Privacy Policy

aimaitred is an AI-powered restaurant menu and hospitality platform operated by the companies listed under “Companies & registered offices” below. Depending on your region, the relevant company acts as the data controller (for guest data, the venue is usually the controller and we act as processor).

Venue accounts: name, email, password (hashed), venue details, billing information and the menu/operational content you upload.

Guests: we deliberately require no guest accounts. We store a device session identifier, your chosen language, and the dietary and allergen preferences you select, so the menu can be personalised. If you place an order, we store the items, quantities and table reference.

Technical data: IP address, device and browser type, and basic usage analytics needed to run and secure the service.

We do not process card or bank details for guests: payment is settled in person at the venue.

•To provide the menu, ordering, bill-splitting, AI waiter and venue-management features.

•To personalise the menu to your language, diet and allergen choices.

•To operate, secure, debug and improve the service.

•To send transactional emails (e.g. receipts, reservation reminders) and, to venues, service notices.

•To comply with legal obligations.

Where the GDPR applies we rely on: performance of a contract (providing the service), legitimate interests (security, improvement, fraud prevention), consent (where required, e.g. non-essential analytics), and legal obligation.

We share data only with vetted providers acting on our instructions: cloud hosting and database (Supabase, Vercel), AI processing (OpenAI), and transactional email (Resend). We do not sell personal data. We may disclose data where required by law.

We use strictly necessary local storage to remember your device session, language and theme. We do not use third-party advertising cookies.

Guest order data is retained only as long as needed to operate the venue’s service and meet legal/accounting duties, then deleted or anonymised. Venue account data is kept for the life of the account and a limited period afterwards.

Data may be processed in the UK, EU and the United States. Where data leaves your region we rely on appropriate safeguards such as Standard Contractual Clauses.

Subject to your local law (including the EU/UK GDPR and, in Colombia, Law 1581 of 2012 on Habeas Data), you may request access, correction, deletion, restriction, portability, and object to certain processing. You may also lodge a complaint with your supervisory authority.

To exercise any right, contact us at office@aimaitred.com.

The service is intended for use by adults and venue staff. It is not directed at children, and we do not knowingly collect data from children.

We use encryption in transit, access controls and row-level security. No system is perfectly secure, but we work to protect your data and to notify the relevant parties of any breach as required by law.

We may update this policy. Material changes will be reflected by the “Last updated” date above and, where appropriate, notified to venues.