Πολιτικές και όροι

Πολιτική Απορρήτου

legal.otherlang

Last updated: 6 July 2026.

This Privacy Policy explains how SeeTheMenu ("SeeTheMenu", "we", "us", "our") collects, uses, shares and protects personal data, and the rights you have under the EU General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and applicable Greek data protection law. We are committed to processing personal data lawfully, fairly and transparently.

1. Who we are (Data Controller)

The controller responsible for your personal data is:

  • SeeTheMenu, operated by Nikos Broikos, based in Athens, Greece
  • Contact for all privacy matters: info@seethemenu.online

We have not appointed a statutory Data Protection Officer, as we are not required to under Article 37 GDPR. Privacy enquiries are handled by our team at the address above.

2. Who this policy covers, and our two roles

This policy applies to: (a) account holders / subscribers (business owners and managers who create menus); (b) diners and visitors who view a menu via a QR code or use its features; and (c) people who contact us or whose enquiry reaches us as a lead.

Our role differs depending on the data:

  • For your account, billing and your use of the platform, and for our own website analytics and security, we are the controller.
  • For personal data that you (an account holder) choose to upload or collect about third parties through your menu (for example, if you place a member of staff's name or a customer's details in your content), you are the controller and we act as your processor under Article 28 GDPR. You are responsible for having a lawful basis for that data. A Data Processing Addendum is available on request at info@seethemenu.online.

3. Personal data we collect

We collect only what we need for the purposes described in section 4.

  • Account data: name, email address, a securely hashed password and, if you sign in with Google, your Google account identifier. We never see or store your Google password.
  • Billing data: subscription plan, billing country and (where applicable) VAT/tax identifiers, invoices and payment history, and identifiers issued by our payment processor (Stripe customer and subscription IDs). Card and bank details are entered directly with Stripe and are never stored on our servers.
  • Business and menu content: business name, and any address, menu items, descriptions, prices, photographs, logos, social links, currency and timezone that you add. This content may contain personal data if you choose to include it.
  • AI menu-assistant (chat) data: where an owner enables the diner chat, the messages a diner types. Before a message leaves the diner's browser and again on our server, we automatically redact detected emails, phone numbers and card-like numbers (for example name@example.com becomes xxx@example.com). We do not store the text of diner chat messages; we keep only anonymous counters (number of messages, tokens used) for abuse and cost control.
  • Menu-scan and import data: photographs or documents (PDF, Word, Excel, images) that an owner uploads so that our AI can turn them into a digital menu.
  • Website analytics: cookie-free, privacy-friendly usage data — the page viewed, referrer, UTM campaign tags, coarse device / browser / operating-system type, and language. Your IP address is never stored in raw form; it is converted into a salted hash that rotates monthly and cannot be reversed to identify you.
  • Contact and lead data: if you use our contact form or your enquiry reaches us through a Meta (Facebook/Instagram) lead advertisement, the name, email, phone number and message you provide.
  • Communications: emails and support messages you send us.
  • Technical and security logs: IP address, timestamps and request metadata, retained briefly for security, rate-limiting and fraud prevention.

4. Why we use your data, and our legal bases

We rely on the following legal bases under Article 6(1) GDPR:

  • To create and run your account and provide the service (menus, QR codes, translation, currency conversion, dashboard) — performance of a contract (Art. 6(1)(b)).
  • To take payment, manage subscriptions and issue invoicesperformance of a contract and compliance with a legal obligation (tax and accounting) (Art. 6(1)(b) and (c)).
  • To operate the AI menu assistant for a diner — the diner's consent, which they give by ticking the privacy box before chatting (Art. 6(1)(a)).
  • To run cookie-free analytics, secure the platform, prevent abuse and fraud, and improve the service — our legitimate interests (Art. 6(1)(f)), balanced against your rights; because analytics use no cookies and no raw identifiers, no consent banner is required.
  • To respond to contact-form enquiries and manage leadslegitimate interests and/or steps taken at your request prior to entering a contract; where a lead reaches us through a Meta lead form, on the basis of the consent you gave on that form (Art. 6(1)(a)/(b)/(f)).
  • To send service and transactional emails (verification, billing, security notices) — contract and legitimate interests.
  • To comply with the law and defend legal claimslegal obligation and legitimate interests.

Where we rely on consent, you may withdraw it at any time (section 10); this does not affect processing carried out before withdrawal.

5. AI-powered features and automated processing

SeeTheMenu uses AI service providers to power four optional features: the diner chat assistant, the "magic scan" that turns menu photos into a digital menu, document import, and automatic translation. When these features are used, the relevant content (a redacted chat message, an uploaded photo/document, or menu text) is sent to the AI providers listed in section 6 solely to produce the result, and is not used by us to build advertising profiles. Our providers are contractually bound not to train their models on our data through the business interfaces we use.

