Privacy Policy

We collect different types of information: **Account Data:** • Name and email (required for registration) • Password (stored encrypted) • Profile picture (optional) • Social login data (Google) **Establishment Data:** • Name, address, and contact information • Logo and images • Menu (categories, products, prices, descriptions) • Customization settings **Payment Data:** • Processed directly by Stripe • We do not store credit card numbers • We only keep subscription ID and plan status **Analytics Data:** • Menu views • Visitor device and browser • Approximate location (country/city) • Most viewed products

We use your data to: • Provide and maintain our services • Process payments and manage subscriptions • Send communications about your account • Provide analytics about your menu • Automatically translate your menu (using AWS Translate) • Improve our services and develop new features • Ensure security and prevent fraud • Comply with legal obligations We never use your data for third-party targeted advertising.

We share data only when necessary: **Service Providers:** • Stripe: payment processing • Amazon Web Services (AWS): hosting, image storage (S3), email sending (SES), and translation (Translate) • Vercel: application hosting **Legal Obligations:** • When required by law or court order • To protect our legal rights • In case of merger or acquisition (with prior notice) We never sell your personal data to third parties.

Your data is stored on secure servers: • Database hosted on secure cloud infrastructure • Images stored on Amazon S3 with encryption • Regular backups to ensure data recovery • Servers located primarily in the United States We implement technical and organizational security measures to protect your data against unauthorized access, loss, or destruction.

We use cookies for: **Essential Cookies:** • Maintain your login session • Remember language preferences • Ensure basic platform functionality **Analytics Cookies:** • Understand how you use our services • Improve user experience You can control cookies through browser settings, but this may affect some functionality.

We collect analytical data about visitors to your menu: • Number of views and unique visitors • Device type (mobile, tablet, desktop) • Browser and operating system • Country and city (based on IP, not exact location) • Most viewed and favorite products • Traffic source (QR code, direct link, social media) This data helps you better understand your customers and optimize your menu.

We use the following third-party services: **Stripe** (stripe.com) Payment processing. See Stripe's privacy policy. **Amazon Web Services** (aws.amazon.com) Hosting, storage, and automatic translation. **Google** (google.com) Authentication via Google Sign-In (when you choose this option). **Vercel** (vercel.com) Application hosting and CDN. We recommend you review these services' privacy policies.

Under LGPD and other data protection laws, you have the right to: • **Access**: Request a copy of the data we have about you • **Correction**: Correct incorrect or outdated data • **Deletion**: Request deletion of your personal data • **Portability**: Receive your data in structured format • **Revocation**: Withdraw consent at any time • **Opposition**: Object to processing of your data To exercise these rights, contact us at: info@smartmenu.cc

We implement robust security measures: • Encryption of data in transit (HTTPS/TLS) • Passwords stored with bcrypt hash • Role-based access control • Continuous security monitoring • Regular security updates • Secure authentication with JWT tokens Despite our efforts, no method of transmission over the internet is 100% secure. You are responsible for keeping your credentials secure.

Our services are not directed to individuals under 18 years of age. We do not knowingly collect data from minors. If you believe a minor has provided personal data, please contact us immediately so we can delete it.

Your data may be transferred and processed in countries outside Brazil, primarily in the United States (AWS and Vercel servers). We ensure these transfers are carried out with adequate protections, including standard contractual clauses and compliance with data protection regulations.

We retain your data while your account is active: • Account data: As long as you maintain an active account • Menu data: As long as the establishment is registered • Analytics data: For up to 24 months • Payment data: As required by law (generally 5 years) • Security logs: For up to 12 months After account termination, your data will be deleted within 90 days, except where retention is required by law.

We may update this Privacy Policy periodically. We will notify you of significant changes by: • Email to your registered address • Notice in your account dashboard • Informational banner on the website We recommend reviewing this policy regularly. Changes take effect after publication.

For questions about privacy and data protection: • Email: info@smartmenu.cc • Website: https://smartmenu.cc We will respond to requests within the applicable legal timeframe (generally up to 15 business days).