Privacy Policy

MenuVivid is a SaaS platform providing digital QR code menus, 3D AR dish visualization, and restaurant analytics. The platform is operated by Connext Agency, a company registered in Morocco.

• Operator: Connext Agency
• Brand: MenuVivid
• Country: Morocco
• Email: contact@menuvivid.com
• Phone: +212 638 380 057
• Website: menuvivid.com

We collect only what is necessary to provide and improve our services.

• Restaurant owners (account holders): full name, email address, phone number, business name, restaurant address, subscription plan
• Platform usage data: login activity, QR scan counts, menu views, AR interaction metrics, feature usage analytics
• Website visitors (menuvivid.com): browser type, device type, pages visited, referral source — collected via Vercel Analytics (privacy-friendly, no cookies, no personal identifiers)
• Payment information: processed entirely by Lemon Squeezy and Stripe — MenuVivid never stores, accesses, or processes card numbers, CVVs, or bank details

We use the data we collect for these specific purposes:

• Deliver, maintain, and improve MenuVivid services and features
• Process subscriptions, invoicing, and billing communications
• Send essential product updates, security alerts, and service notifications
• Provide customer support via email and live chat
• Generate anonymized, aggregated analytics (QR scan trends, AR engagement rates) to improve the platform
• Comply with legal and regulatory obligations

We do not use your data for advertising, data brokering, or profiling. We will never sell your personal information to third parties.

We share your data only with trusted service providers necessary to operate MenuVivid. Each sub-processor is bound by data processing agreements.

• Supabase — database hosting (EU servers, SOC 2 Type II compliant)
• Vercel — web hosting and deployment (US/EU edge network)
• Lemon Squeezy — payment processing (PCI DSS compliant, Merchant of Record)
• Stripe — payment processing (PCI DSS Level 1 compliant)
• Tidio — live chat support (GDPR compliant, EU data processing)
• Cloudflare — CDN and DDoS protection (global network)

We do not share data with advertisers, data brokers, or any party beyond what is listed above.

We process personal data under the following legal bases:

• Contract performance — to deliver the services you subscribed to
• Legitimate interest — to improve our platform, prevent fraud, and ensure security
• Legal obligation — to comply with tax, accounting, and regulatory requirements
• Consent — for optional marketing communications (you can opt out at any time)

MenuVivid is committed to data protection under both the EU General Data Protection Regulation (GDPR) and Moroccan Law No. 09-08 on the Protection of Individuals with Regard to the Processing of Personal Data.

If you are an EU/EEA resident, you have the right to:

• Access your personal data
• Rectify inaccurate data
• Request erasure of your data (right to be forgotten)
• Restrict or object to processing
• Data portability (receive your data in a structured format)
• Lodge a complaint with your local supervisory authority

If you are a Moroccan resident, your rights are protected under Law 09-08 and enforced by the CNDP (Commission Nationale de contrôle de la protection des Données à caractère Personnel).

To exercise any of these rights, contact us at privacy@menuvivid.com. We will respond within 30 days.

We use minimal, essential cookies only:

• Session cookie — to keep you logged in (strictly necessary)
• Theme preference — to remember your light/dark mode choice (functional)
• Currency preference — to remember your selected currency (functional)

We do not use any third-party advertising cookies, retargeting pixels, or cross-site tracking technologies. Vercel Analytics is cookie-free and collects no personal identifiers.

Your data may be processed in countries outside Morocco, including the United States and EU member states, through our sub-processors listed above. When data is transferred internationally, we ensure appropriate safeguards are in place through standard contractual clauses (SCCs) or adequacy decisions recognized by the European Commission and Moroccan CNDP.

We retain your data only as long as necessary:

• Active accounts — data is maintained for the duration of your subscription
• Cancelled accounts — personal data is deleted within 90 days of account deletion request
• Billing and tax records — retained for 7 years as required by Moroccan commercial law and EU tax regulations
• Support conversations — retained for 12 months after resolution, then anonymized
• Website analytics — aggregated and anonymized, retained indefinitely

We implement industry-standard security practices to protect your data:

• Encryption at rest (AES-256) and in transit (TLS 1.3)
• Supabase Row Level Security (RLS) enforced on all database tables
• Secure authentication with hashed passwords and session tokens
• Regular dependency audits and vulnerability scanning
• Access controls — only authorized team members can access production data
• DDoS protection via Cloudflare

If you discover a security vulnerability, please report it immediately to security@menuvivid.com.

MenuVivid is a business-to-business service designed for restaurant operators. We do not knowingly collect personal information from anyone under the age of 16. If we learn that a child under 16 has provided us with personal data, we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. Material changes will be communicated via email to account holders and updated on this page with a new effective date. Continued use of MenuVivid after changes constitutes acceptance of the updated policy.

For any privacy-related questions, data access requests, or to exercise your rights:

• Privacy inquiries: privacy@menuvivid.com
• General support: contact@menuvivid.com
• Phone: +212 638 380 057
• Operator: Connext Agency, Morocco

We aim to respond to all data protection requests within 30 days.