These features do not make decisions that produce legal or similarly significant effects about you within the meaning of Article 22 GDPR. AI-extracted menus and translations are presented to the owner for review before publishing, and the chat assistant provides menu suggestions only. The chat assistant does not give medical, allergen or dietary advice and will direct diners with allergies or dietary needs to ask staff directly.

6. Who we share data with (processors and recipients)

We do not sell, rent or trade your personal data. We share it only with trusted service providers ("sub-processors") who process it on our instructions and under a data processing agreement, and where required by law. Our key providers are:

  • Stripe — payment processing, subscriptions and tax calculation (billing data). United States / Ireland.
  • Google (Google Ireland / Google LLC) — "Sign in with Google" authentication, automatic translation, and the Gemini AI model used for menu scanning. United States / EU.
  • OpenAI — AI chat assistant, content moderation, document import and a fallback for menu scanning. United States.
  • Anthropic — AI translation and a fallback for content extraction. United States.
  • Meta Platforms — only where you submit an enquiry through a Facebook/Instagram lead advertisement. United States / Ireland.
  • Our hosting provider and email (SMTP) provider — to run the service and send transactional email.

We may also disclose data to professional advisers, or to authorities, where legally required or to establish, exercise or defend legal claims.

7. International data transfers

Some of the providers above are located in, or process data in, the United States. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards under Chapter V GDPR — principally the European Commission's Standard Contractual Clauses and, where the provider is certified, the EU–US Data Privacy Framework. You may request a copy of the relevant safeguards by emailing info@seethemenu.online.

8. How long we keep your data

  • Account and menu content: for as long as your account is active, and for a short period afterwards, then deleted or anonymised (unless we must keep it longer by law).
  • Billing and tax records: for the period required by Greek tax and accounting law (generally five (5) years).
  • Diner chat messages: not stored; only anonymous usage counters are kept.
  • Uploaded scan/import files: retained only as long as needed to produce the menu, then removed.
  • Cookie-free analytics: retained in aggregate; the IP hash rotates monthly so records cannot be linked to an individual over time.
  • Leads and contact messages: until the enquiry is resolved and any legitimate follow-up period ends, or until you ask us to delete them or withdraw consent.

9. How we protect your data

We use appropriate technical and organisational measures, including encryption in transit (HTTPS), password hashing, CSRF and rate-limiting protections, automatic redaction of personal data before it reaches AI providers, access controls, and audit logging. No method of transmission or storage is completely secure, but we work to protect your data and to detect and respond to incidents, including notifying you and the supervisory authority where the law requires.

10. Your rights

Subject to the conditions in the GDPR, you have the right to:

  • Access the personal data we hold about you (Art. 15);
  • Rectify inaccurate or incomplete data (Art. 16);
  • Erase your data ("right to be forgotten") (Art. 17);
  • Restrict processing (Art. 18);
  • Data portability — receive your data in a structured, machine-readable format (Art. 20). Account holders can export their data at any time from the dashboard;
  • Object to processing based on legitimate interests (Art. 21);
  • Withdraw consent at any time where processing is based on consent;
  • Not be subject to a decision based solely on automated processing that produces legal or similarly significant effects (Art. 22).

To exercise any right, email info@seethemenu.online. We will respond within one month (extendable by two further months for complex requests, as permitted by Article 12 GDPR). We may need to verify your identity first. Exercising your rights is free unless a request is manifestly unfounded or excessive.

11. Your right to complain

If you believe we have handled your personal data unlawfully, we would like the chance to resolve it — please contact us first. You also have the right to lodge a complaint with a supervisory authority, in particular the Greek authority:

  • Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα), Kifissias 1-3, 115 23 Athens, Greece — tel. +30 210 6475600 — www.dpa.gr.

If you are in another EU/EEA country, you may complain to your local data protection authority instead.

12. Children

The service is intended for businesses and is not directed at children. We do not knowingly collect personal data from children under the age of 15 (the age of digital consent in Greece under Article 8 GDPR; 16 in some other EU countries). If you believe a child has provided us personal data, contact us and we will delete it.

13. Third-party links

Our website and menus may contain links to third-party sites (for example a business's own social media). We are not responsible for the privacy practices of those sites; we encourage you to review their policies before sharing personal data.

14. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version on this page and change the "last updated" date; where changes are material, we will take reasonable steps to notify account holders. Please review it periodically.

15. Contact us

For any question about this Privacy Policy or your personal data, contact us at info@seethemenu.online.