Privacy Policy

At BettterMenu OÜ (operating the AVAARA platform), we take the security and privacy of your data seriously. This Privacy Policy explains how we process personal data under the General Data Protection Regulation (GDPR) and applicable German and Estonian law. AVAARA is a trademark of BettterMenu OÜ.

1. Data Controller Identity

The Controller responsible for data processing on this platform is:

BettterMenu OÜ
Registry Code: 17401720 (Estonian Commercial Register / Äriregister)
Ahtri tn 12, Kesklinna linnaosa
Tallinn, Harju maakond, 15551
Republic of Estonia

Managing Director / CEO: Tushar Sood
Co-Founder & CTO: Abhigyan Gogoi
Privacy Inquiries: tusharsood@betttermenu.com
Phone: +49 173 936 7518

Roles. BettterMenu acts as:

• Data controller in respect of personal data of Business Customers (account, billing, communication data) and in respect of transient technical data of End-Users necessary for service delivery.
• Data processor in respect of any personal data that Business Customer uploads or causes to be processed through the Platform (for example, where Business Customer uses the Platform to manage reservations, loyalty programmes, or guest communications). Such processing is governed by an Auftragsverarbeitungsvertrag (AVV) concluded with Business Customer.

Lead supervisory authority. Under the GDPR one-stop-shop mechanism, our lead supervisory authority is the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon), www.aki.ee. Data subjects in Germany may also lodge complaints with their competent Landesdatenschutzbeauftragte.

2. Data We Process

We classify data we process by user category:

A. Business Customers (Vendors & Organisers)

To provide our software, we process standard business and personal information including name, business name, work email, billing records, and authentication data. This is collected for account management, subscription processing, support, and legally required invoicing.

B. End-Users (Guests)

When an End-User accesses a digital menu via QR code or direct URL, the following technical data is processed automatically to deliver the service requested:

• IP address - processed transiently for routing of HTTP requests; retained in truncated or hashed form for a maximum of seven (7) days for security logging and fraud prevention purposes.
• User-agent string - browser, device, and operating system type, processed to optimise display.
• Session identifier - stored client-side in the End-User's browser session storage only; not transmitted to or persisted in BettterMenu infrastructure; cleared when the browser session ends.
• Language preference - where the End-User actively selects a language, this preference may be stored client-side in localStorage for their convenience; no transmission to BettterMenu.
• Filter and dietary preference selections (including the "For You" personalisation feature) - processed exclusively client-side in the End-User's browser; not transmitted to or stored by BettterMenu.

Legal basis: the transient processing of IP address and user-agent is based on Art. 6(1)(f) GDPR (legitimate interest in secure and functional service delivery). Client-side storage on the End-User's device, where strictly necessary to deliver the service the End-User actively requested, falls within the exemption of § 25(2) no. 2 TDDDG and does not require consent.

What we do NOT do on End-User menu surfaces:

• No tracking cookies
• No advertising or marketing pixels (no Meta Pixel, no Google Ads tags)
• No cross-site fingerprinting
• No third-party analytics (no Google Analytics, no Hotjar, no similar)
• No cross-session personalisation profile of the End-User

Where Business Customer opts into aggregate menu usage analytics, BettterMenu provides such analytics on a server-side, aggregated, non-identifying basis (e.g., number of views per item, most-clicked items at the venue level), without placement of tracking technologies on the End-User's device.

3. Legal Basis for Processing

Processing activity	Data categories	Legal basis
Account creation and subscription management	Business and contact data	Art. 6(1)(b) GDPR (contract)
Invoicing and tax record-keeping	Billing data	Art. 6(1)(c) GDPR (legal obligation)
Service delivery to End-Users	IP, user-agent, session data	Art. 6(1)(f) GDPR (legitimate interest)
Communication with Business Customers	Contact data	Art. 6(1)(b) or (f) GDPR
AI-assisted content processing (on Customer instruction)	Customer Content, menu data	Art. 6(1)(b) GDPR (processor role)
Optional aggregated analytics	Non-identifying usage data	Art. 6(1)(f) GDPR
Fraud prevention and platform security	Technical and usage data	Art. 6(1)(f) GDPR
Marketing communications to Business Customers	Contact data	Art. 6(1)(f) GDPR with opt-out, or Art. 6(1)(a) GDPR
Compliance with legal obligations	As required	Art. 6(1)(c) GDPR
Product improvement & Feedback rewards	Email address, survey responses, star ratings	Art. 6(1)(a) GDPR (Explicit consent)
End-User (guest) feedback	Email address, survey responses, star ratings	Art. 6(1)(a) GDPR (Explicit consent)
Internal database management	Anonymised, aggregated menu item data (dish names, descriptions, allergen tags, dietary tags)	Art. 6(1)(f) GDPR (Legitimate interests)
Platform performance telemetry (e.g., aggregate scan counts, event traffic)	Non-identifying aggregate usage data	Art. 6(1)(f) GDPR (Legitimate interests — platform capacity and performance optimisation)

