Privacy Policy

1. About this policy

Table Menu Inc. (“Table Menu,” “we,” “us”) operates tablemenu.app and the ordering, loyalty, kitchen-display, and payments software delivered under it (the “Service”). This policy explains how we collect, use, disclose, and protect personal information in accordance with Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), S.C. 2000, c. 5, and its ten Fair Information Principles (Schedule 1).

The Service has two distinct groups of users:

• Operators - restaurant owners and staff who subscribe to Table Menu to power their ordering and loyalty programs.
• Guests - diners who use a QR-code menu or loyalty program at a restaurant powered by Table Menu.

Operators accept this policy when they create a Table Menu account. Guests are presented with notice at the point of data collection.

2. Accountability (PIPEDA Principle 1)

Table Menu Inc. is responsible for personal information under its control. Our Privacy Officer oversees compliance with this policy and PIPEDA. Contact information for the Privacy Officer is at tablemenu.app/legal/privacy-officer and at the bottom of this page.

When we transfer personal information to third-party processors (see Section 6), we enter into data processing agreements that require those processors to protect the information to a standard at least equivalent to our obligations under PIPEDA (PIPEDA Principle 4.1.3).

Operators using Table Menu are themselves responsible for their guests' personal information under PIPEDA. Table Menu acts as a service provider to operators. Operators must ensure their own PIPEDA obligations are met, including providing appropriate notice to their guests.

3. Why we collect personal information (PIPEDA Principle 2)

We identify the purpose before or at the time of collection. We collect personal information only for the purposes described below.

For Guests:

• Phone number - to send a one-time SMS verification code confirming you own the number before enrolling in a loyalty program.
• First name, last name - to personalize your digital loyalty card (Apple Wallet or Google Wallet pass) and to address service communications.
• SMS consent - to record your agreement to receive transactional SMS from the restaurant's loyalty program.
• Stamp and order history - to track your progress toward rewards and to support the restaurant's accounting obligations.
• Table identifier and order details - to route your order to the kitchen and to generate an accurate bill.

For Operators:

• Email address - for account authentication, billing, and service communications.
• Business name and address - to configure your branded ordering experience and for billing records.
• Billing and payment information - to process your subscription fee via Stripe.
• POS integration credentials - to connect Table Menu to your point-of-sale system (Clover) on your behalf.

4. Consent (PIPEDA Principle 3)

We rely on the following bases for consent:

• Guests - express consent for loyalty enrollment. The loyalty enrollment screen presents a clear notice identifying what information is collected, why, and that it will be shared with Twilio (United States) for SMS delivery. Guests must actively submit the form to enroll.
• Guests - implied consent for order processing. By placing an order through a QR-menu table, guests imply consent to the collection of table ID, order items, and the associated processing necessary to fulfill the order.
• Operators - express consent at account creation. Operators accept this privacy policy when creating a Table Menu account and again at the point of each third-party integration (Clover, Stripe) by completing the respective OAuth or checkout flows.

Guests may withdraw consent for loyalty program participation at any time by submitting a deletion request to privacy@tablemenu.app or directly to the restaurant operator. Withdrawal does not affect order records required for accounting (see Section 8).

5. Limiting collection (PIPEDA Principle 4)

We collect only the personal information necessary to fulfill the identified purposes. Specifically:

• Guests can browse a menu and place an order without creating an account or providing a phone number. Phone collection occurs only at loyalty enrollment.
• Payment card data (card number, CVV) is never transmitted to or stored by Table Menu. Card data is tokenized directly by Stripe or Clover in the guest's browser. Table Menu receives only a payment token.
• Phone numbers in security audit logs are one-way hashed and are not stored in plaintext in log records.

6. Use, disclosure, and cross-border transfers (PIPEDA Principles 5 and 8)

We do not sell personal information. We do not use personal information for advertising or marketing purposes. We use personal information only for the purposes identified in Section 3, unless we have your consent for a new purpose or are required by law.

