Menoir — by Brahma Origins LLC
Privacy Policy
Effective Date: April 1, 2025
1. Introduction
Menoir ("we," "our," or "us") is a digital menu platform operated by Brahma Origins LLC, located at 3442 Warren Rd, Cleveland, Ohio, USA. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform at menoir.co, including our web application and QR-code-based digital menu services (collectively, the "Service").
By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use immediately.
2. Who This Policy Applies To
This policy applies to all individuals who interact with Menoir, including:
- Restaurant owners and authorized account holders who subscribe to the Service
- Restaurant staff and employees added to an account
- Diners and guests who scan a QR code to view a restaurant's digital menu
- Visitors to our website
3. Information We Collect
3.1 Information You Provide Directly
- Account registration: name, email address, phone number
- Business details: restaurant name, address, operating hours, menu content, logo, and images
- Payment information: billing details processed securely through Stripe — we do not store raw card numbers
- Communications: messages or support requests you send us
3.2 Information Collected Automatically
- Session and authentication tokens (essential cookies only — see Cookie Policy)
- Device type, browser type, and operating system for compatibility
- IP address and approximate geographic region for security and fraud prevention
- Usage logs: pages visited, features accessed, timestamps
3.3 Information About Diners
When a diner scans a QR code and views a digital menu, we collect minimal technical data (IP address, device/browser type, and page view logs) solely for service operation and analytics. We do not require diners to create accounts or submit personal information to view a menu.
4. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain the Service
- Process transactions and manage subscriptions
- Send transactional emails (account confirmations, invoices, subscription alerts)
- Provide customer support and respond to inquiries
- Detect, prevent, and address security incidents or fraud
- Improve and develop new features of the platform
- Comply with legal obligations
We do not sell your personal information to third parties. We do not use your data for targeted advertising.
5. How We Share Your Information
5.1 Amazon Web Services (AWS)
We use AWS for cloud infrastructure and file storage (S3). Your account data and uploaded media (menu images, logos) are stored on AWS servers. AWS processes data in accordance with its Data Processing Addendum and applicable data protection laws.
5.2 Stripe
Payments from US-based customers are processed through Stripe, Inc. Stripe may collect and process billing and payment information directly. Please review Stripe's Privacy Policy at stripe.com/privacy.
5.3 Legal Requirements
We may disclose your information if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of Menoir, our users, or the public.
5.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, user information may be transferred as part of that transaction. We will notify affected users via email or a prominent notice on our website.
6. Data Retention
We retain your personal data for as long as your account is active or as necessary to provide the Service. Upon account deletion, we will delete or anonymize your data within 90 days, except where retention is required by law (e.g., financial records). Menu view logs from diners are retained for up to 12 months for analytics purposes, then deleted.
7. Data Security
We implement industry-standard security measures including:
- Encrypted data transmission via HTTPS/TLS
- JWT-based authentication with token expiry
- Access controls limiting data access to authorized personnel only
- Regular security reviews
No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.
8. International Data Transfers
Brahma Origins LLC is registered in the United States. If you access our Service from outside the US, your information may be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.
9. Children's Privacy
The Service is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that a child under 13 has provided personal data, we will delete it promptly. If you believe a child has submitted data to us, contact us at legal@brahma.company.
10. Your Rights
Depending on your location, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data (subject to legal retention obligations)
- Object to or restrict processing of your data
- Data portability — receive a copy of your data in a machine-readable format
To exercise any of these rights, contact us at legal@brahma.company. We will respond within 30 days.
10.1 EEA/UK Users (GDPR)
If you are located in the European Economic Area (EEA) or United Kingdom, we process your personal data on the basis of our legitimate interests in providing the Service, the performance of our contract with you, and where required, your consent. You have the right to access, correct, delete, or restrict processing of your personal data by contacting us at legal@brahma.company.
10.2 California Residents (CCPA)
If you are a California resident, you have the right to know what personal information we collect, to request deletion of your personal information, and to opt out of the sale of your personal information. We do not sell your personal information. To exercise these rights, contact us at legal@brahma.company.
11. Cookies
We use only essential cookies necessary for authentication and session management. Please refer to our Cookie Policy for full details.
12. Third-Party Links
The Service may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their policies independently.
13. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on our website and updating the effective date. Continued use of the Service after changes constitutes acceptance.