MenuForge
← Home

Privacy Policy

Last updated: [DATE]

This Privacy Policy explains how [LEGAL ENTITY NAME] ("MenuForge", "we", "us") collects, uses, and protects personal data when you use MenuForge (the "Service"). We process personal data in accordance with the Personal Data Protection Law of the Sultanate of Oman (Royal Decree No. 6/2022) and its executive regulations ("PDPL").

1. Data controller

[LEGAL ENTITY NAME], commercial registration no. [CR NUMBER], [REGISTERED ADDRESS], Sultanate of Oman, is the controller of personal data processed through your MenuForge account. For privacy enquiries, contact: [CONTACT EMAIL].

2. Data we collect

  • Account data: name, email, phone number, and login credentials.
  • Restaurant data: business name, logo, address, menu items, prices, and operating details you provide.
  • Order and customer data: order details and any customer contact information (such as phone numbers) submitted through your storefront.
  • Usage and technical data: IP address, device and browser information, and activity logs generated when you use the Service.

3. How and why we use data (lawful basis)

We process personal data to:

  • provide and operate the Service and your storefront (performance of contract);
  • process subscriptions and payments (performance of contract / legal obligation);
  • secure the Service, prevent fraud, and maintain logs (legitimate interest / legal obligation);
  • communicate with you about your account and important changes (performance of contract);
  • comply with Omani law and respond to lawful requests (legal obligation);
  • send marketing only where you have consented, which you may withdraw at any time (consent).

4. Roles for storefront customer data

For personal data of your storefront's end customers, the restaurant owner is the controller and MenuForge acts as a processor, handling that data only to operate the Service on the owner's behalf.

5. Data storage and residency

We host MenuForge on our self-managed infrastructure. Personal data is stored within the Sultanate of Oman. We do not transfer personal data outside Oman except where strictly necessary and permitted under the PDPL, and subject to appropriate safeguards. Where a third-party service is used (such as a payment gateway), only the data needed for that purpose is shared.

6. Sharing data

We do not sell personal data. We share it only with: service providers acting on our instructions (for example, payment processing via Thawani); parties you direct us to share with (for example, sending an order via WhatsApp); and authorities where required by law.

7. Retention

We keep personal data only as long as needed to provide the Service and to meet legal and accounting obligations. When data is no longer needed, we delete or anonymise it. On account closure, we delete account data after a reasonable retention period unless retention is legally required.

8. Security

We apply technical and organisational measures to protect personal data, including access controls, encryption in transit, row-level access restrictions, and regular security review. No system is completely secure, but we work to reduce risk and respond to incidents.

9. Your rights under the PDPL

Subject to the PDPL, you have the right to: be informed about processing; access your personal data; request correction of inaccurate data; request deletion; object to or restrict certain processing; and withdraw consent where processing is based on consent. To exercise these rights, contact [CONTACT EMAIL]. You also have the right to lodge a complaint with the competent Omani data protection authority.

10. Cookies

We use only essential cookies needed to keep you signed in and to operate the Service. We do not use them for third-party advertising.

11. Children

The Service is intended for businesses and is not directed at children. We do not knowingly collect personal data from children.

12. Changes

We may update this Policy. We will post the updated version with a new "last updated" date and notify you of material changes where appropriate.

13. Contact

Privacy enquiries and rights requests: [CONTACT EMAIL] — [LEGAL ENTITY NAME], [REGISTERED ADDRESS], Sultanate of Oman.