Feedback and Rewards Program: Intermittently, we may invite users to submit feedback to help us improve AVAARA. If you choose to participate, we process your submitted text, ratings, and provided email address strictly for product development and to distribute program rewards (such as merchandise or offers). We do not share this data with third parties or use it for marketing purposes. You may withdraw your consent at any time by contacting us.

Internal Database Management. BettterMenu uses anonymised, aggregated menu data — including dish names, item descriptions, allergen tag combinations, and dietary classifications — for internal database management and platform maintenance purposes. No personal data is involved in this processing. Data is handled in aggregated form only and cannot be traced back to any specific venue, vendor, or individual. The legal basis is Art. 6(1)(f) GDPR (legitimate interests) — specifically, BettterMenu's interest in maintaining a well-functioning and reliable platform. This data is not shared with any third party.

Guest Feedback. End-Users (guests who access menus by scanning a QR code) may optionally submit feedback about their experience and provide their email address to participate in our product improvement program. This is entirely voluntary — guests are never required to provide their email address to access any menu or platform feature. Where a guest chooses to submit feedback and provides their email, we process that data solely for internal product development purposes. We do not use guest email addresses for marketing, share them with third parties, or link them to any other data we hold. The legal basis for this processing is Art. 6(1)(a) GDPR (explicit consent), obtained at the point of submission. Guests may withdraw their consent and request deletion of their data at any time by contacting us at tusharsood@betttermenu.com.

3b. Event Vendors (Pre-Subscription)

Where a vendor accesses the AVAARA Platform via an Event Organizer invitation, BettterMenu OÜ processes the following personal data: name, email address, and business name, as provided by the Event Organizer or entered directly by the Event Vendor at the point of invite acceptance.

This data is processed solely for the purpose of creating and managing temporary event-scoped platform access, and is retained for the duration of the event plus a standard post-event period of ninety (90) days, after which it is deleted unless the Event Vendor has entered into a Vendor Pro subscription.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of a contract / steps prior to entering into a contract). BettterMenu OÜ does not use Event Vendor data for marketing purposes without separate consent.

Event Attendees (End-Guests). The AVAARA Platform does not collect, store, or process personal data from event attendees who scan QR codes to view menus. Guest-facing features such as dietary preference filters operate on a session-only basis with no persistent data storage and no user accounts required.

4. Sub-processors

BettterMenu does not sell or share personal data with third parties for marketing purposes. Data is transferred only to sub-processors necessary to technically run the Platform.

Sub-processor	Purpose	Location of processing	Transfer mechanism
Google Cloud EMEA Ltd / Google LLC (Firebase, Cloud)	Hosting, authentication, real-time database	EU regions (Frankfurt / Netherlands) preferred; fallback US	EU-US Data Privacy Framework + Standard Contractual Clauses
Google Cloud (Vertex AI / Gemini)	AI processing: menu extraction, description generation, allergen suggestion, image enhancement	EU regions where technically available	EU-US DPF + SCCs; Google contractually commits not to use customer data to train foundation models
DeepL SE (Cologne, Germany)	Machine translation of menu content	Germany, Finland (EU/EEA)	Intra-EU; DeepL Pro does not store translated texts after processing
Mollie B.V. (Amsterdam, NL)	Payment processing for subscriptions	Netherlands (EU/EEA)	Intra-EU; PCI DSS compliant
Usercentrics GmbH (Munich, Germany)	Cookie consent management (B2B portal only)	Germany (EU/EEA)	Intra-EU
BettterMenu OÜ engineering personnel based in India	Platform development, production debugging, incident response, technical support	India	EU Standard Contractual Clauses (Commission Decision 2021/914); Transfer Impact Assessment on file; role-based access controls; access logging

All sub-processors are bound by Data Processing Agreements (Auftragsverarbeitungsvertraege) under Art. 28 GDPR.

Business Customer may request a current sub-processor list and summary of the applicable Transfer Impact Assessment by email. BettterMenu will notify Business Customer at least thirty (30) days in advance of new sub-processors; Business Customer may object within fourteen (14) days on reasonable data protection grounds.

