Last updated: July 14, 2026
Back to homePrivacy Policy
1. Introduction
This Privacy Policy describes how SBmenu ("we," "us," or "our") collects, uses, stores, and shares information about you when you use our digital menu platform (the "Service"). We are committed to protecting your privacy and handling your data transparently. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.
2. Information We Collect
We collect the following categories of information: (a) Account Information. When you create an account, we collect your name, email address, and (if you sign in via a third-party provider such as Google or Telegram) your public profile information. If you sign in via the Telegram Mini App, we receive your Telegram user ID and basic profile data as transmitted by the Telegram client. (b) Restaurant Content. We collect and store all content you create or upload through the Service, including establishment names and descriptions, category and dish names and descriptions, prices, and the images you upload for establishments, categories, and dishes. (c) Payment Information. When you make a payment, we collect and store the transaction amount, payment method used, a reference identifier from the payment provider, the subscription period covered, and the payment status. We do not collect or store full credit card numbers — when you pay by card, your card details are sent directly to our payment processor and never reach our servers. (d) Telegram Data. If you use the Service through the Telegram Mini App, we receive authentication data from the Telegram client, which includes your Telegram user ID, first name, and username. This data is cryptographically verified before being processed. If you make payments via Telegram Stars, we store the Telegram charge ID and the amount of Stars used. (e) Usage and Activity Data. We log certain actions you take within the Service (such as signing in, creating an establishment, or making a payment) along with your IP address and browser type. We also maintain a log of changes made to your content for security and support purposes. (f) Communications. If you contact us via email ([email protected]), we may retain a record of that correspondence.
3. How We Use Your Information
We use the information we collect for the following purposes: (a) To provide, operate, and maintain the Service — including displaying your menu to customers, processing payments, and generating QR codes. (b) To authenticate you and manage your account — including sending one-time password (OTP) codes via email, verifying third-party sign-in data, and managing user sessions. (c) To process and manage subscriptions and payments — including verifying payment completion and managing subscription activation and expiry. (d) To communicate with you — including sending account-related notifications, responding to support inquiries, and notifying you of changes to the Service or these policies. (e) To improve and develop the Service — including analyzing usage patterns and trends in aggregate form. (f) To ensure the security and integrity of the Service — including detecting and preventing fraud, abuse, and unauthorized access, and maintaining security logs. (g) To comply with legal obligations — including retaining payment records for financial and tax compliance purposes.
4. Data Storage and Security
Your data is stored on secure servers using industry-standard infrastructure. Images you upload are stored using cloud storage services and delivered through a content delivery network for performance optimization. We implement reasonable technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include password hashing, encrypted sessions, cryptographic verification of third-party authentication data, and server-side access controls. However, no method of electronic storage or transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee its absolute security.
5. Third-Party Data Sharing
We share certain information with third-party service providers solely as necessary to operate the Service. We do not sell, rent, or trade your personal information to third parties for their marketing purposes. The categories of third parties we may share data with include: (a) Payment processors — to process your subscription payments. When you pay by card, your payment details are sent directly to the processor and never stored on our servers. (b) Telegram — the Service operates as a Telegram Mini App and supports sign-in via Telegram. When you authenticate or pay through Telegram, your Telegram user ID and transaction data are exchanged with Telegram's systems as required for those features to function. (c) Cloud hosting and storage providers — to host the Service, store your data, and deliver images you upload. (d) Email delivery services — to send one-time password codes and transactional notifications to your email address. (e) Legal and safety — we may disclose your information if required to do so by law, court order, or governmental regulation, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request.
6. Cookies and Tracking Technologies
We use only essential cookies that are strictly necessary for the Service to function: (a) Session Cookies — used to maintain your authenticated session. These cookies do not track you across other websites and are deleted when you log out or your session expires. (b) Local Storage — we store your display preferences (such as theme) in your browser's local storage. This data is not transmitted to our servers. We do not use advertising cookies, third-party tracking cookies, or analytics cookies. The Service loads the Telegram Web App SDK when you access the Service; this is required for Telegram Mini App functionality. Most browsers allow you to refuse or delete cookies through browser settings. However, disabling essential cookies may prevent you from using certain features of the Service, including staying signed in.
7. Data Retention
We retain your information for as long as necessary to provide the Service and fulfill the purposes described in this Privacy Policy: (a) Account Data — retained for as long as your account remains active. If you delete your account, we will delete or anonymize your personal data within a reasonable timeframe, except as noted below. (b) Restaurant Content — retained for as long as the establishment exists in your account. When you delete an establishment or individual items, the associated data is removed. (c) Payment Records — retained for the period required by applicable financial regulations and tax laws, even after account deletion. (d) Security Logs — retained for security and compliance purposes. These logs record factual events rather than the content itself. You may request deletion of your personal data by contacting us at [email protected]. We will respond to your request within a reasonable timeframe, subject to any legal obligations that require us to retain certain data.
8. Your Rights
Depending on your jurisdiction, you may have certain rights regarding your personal information, which may include: (a) Access — the right to request a copy of the personal data we hold about you. (b) Correction — the right to request that we correct inaccurate or incomplete personal data. (c) Deletion — the right to request that we delete your personal data, subject to legal retention requirements. (d) Data Portability — the right to receive your personal data in a structured, commonly used, and machine-readable format. (e) Withdrawal of Consent — where we rely on your consent to process data, the right to withdraw that consent at any time. To exercise any of these rights, contact us at [email protected]. We will verify your identity before processing your request and will respond within the timeframe required by applicable law. You will not be discriminated against for exercising your privacy rights.
9. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete such information. If you believe a child under 18 has provided us with personal data, please contact us at [email protected].
10. International Data Transfers
Your information may be stored and processed on servers located in various jurisdictions. By using the Service, you consent to the transfer of your information to servers that may be located outside your country of residence. We take steps to ensure that your data receives an adequate level of protection regardless of where it is processed.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Service, or applicable law. We will notify you of material changes by posting the updated Privacy Policy on this page, updating the "Last updated" date, and, where appropriate, providing notice through the Service or via email. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated Privacy Policy.
12. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at: [email protected]. We are committed to addressing your privacy concerns and will respond to inquiries within a reasonable timeframe.