Last updated: May 2026
1. Who we are
Sean Molloy trading as buildmymenu.app (the "Seller", "we") is the data controller for personal data collected through this service. If you have questions about how your data is handled, contact us directly.
2. What we collect
- Account data — your name, email address, login credentials.
- Business data — your business name, address, menus, dishes, photos.
- Usage / telemetry — pages viewed in the dashboard, features used, errors.
- Diner analytics — anonymous scan counts, device type, country, table number (when present).
- Support messages — content of any messages you send us.
- Device & network — IP address, browser, operating system.
3. Why we collect it
- Provide the service (contract performance);
- Authenticate you and secure your account (legitimate interest);
- Process payments via Paddle (contract performance);
- Prevent fraud and abuse (legitimate interest);
- Improve the product (legitimate interest);
- Provide customer support (contract performance);
- Send service announcements (legitimate interest);
- Send marketing emails (consent — you can withdraw anytime).
4. Who we share it with
- Paddle.com — our Merchant of Record. Paddle handles payments, subscription management, tax compliance and invoicing. See Paddle's privacy policy.
- Hosting & infrastructure — Lovable Cloud, Supabase, Cloudflare.
- AI providers — Google and OpenAI (via Lovable AI Gateway) for menu translation and PDF extraction. Menu content sent to these providers is processed transiently for that request only.
- Authorities — when required by law.
- Professional advisers — legal, accounting, when needed.
5. International transfers
Some of our service providers are based outside the UK/EEA. When data is transferred internationally we rely on Standard Contractual Clauses or adequacy decisions to ensure an equivalent level of protection.
6. How long we keep it
We keep your account data while your account is active and for 30 days after cancellation, unless we need to retain it longer to comply with legal obligations or to resolve disputes. Scan analytics are aggregated after 12 months.
7. Your rights
You have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate data;
- Request erasure ("right to be forgotten");
- Restrict or object to processing;
- Data portability;
- Withdraw consent at any time (where processing relies on consent);
- Lodge a complaint with the UK Information Commissioner's Office (ICO) or your local data protection authority.
To exercise these rights, contact us. We respond within 30 days.
8. Security
We use industry-standard technical and organisational measures: TLS encryption in transit, encryption at rest, access controls, regular backups and least-privilege access for our staff.
9. Cookies
We use essential cookies to keep you signed in and remember your preferences. We do not use third-party advertising cookies. Paddle may set cookies during checkout as part of their payment processing.
10. Changes to this notice
We may update this notice from time to time. Significant changes will be announced via email or in-app notification.