Privacy Policy

WebMenu serves two groups of users with different data footprints:

• Restaurant account holders (“operators”) who sign up to build a digital menu.
• Diners who scan a QR code to browse a published menu. Diners do not create an account.

From restaurant account holders

• Account details: email address, display name, and a password you set. Passwords are never stored in plaintext — they are hashed with PBKDF2 (SHA-256, 100,000 iterations, random salt).
• Email verification & password reset tokens: time-limited tokens we email to you to confirm your address or reset your password.
• Business profile: the content you choose to upload — venue name, slug, logo, accent color, currency, phone number, address, menu categories, items, prices, photos, and dietary tags.
• Session records: a login session row tied to the device you use to sign in.

From diners

• Anonymous ratings: when a diner submits a 1–5 star rating, we store the rating value and a short-lived cookie that prevents the same device from rating the same dish multiple times. We do not ask for a name, email, or other identifier.
• Cloudflare Turnstile tokens: to prevent spam on ratings we verify each submission with Cloudflare Turnstile. The token itself is used once at submission time and is not retained.

Automatically collected

• IP address & request metadata: used in memory to enforce rate limits on login, signup, password reset, and rating endpoints. We do not persist IP addresses to our database.
• Standard web server logs (processed by Cloudflare) for security and debugging.

• To provide the service — authentication, storing your menu, rendering public pages, generating QR codes.
• To deliver transactional email (account verification, password reset).
• To aggregate anonymous ratings into per-dish averages shown on the public menu.
• To detect and prevent abuse, spam, and unauthorized access.
• To communicate service announcements or operational changes.

We do not sell your personal data. We do not run third-party advertising trackers on the app.

WebMenu sets a small number of first-party cookies:

• session_id — identifies a logged-in operator session. HttpOnly, Secure, SameSite=Lax. Expires after 30 days or on logout.
• A short-lived rating deduplication cookie on public menu pages to prevent repeat ratings of the same dish from the same device.

Cloudflare Turnstile may set its own cookies on rating submissions to validate that a request is not automated. See Cloudflare’s privacy policy for details.

WebMenu relies on a small set of sub-processors. We share only what each one needs to function:

• Cloudflare — hosting (Cloudflare Pages / Workers), database (D1), object storage (R2) for uploaded images, and bot protection (Turnstile).
• Resend — transactional email delivery for account verification and password reset.

These providers may process data in jurisdictions outside the Maldives. We choose providers that publish security and privacy documentation, and we pass them the minimum data required.

• Account and venue data is retained for as long as your account is active. If you delete your account, the associated tenant, venues, menus, and uploaded images are removed within a reasonable period.
• Login sessions expire after 30 days or when you log out. All sessions for a user are invalidated when that user resets their password.
• Password reset and email verification tokens are time-limited and consumed on use.
• Ratings are anonymous and are retained for the lifetime of the corresponding menu item. Operators and admins may reset ratings for a venue at any time.
• Rate-limit counters live only in memory and are never persisted.

• Passwords are stored as salted PBKDF2 hashes; the original password is never known to us.
• Password comparison uses constant-time equality to prevent timing attacks.
• Authentication endpoints are rate-limited to blunt brute-force attacks.
• Session cookies are HttpOnly, Secure, and SameSite=Lax.
• All traffic is served over HTTPS via Cloudflare.

No system is perfectly secure. If you believe your account has been compromised, contact us immediately at support@webmv.info.

Subject to applicable law, you may request to:

• Access a copy of the personal data we hold about you.
• Correct inaccurate information.
• Delete your account and associated data.
• Withdraw consent to email marketing (we currently only send transactional email).

To exercise any of these rights, email support@webmv.info from the address associated with your account.

WebMenu is not directed to children under 13, and we do not knowingly collect personal information from children. If you believe a child has created an account, please contact us to have it removed.

We may update this Privacy Policy to reflect changes to our service or legal obligations. Material changes will be communicated by updating the “Last updated” date and, when appropriate, by an email to account holders. Continued use of the service after changes take effect constitutes acceptance of the revised policy.

Questions about this Privacy Policy or our data practices can be directed to support@webmv.info.