getmenu.online logo
Sign In

Privacy Policy

Our privacy policy and how we use your data

Last updated: 16 May 2026

1. Controller

This Privacy Policy explains how personal data is processed in getmenu.online / GetMenu Online.

The controller is Plumbaum Web Solutions, org.nr 835455432, Norway.

Restaurants using GetMenu are responsible for the restaurant content and for their own customer handling. For data processed through the GetMenu platform, GetMenu acts as the platform provider and processes data as described below.

2. Data we process

Depending on how the service is used, we may process the following categories of data:

Account and authentication data

  • Account email address, authentication identifiers and session data.
  • Profile details such as name and phone number where provided.
  • Security and login data needed to keep accounts protected.

Restaurant and menu data

  • Restaurant profile, company details, address, contact details, opening hours and payment setup status.
  • Menu items, prices, photos, descriptions, ingredients, allergens, options and availability.
  • Public restaurant links, table ordering settings and takeaway settings.
  • Subscription, billing status and account administration data for restaurant accounts.

Customer order data

  • Name, email address, phone number and optional order note entered during checkout.
  • Order contents, selected restaurant, table number or pickup information, timestamps and order status.
  • Payment status, payment provider references, transaction references, invoice/receipt references and refund status where applicable.
  • Email data needed to send order confirmations, status links, invoices or receipts.

Technical and security data

  • IP address, user agent, request metadata and rate-limiting or anti-abuse data.
  • Cookies, localStorage and sessionStorage values needed for login, language, theme, cart, checkout draft and interface preferences.
  • Server logs, error logs and security events needed to operate and protect the service.

3. Purposes of processing

  • Provide, maintain and secure the GetMenu platform.
  • Manage restaurant accounts, teams, subscriptions and public menu pages.
  • Display public menus and restaurant information.
  • Create and process takeaway and table orders.
  • Send order confirmations, status links, invoices and receipts.
  • Process payments, captures, cancellations and refunds through the current payment provider.
  • Prevent fraud, abuse, spam and unauthorized access.
  • Comply with accounting, tax, legal and security obligations.

4. Legal basis

  • Contract: to provide the app, restaurant account, checkout and ordering functionality.
  • Legal obligation: to comply with accounting, tax, security and legal requirements.
  • Legitimate interest: to maintain security, prevent abuse, troubleshoot errors and improve platform reliability.
  • Consent: only where a specific feature asks for consent, such as optional marketing or optional cookie categories if introduced.

5. Processors and third parties

We use service providers only where needed to operate the platform. The actual provider may depend on the current configuration.

  • Supabase: database, authentication, storage and related backend services.
  • Stripe: payment processing, payment authentication, payment references, captures and refunds.
  • Vercel: hosting, delivery, deployment infrastructure and technical logs.
  • Email provider: Resend or SMTP/Nodemailer, depending on configuration, for transactional emails.
  • Cloudflare Turnstile: captcha and anti-abuse checks where enabled.
  • Sentry: technical error monitoring where enabled.
  • Google services: sign-in provider if enabled and map/location links where restaurants add them.

6. Retention

  • Account data is kept while the account exists and for as long as needed for security, billing or legal obligations.
  • Restaurant and menu data is kept until removed by the restaurant or account owner, subject to backup and legal retention periods.
  • Order, payment and invoice data is kept as needed for accounting, tax, dispute handling and legal obligations.
  • Technical and security logs are kept for a limited period where possible, unless longer retention is needed for security, abuse prevention or legal reasons.

7. Your rights

Where GDPR/EEA data protection law applies, you may have the following rights:

To exercise your rights, contact Plumbaum Web Solutions through the contact details available in the service. You may also complain to the relevant data protection authority.

  • Access to your personal data.
  • Correction of incorrect or incomplete data.
  • Deletion of data where legally available.
  • Restriction of processing.
  • Data portability where applicable.
  • Objection to processing based on legitimate interest.
  • Withdrawal of consent where processing is based on consent.

8. Security

We use technical and organizational measures intended to protect personal data, including access controls, authentication, rate limiting and separation of restaurant account data.

No online service can guarantee absolute security. Users and restaurants must keep their login credentials secure and notify us about suspected unauthorized access.

9. Changes to this policy

We may update this Privacy Policy when the service, providers or legal requirements change. The current version will be available in the app or on getmenu.online.