Privacy Policy

Effective date: [Effective date, e.g. April 15, 2026] | Last updated: [Effective date, e.g. April 15, 2026]

1. Who We Are

ZapMenu (we, us, our) is operated by [Your business name or ZapMenu as sole proprietor], based in [Your city, e.g. Tanuku], India. We provide digital menu services to restaurants.

Contact: [Your support email, e.g. hello@zapmenu.in] | [Support WhatsApp number]

2. What Data We Collect

Personal data from restaurant owners:

  • Full name, email address, phone number (for account creation)
  • Restaurant name, address, city, phone number (for your menu page)
  • Payment information (processed by Razorpay; we do not store card details)
  • Profile photos and menu item images you upload
  • Usage data such as login events and feature usage

Data from your customers (people scanning QR codes):

  • We do not require customers to create accounts
  • We do not track individual customers
  • We use Vercel Analytics to count page views (anonymous, no personal data)

3. How We Use Your Data

  • To provide and operate the ZapMenu service
  • To send account-related emails and OTP messages
  • To process payments through Razorpay
  • To send service announcements and important updates
  • We do not sell your data to third parties
  • We do not use your data for advertising

4. Data Sharing

We share data only with:

  • Supabase (database hosting) to store restaurant and menu data
  • Vercel (hosting) to serve menu pages
  • Razorpay (payments) to process subscription payments
  • Twilio (SMS) to send OTP codes for phone login
  • Resend (email) to send transactional emails

All partners are bound by their own privacy policies and data processing agreements.

5. Data Storage And Security

  • All data is stored in Supabase (servers in Singapore, closest to India)
  • Data is encrypted in transit (HTTPS/TLS)
  • Data is encrypted at rest in Supabase
  • Passwords are never stored directly; authentication is handled by Supabase Auth
  • Phone OTPs expire within 10 minutes
  • Row Level Security is enabled so owners can access only their own data

6. Your Rights Under The DPDP Act 2023

You have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate personal data
  • Delete your personal data (right to erasure)
  • Withdraw consent for data processing
  • Nominate someone to exercise your rights in case of death or incapacity

To exercise these rights, email [Your support email, e.g. hello@zapmenu.in] or WhatsApp [Support WhatsApp number]. We respond within 72 hours.

7. Data Retention

  • Active accounts: data retained while subscription is active
  • Cancelled subscriptions: data retained for 90 days, then deleted
  • Deleted accounts: personal data deleted within 30 days
  • Payment records may be retained for 7 years for tax and compliance obligations

8. Cookies

We use essential cookies only:

  • Authentication session cookies required to stay logged in
  • No advertising cookies
  • No third-party tracking cookies

Vercel Analytics uses anonymous visitor counts and does not require personal tracking.

9. Children

ZapMenu is not directed at children under 18. We do not knowingly collect personal data from minors.

10. Changes To This Policy

We notify account owners by email before material policy changes. Continued use of the service after updates means acceptance of the revised policy.

11. Contact

For privacy-related questions: [Your support email, e.g. hello@zapmenu.in]

For urgent matters: [Support WhatsApp number] (WhatsApp)

Address: [Your business name or ZapMenu as sole proprietor], [Your city, e.g. Tanuku], Andhra Pradesh, India