We disclose personal information to the third-party service providers listed at tablemenu.app/legal/subprocessors. Several processors are based in the United States. By using the Service, you acknowledge that your personal information may be transferred to and processed in the United States, where it may be accessible to US authorities under applicable US laws. We require each processor to enter into a data processing agreement that imposes protections comparable to PIPEDA (Principle 4.1.3).

7. Accuracy (PIPEDA Principle 6)

We keep personal information accurate, complete, and up to date as necessary for the purposes for which it is used. Operators can update their account information at any time through the admin portal. Guests can request correction of inaccurate loyalty profile information by contacting us at privacy@tablemenu.app.

8. Retention and disposal (PIPEDA Principle 5)

We retain personal information only as long as necessary for the identified purposes or as required by law.

• Order records (table ID, order items, totals) - 7 years from the transaction date to meet CRA and HST accounting requirements.
• Loyalty member profiles (phone, name, stamps) - retained while the loyalty account is active and for 3 years of inactivity, then deleted on the next scheduled purge.
• Security and audit logs - 2 years, then purged. Phone numbers in these logs are stored only as one-way hashes.
• Operator account data - retained for the life of the subscription and for 7 years after account closure for accounting purposes.
• Wallet pass device tokens - deleted within 30 days of the guest unregistering their pass or the loyalty account being deleted.

When an operator closes their Table Menu account, all of their data and their guests' data held by Table Menu is deleted within 30 days, except for records we are legally required to retain.

9. Safeguards (PIPEDA Principle 7)

We use physical, administrative, and technical safeguards appropriate to the sensitivity of the personal information we hold.

• All data is encrypted in transit using TLS 1.2 or higher.
• All data is encrypted at rest in our Supabase PostgreSQL database (AES-256).
• Database access is protected by row-level security policies that prevent one restaurant's data from being accessed by another.
• Admin passwords and staff PINs are hashed using scrypt before storage and are never stored in plaintext.
• Payment card data is never transmitted to Table Menu servers. Cards are tokenized by Stripe or Clover directly in the guest's browser.
• Production system access is restricted to named engineers. Administrative actions are recorded in an audit log.
• We review and test our security controls on an ongoing basis.

10. Openness (PIPEDA Principle 8)

This privacy policy is publicly available at tablemenu.app/legal/privacy. We notify operators of material changes to this policy by email to the address on file at least 30 days before the changes take effect. We notify guests of material changes by posting a prominent notice on the Service.

11. Individual access and correction (PIPEDA Principle 9)

Under PIPEDA you have the right to:

• Know what personal information we hold about you.
• Know how it has been used and to whom it has been disclosed.
• Challenge the accuracy and completeness of your information and have it corrected.

To make an access or correction request, visit tablemenu.app/legal/privacy-officer or email privacy@tablemenu.app. We will respond within 30 days of receiving a complete request.

Guests: because your personal information is held by both Table Menu and the restaurant operator, you may also direct your request to the operator. We will assist operators in responding to guest requests about data we process on their behalf.

12. Challenging compliance (PIPEDA Principle 10)

If you have a question or complaint about how we handle personal information, contact our Privacy Officer first: privacy@tablemenu.app. We respond within 10 business days for complaints, within 30 days for access requests.

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada (OPC): 30 Victoria Street, Gatineau, Quebec K1A 1H3. Toll-free 1-800-282-1376. priv.gc.ca.

13. Cookies and similar technologies

Table Menu uses cookies and similar technologies strictly for:

• Session management - a secure, HTTP-only session cookie authenticates admin and staff users.
• Tenant routing - a cookie identifies which restaurant's configuration to load for a given browser session.
• Loyalty customer token - a short-lived HTTP-only cookie (15-minute TTL) authenticates the guest to their loyalty record after SMS verification.

We do not use third-party advertising cookies or cross-site tracking cookies. We do not run behavioural advertising programs.

14. Contact

Privacy Officer: privacy@tablemenu.app
General inquiries: hello@tablemenu.app
Full Privacy Officer contact and request forms: tablemenu.app/legal/privacy-officer