Privacy Policy

Welcome to YUMM AI ("we," "our," or "us"). We are committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

2.1 Information You Provide

• Account Information: Name, email address, phone number, and company name
• Payment Information: Processed securely through Stripe (we do not store credit card details)
• Menu Content: Restaurant menus, menu items, descriptions, prices, dietary information, and allergen data
• Branding Assets: Logos and images you upload for branded QR codes

2.2 Automatically Collected Information

• Usage Data: QR code scans, menu views, language preferences, and analytics
• Device Information: Browser type, operating system, IP address
• Cookies: We use cookies to maintain sessions and improve user experience (see our Cookie Policy)

We use the information we collect to:

• Provide, maintain, and improve our services
• Process your transactions and send payment confirmations
• Generate multilingual menu translations
• Create and deliver QR codes
• Provide analytics and insights about your menu performance
• Send service updates, security alerts, and support messages
• Respond to your inquiries and provide customer support
• Detect and prevent fraud, abuse, and security incidents
• Comply with legal obligations

4.1 We Share Your Information With:

• Service Providers: AWS (hosting), Stripe (payments), Cloudflare (security and CDN)
• Translation Services: Third-party AI services for menu translations (data is anonymized)
• Legal Requirements: When required by law or to protect our rights

4.2 We Do NOT:

• Sell your personal information to third parties
• Train AI models on your proprietary menu data
• Share your data with advertisers
• Use your data for purposes beyond providing our service

We implement industry-standard security measures to protect your data:

• Encryption: All data is encrypted in transit (SSL/TLS) and at rest
• Access Controls: Strict role-based access controls and authentication
• Infrastructure: Secure hosting on AWS with DDoS protection via Cloudflare
• Monitoring: Continuous security monitoring and automated backups
• CAPTCHA Protection: Cloudflare Turnstile on all public forms to prevent bot attacks

We retain your information for as long as your account is active or as needed to provide services. You may request deletion of your account and data at any time by contacting us. Upon deletion:

• Your menu data and personal information will be permanently deleted within 30 days
• Backup copies will be deleted according to our backup retention schedule (90 days)
• Some data may be retained for legal, accounting, or security purposes

Depending on your location, you may have the following rights:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your personal data
• Export: Receive your data in a machine-readable format
• Opt-Out: Unsubscribe from marketing communications
• Object: Object to certain processing of your data

If you are in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your data in accordance with the General Data Protection Regulation (GDPR). Our legal basis for processing includes:

• Contract: Processing necessary to provide our service
• Legitimate Interest: Improving our service and preventing fraud
• Consent: For marketing communications (you can withdraw anytime)
• Legal Obligation: When required by law

Our service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place to protect your data in accordance with this Privacy Policy and applicable law.

We may update this Privacy Policy from time to time. We will notify you of significant changes by posting a notice on our website or sending you an email. Continued use of our service after changes constitutes acceptance of the updated policy.

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us: