Privacy Policy

This Privacy Policy explains how Smartlio - Pametna Rješenja d.o.o. (VAT/ID 4272473690009, seated at Trnska Cesta 169, 88220 Široki Brijeg, Bosnia and Herzegovina) — operating the Meniqo platform at meniqo.com — collects, uses, shares, and protects personal data. We are the data controller for the data described in this policy unless explicitly stated otherwise.

For privacy questions or to exercise your rights, write to privacy@meniqo.com.

1. Who this policy covers

We process two distinct groups of people:

• Customers — restaurants, cafés, and bars who sign up to Meniqo to publish menus.
• Guests — end-users (your customers) who scan a QR code and view a restaurant's menu.

The data we collect, our legal bases, and your rights differ between the two. Each section below indicates which group it applies to.

2. Data we collect from Customers

• Identity & contact: name, email address, password hash (if email/password signup), Google account identifier and avatar URL (if Google signup).
• Restaurant data: business name, address, contact phone/email, logo, social media links, menu content, photos.
• Billing data: handled exclusively by Paddle (our Merchant of Record). We store only Paddle's customer reference and our internal subscription state. Card numbers, billing address, and tax details are processed by Paddle, not by us.
• Usage data: login events, admin actions inside the dashboard, IP address (used for rate-limiting and abuse detection), browser user-agent.
• Communication: emails you send to support; transactional emails we send (verification, password reset, billing notices).

3. Data we collect from Guests (people scanning a menu)

• Anonymised scan event: we hash the visitor's IP address with a one-way SHA-256 function — we never store the raw IP. Stored alongside: timestamp, requested locale, restaurant being viewed.
• User-agent string: to distinguish phones vs desktops in aggregate analytics.
• Product clicks: which dish was tapped, paired with the same hashed IP.
• Locale cookie: a small cookie remembering the language the guest chose, so they don't have to re-pick on the next scan.

We do not collect names, emails, location, or any other identifying information from guests. The hashed IP is pseudonymous and is used solely for de-duplicating analytics ("how many unique scans this week").

4. How we use the data

• To operate the Service: render menus, store content, authenticate users, send transactional emails.
• To bill subscriptions (handed to Paddle).
• To produce aggregate analytics for the restaurant (scan counts, peak hours, top dishes).
• To prevent fraud, abuse, and security incidents.
• To respond to support, legal, or compliance requests.
• To inform Customers about material changes to the Service.

We do not sell personal data. We do not use it to train AI models. We do not run third-party advertising trackers.

5. Legal bases (GDPR Art. 6)

• Contract (Art. 6(1)(b)) — to provide the Service to Customers (Sections 2 and 4).
• Legitimate interest (Art. 6(1)(f)) — aggregate scan analytics on hashed/pseudonymous data; service security; abuse prevention.
• Legal obligation (Art. 6(1)(c)) — retention of invoicing records, response to lawful requests.
• Consent (Art. 6(1)(a)) — only where applicable: optional marketing emails (you can unsubscribe at any time); any future non-essential cookies (consent banner).

6. How we authenticate you

You can sign in with email + password OR with Google ("Sign in with Google"). When you choose Google:

• Google passes us your verified email address, your name, your profile photo URL, and a stable Google user identifier.
• We send Google nothing beyond the OAuth challenge required to authenticate.
• We request the minimum scopes only: email, profile, openid. We do not request access to Drive, Gmail, Calendar, or any other Google service.
• We do not store Google access or refresh tokens — they are discarded after each sign-in.
• You can disconnect Meniqo from Google at any time at myaccount.google.com/permissions.

7. Recipients and processors

We share personal data only with carefully selected processors and only as necessary to operate the Service. The full subprocessor list is published at https://meniqo.com/subprocessors. Each processor is bound by a written data processing agreement. We do not transfer data to processors outside the EEA without an adequate legal mechanism (Standard Contractual Clauses, EU-US Data Privacy Framework, or equivalent).

8. International transfers

• Hosting (Hetzner) — Germany, within the EEA.
• Payments (Paddle) — United Kingdom; covered by the UK adequacy decision and Standard Contractual Clauses.
• Authentication (Google) — United States; covered by the EU-US Data Privacy Framework and SCCs.

9. Retention

• Customer account data: kept for the duration of your subscription and for 30 days after account closure to allow re-activation. Permanently deleted after 30 days, except where law requires longer retention.
• Invoicing records: kept for the period required by tax law (typically 10 years in BiH).
• Scan analytics (hashed IP, user-agent, timestamp): kept for 24 months, then aggregated and the underlying records purged.
• Support emails: kept for 24 months from last interaction.
• Authentication logs: 90 days for security investigation; longer if a security incident is under review.

10. Your rights under GDPR

Wherever you are located, if our processing falls under the GDPR you have the right to:

• access the personal data we hold about you;
• rectify inaccurate data;
• have your data erased ("right to be forgotten");
• restrict or object to processing based on legitimate interest;
• receive a copy of your data in a portable format;
• withdraw consent at any time, where consent is the legal basis;
• lodge a complaint with the data-protection authority of your country (in Croatia: AZOP; in BiH: Agencija za zaštitu osobnih podataka u BiH).

To exercise any of the above, email privacy@meniqo.com. We will respond within one month.

11. Security

• All traffic is served over TLS (HTTPS).
• Passwords are hashed with bcrypt — never stored in plaintext.
• Access to production systems is limited and logged.
• Database backups are encrypted at rest.
• We notify affected users and the relevant supervisory authority of personal-data breaches within 72 hours, in line with Article 33 GDPR.

12. Children

Meniqo is a B2B service intended for adult business operators. We do not knowingly collect data from children under 16. If you believe a child has provided us data, contact us and we will delete it.

13. Cookies

Information about the cookies we use is published at https://meniqo.com/cookies.

14. Changes to this policy

We may update this policy from time to time. The effective date at the top of the page reflects the latest version. Material changes will be communicated by email and via the dashboard.

15. Contact

Data controller: Smartlio - Pametna Rješenja d.o.o.
Trnska Cesta 169, 88220 Široki Brijeg, Bosnia and Herzegovina
Email: privacy@meniqo.com