← Back to Home

Privacy Policy

Last updated: May 4, 2026

1. Introduction

AllaMenu ("we", "our", or "us") operates the AllaMenu platform, including our web application, mobile dashboard, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2. Information We Collect

For Restaurant Owners & Staff

  • Account information (name, email, phone number)
  • Restaurant details (name, address, menu items, pricing)
  • Order and transaction data
  • Device information for push notifications (FCM tokens)

For Customers (Menu Users)

  • Order details (items selected, table number, order type)
  • Optional: name and phone number (if provided for delivery)
  • Device type and browser information (for analytics)

We do not require customers to create accounts or sign in to view menus or place orders.

Diagnostic & Crash Data

When the AllaMenu mobile app crashes or experiences an error, we collect anonymous diagnostic information through Firebase Crashlytics — including the stack trace, device model, operating system version, and the sequence of actions leading up to the crash. This data is not linked to your personal identity and is used solely to fix bugs and improve stability.

3. How We Use Your Information

  • To provide and maintain the AllaMenu platform
  • To process orders and facilitate restaurant operations
  • To send push notifications (order updates, waiter calls)
  • To manage subscriptions and billing
  • To improve our services and user experience
  • To communicate with restaurant owners about their accounts

4. Data Storage & Security

Your data is stored securely on Google Firebase infrastructure, which provides encryption at rest and in transit. We implement role-based access controls to ensure that restaurant data is only accessible to authorized staff members.

  • All data transmitted via HTTPS/TLS encryption
  • Firestore security rules enforce per-restaurant data isolation
  • Staff access is controlled by role-based permissions
  • Payment credentials are stored securely per restaurant

5. Third-Party Services

We use the following third-party services:

  • Google Firebase — Authentication, Firestore database, Cloud Storage, Cloud Functions, Remote Config
  • Firebase Cloud Messaging (FCM) — Push notifications to staff devices for new orders and waiter calls
  • Firebase Analytics — Aggregate, non-personally-identifying usage metrics
  • Firebase Crashlytics — Anonymous crash reports (stack traces, device model, OS version) used to fix bugs
  • Firebase App Check — Verifies that traffic to our backend originates from authentic, unmodified instances of the AllaMenu app, using App Attest on iOS and Play Integrity on Android. Not used to identify individual users.
  • Stripe — Card payment processing for international transactions. Card details are entered directly on Stripe's hosted page; AllaMenu never sees card numbers, CVV, or expiry dates.
  • Network International (N-Genius) — Card payment processing for GCC restaurants. Same hosted-page model as Stripe — AllaMenu never sees card data.
  • Vercel — Web application hosting

Each third-party service has its own privacy policy governing the use of your information.

6. Jurisdiction & Data Location

AllaMenu is operated for restaurants in the GCC region (United Arab Emirates, Saudi Arabia, Kuwait, Bahrain, Qatar, and Oman). Your data is stored in Google Cloud regions; by using AllaMenu you consent to data processing under United Arab Emirates jurisdiction. Where required by local law, restaurant data may be processed in additional Google Cloud regions for performance and reliability.

7. Data Retention

We retain restaurant account data for as long as the account is active. Order data is retained for business reporting purposes. If a restaurant owner requests account deletion, we will remove all associated data within 30 days.

8. Your Rights

You have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Withdraw consent for data processing
  • Export your data in a portable format

9. Cookies & Local Storage

Our web menu uses browser local storage to persist cart items and language preferences. We do not use tracking cookies. Firebase may use cookies for authentication sessions.

10. Children's Privacy

Our platform is not intended for use by children under the age of 13. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered restaurant owners of significant changes via email or in-app notification. Continued use of the platform constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at: