Privacy Policy

Last updated: July 2026

This is a draft pending legal review and may change before launch.

This policy explains what data Almenu collects, why, and how we protect it. It is written to align with Saudi Arabia's Personal Data Protection Law (PDPL).

1. Data we collect

Account data (your name, email, and restaurant details); menu content you create; order data (including a diner's name and table number when they order); and usage analytics. Diners are not required to create an account to view a menu or order.

2. How we use your data

To operate and secure the service: showing your menu, processing and displaying orders, powering the AI assistant on your menu, generating your reports, and improving reliability. We do not sell your personal data.

3. Processors we rely on

We use Cloudflare for hosting, storage, and AI inference; Moyasar to process payments when you enable online payments; and, when configured, Google Fonts and analytics. These processors handle data only to provide their service to us.

4. Data retention

We keep your data for as long as your account is active. You can request export or deletion; on account closure we delete or anonymise personal data within a reasonable period, except where we must retain records to meet a legal obligation.

5. Your rights

Under PDPL you may request access to, correction of, or deletion of your personal data, and you may object to certain processing. Contact us to exercise these rights and we will respond within the period the law requires.

6. Data security

Passwords are hashed, sessions are signed, and data is transmitted over encrypted connections. No system is perfectly secure, but we design tenancy so one restaurant can never read another's data.

7. Changes to this policy

We may update this policy as the product evolves or the law changes. We'll update the date above and, for material changes, notify account owners.

Questions about this policy? Contact us at hello@almenu.ai.