, and avoiding unauthorized disclosure of customer data.

Information Sharing :

• Menulyn does not sell or rent personal data. We may share information only where necessary to operate the platform, provide requested services, comply with law, protect rights and safety, or support restaurant operations.
• Information may be shared with hosting providers, payment processors, SMS providers, email providers, push notification providers, analytics providers, maps providers, fraud-prevention services, backup providers, technical support providers, and other service providers working on our behalf.
• Information may also be visible to restaurants, branch managers, kitchen users, waiters, cashiers, delivery users, or other authorized users involved in processing an order, booking, customer request, or restaurant workflow.
• We may disclose information to regulators, courts, law enforcement, government authorities, auditors, or professional advisers where required by law, legal process, compliance obligations, or protection of platform integrity.

Payments and Third-Party Providers :

Payments may be processed through third-party payment providers such as mobile money, card processors, banks, or payment gateways. These providers process payment information under their own terms and privacy policies.

Menulyn stores payment references, invoice records, order amounts, payment status, and reconciliation information needed for billing, support, accounting, fraud prevention, and dispute resolution.

Cookies and Similar Technologies :

Menulyn may use cookies, local storage, session identifiers, pixels, and similar technologies to keep users signed in, remember preferences, secure sessions, measure website performance, understand feature usage, and improve the ordering and restaurant management experience.

You may disable cookies in your browser settings, but some features such as login, dashboards, checkout, QR menu sessions, or security controls may not work correctly.

Data Security :

We use reasonable technical and organizational safeguards to protect personal data and restaurant business information. These may include SSL encryption, secure servers, access controls, password protection, role-based permissions, backups, monitoring, audit logs, and administrative controls.

No online platform can guarantee absolute security. Users and restaurants must also protect their passwords, devices, staff accounts, network access, and third-party integrations.

Data Retention :

We retain personal data and business information only for as long as necessary to provide Menulyn services, maintain restaurant records, comply with legal and tax obligations, resolve disputes, prevent fraud, enforce agreements, support backups, and maintain platform security.

Some records, such as invoices, payment references, order records, audit logs, and compliance information, may be retained for longer where required by law or legitimate business needs.

Data Subject Rights :

Subject to verification and applicable law, you may request access to your personal data, correction of inaccurate data, deletion of eligible data, objection to certain processing, withdrawal of consent, restriction of processing, or a copy of your personal data.

Requests may be limited where data must be retained for legal, security, contractual, accounting, fraud-prevention, dispute-resolution, or legitimate operational reasons.

Cross-Border Processing :

Menulyn may use infrastructure, hosting, support, analytics, or service providers located in Kenya or other jurisdictions. Where personal data is transferred outside Kenya, Menulyn will take reasonable steps to use appropriate safeguards as required by applicable Kenyan data protection law.

By using Menulyn, you understand that data may be processed in locations where our service providers operate, subject to appropriate contractual and technical safeguards.

Children and Minors :

Menulyn is intended for restaurants, food businesses, staff, partners, and customers who can lawfully use online ordering and booking services. We do not knowingly collect personal data from children without appropriate consent.

If you believe a minor has provided personal data without proper authorization, contact us so we can review and take appropriate action.

Marketing Communications :

We may send product updates, offers, onboarding messages, educational content, or marketing communication where permitted by law, based on consent or legitimate interest. You may opt out of non-essential marketing messages at any time.

Service messages such as order updates, booking confirmations, billing alerts, security notices, and critical account communications may still be sent even if you opt out of marketing.

Account Closure and Deletion :

Users may request account deletion or closure through the official Menulyn support channels or the account deletion page where available. Before deletion, we may verify identity, confirm account ownership, and check for unresolved billing, security, legal, or operational requirements.

Deletion may not remove records that Menulyn or a restaurant is required to keep for legal, tax, fraud-prevention, dispute-resolution, accounting, or legitimate business reasons.

Updates to This Policy :

We may update this Privacy Policy from time to time to reflect product changes, legal requirements, security improvements, new modules, or changes in how we process data.

The updated version will be posted on this page. Continued use of Menulyn after an update means you accept the revised policy.

Downloadable Copy :

Menulyn provides downloadable copies of this Privacy Policy for reference, internal review, signing, stamping, and record keeping. The online version published on this page remains the active version unless a separately signed agreement states otherwise.

The Word version is provided for internal review, signing, stamping, or manual completion where required, while the PDF version is suitable for sharing or uploading as an official published copy.

Contact Us :

For privacy questions, data subject requests, complaints, support inquiries, or restaurant account assistance, contact Menulyn using the official support channels below.

• support@menulyn.com
• +254 718 505 072
• Menulyn, Nairobi, Kenya