Last updated: May 2026

Privacy Policy

MenuMatrix ("we", "us", "our") is committed to protecting the personal data of our customers and their staff. This Privacy Policy explains what data we collect, why we collect it, how we use it, and your rights under UK GDPR.

    MenuMatrix is the Data Controller for data collected through our platform. We process data on behalf of venue operators under separate Data Processing Agreements.
  

1. Who We Are

MenuMatrix is a UK-based SaaS platform providing allergen compliance and HACCP management tools for the hospitality sector. Our platform is available at menumatrix.co.uk and menumatrix.glide.page.

Data Controller contact: hello@menumatrix.io

2. What Data We Collect

We collect the following categories of personal data:

Account data: Name, email address, role (manager/chef/FOH)
Venue data: Venue name, address, owner name, contact details
Operational data: Dish information, allergen declarations, HACCP plans, temperature logs, staff training records
Allergen conversation logs: Table reference, staff member name, allergens declared by guests, time and date
Billing data: Stripe customer ID, subscription status (we do not store full card details)

3. Lawful Basis for Processing

We process personal data under the following lawful bases (UK GDPR Article 6):

Contract performance — to deliver the MenuMatrix service to venue operators
Legal obligation — to support compliance with Food Information Regulations 2014 and Owen's Law
Legitimate interests — to improve our platform and ensure service reliability

4. How We Use Your Data

To provide and maintain the MenuMatrix platform
To generate AI-powered HACCP plans using anonymised dish data
To send compliance alerts and training expiry notifications
To process subscription payments via Stripe
To respond to support requests
To comply with legal obligations

5. Data Retention

Allergen conversation logs: 3 years minimum (regulatory requirement)
HACCP plans and temperature logs: 3 years minimum
Staff training records: Duration of employment + 1 year
Billing records: 7 years (financial record obligation)
Account data: Duration of subscription + 30 days after cancellation

6. Third-Party Processors

We use the following third-party services to deliver MenuMatrix:

Airtable — database (US-based, Standard Contractual Clauses apply)
Glide — app interface (US-based, Standard Contractual Clauses apply)
Make.com — automation (EU-based, Czech Republic)
Anthropic — AI HACCP generation (US-based, Standard Contractual Clauses apply)
Stripe — payment processing (US/IE-based)
Dropbox — weekly backup storage
APITemplate.io — PDF generation (EU-based)

7. International Data Transfers

Some of our third-party processors are based outside the UK. Where data is transferred internationally, we ensure appropriate safeguards are in place including Standard Contractual Clauses (SCCs) and UK International Data Transfer Agreements (IDTAs) as required.

8. Your Rights

Under UK GDPR, you have the right to:

Access the personal data we hold about you
Rectify inaccurate personal data
Erasure of your personal data (right to be forgotten)
Restrict or object to processing
Data portability
Lodge a complaint with the ICO (ico.org.uk)

To exercise any of these rights, contact us at hello@menumatrix.io.

9. Cookies

MenuMatrix does not use tracking cookies or third-party analytics on its platform. Our Glide-based app may use functional cookies necessary for authentication and session management only.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active subscribers of material changes by email. Continued use of the platform after changes constitutes acceptance of the updated policy.

11. Contact

For any privacy-related queries, contact our Data Controller at:
hello@menumatrix.io
menumatrix.co.uk