5. Data Retention

• Active account data (name, email, business info): retained for the duration of the subscription and deleted within 90 days of account termination, unless a legal retention obligation applies.
• Billing and invoice data: retained for 10 years after the end of the calendar year of the transaction, in compliance with § 147 AO (Germany) and Estonian accounting law.
• Aggregated analytics data: retained for up to 24 months; where data is fully anonymised (irreversible), it falls outside GDPR scope.
• Cookie consent records (B2B portal): retained for 12 months from date of consent.
• Security logs (truncated IP, access events): retained for up to 7 days in primary storage.
• AI-output confirmation audit logs: retained for 3 years for compliance and liability purposes.
• India engineering team access logs: retained for at least 12 months for security audit.
• Withdrawal and cancellation correspondence: retained for 3 years.
• Backups: retained for up to 30 days after deletion from primary systems.

6. Your Rights Under GDPR

You have the following rights with respect to your personal data:

• Right of access (Art. 15): obtain a copy of the personal data we hold about you.
• Right to rectification (Art. 16): request correction of inaccurate or incomplete data.
• Right to erasure (Art. 17): request deletion of your data, subject to legal retention obligations.
• Right to restriction of processing (Art. 18): request we restrict processing in specified circumstances.
• Right to data portability (Art. 20): receive your data in a structured, commonly used, machine-readable format.
• Right to object (Art. 21): object to processing based on legitimate interest.
• Right regarding automated decision-making (Art. 22): BettterMenu does not make decisions with legal or similarly significant effects on End-Users or Business Customers based solely on automated processing. AI-assisted features produce suggestions reviewed and confirmed by Business Customer before publication.
• Right to lodge a complaint (Art. 77): with the Estonian Data Protection Inspectorate (www.aki.ee) or your competent Landesdatenschutzbeauftragte in Germany.

To exercise these rights, contact tusharsood@betttermenu.com. We aim to respond within 30 days; under Art. 12(3) GDPR, we may extend the response time by up to two additional months for complex or numerous requests and will inform you of any extension within one month.

7. International Data Transfers

Personal data is processed within the European Economic Area (EEA) wherever technically feasible. The following transfers outside the EEA may occur:

United States. Hosting infrastructure (Google Cloud / Firebase) and AI processing (Google Vertex AI) may involve access by Google LLC personnel in the United States. Transfer is based on the EU-US Data Privacy Framework (adequacy decision of 10 July 2023) and, as a safeguard, EU Standard Contractual Clauses. Google contractually commits that Vertex AI customer data is not used to train foundation models.

India. BettterMenu's engineering team, based in India, has access to production systems for the purpose of platform development, debugging, incident response, and technical support. This access is necessary for the performance of the services. Transfer is based on EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914). BettterMenu has conducted a Transfer Impact Assessment in accordance with EDPB Recommendations 01/2020 and implements the following supplementary measures:

• Role-based access control with minimum-privilege principles
• Mandatory multi-factor authentication
• Logging and periodic audit of all production data access
• Pseudonymisation of personal data in engineering environments where technically feasible
• Confidentiality obligations binding on all personnel with access
• Contractual prohibition on onward transfer without written consent

A copy of the applicable SCCs and a summary of the Transfer Impact Assessment is available to Business Customers on written request.

In the event any adequacy decision referenced above is invalidated, BettterMenu will promptly implement alternative safeguards in accordance with GDPR Chapter V.

8. Cookies & Tracking (§ 25 TDDDG)

Guest-facing menu surface. In line with § 25 TDDDG, no non-essential cookies, tracking technologies, or fingerprinting scripts are set on End-User devices when accessing menus. Only storage strictly necessary to deliver the service requested (session-scoped technical identifiers, language preference actively selected by the End-User) is used, falling within § 25(2) no. 2 TDDDG. No consent banner is displayed to End-Users because no consent-requiring storage occurs. Where a guest voluntarily submits feedback and provides their email address via the Platform, this constitutes an active, consent-based interaction and is governed by the Guest Feedback section above; it does not affect the no-tracking nature of standard menu access.

B2B portal (Business Customer accounts). The B2B portal uses essential cookies required for authentication, security, and session management, which do not require consent. Non-essential analytics and functionality cookies are set only after Business Customer grants explicit consent via the Usercentrics consent management platform. Consent may be withdrawn at any time via the consent management interface.

9. Data Security (Art. 32 GDPR)

BettterMenu implements appropriate technical and organisational measures to protect personal data, including:

• Encryption in transit (TLS 1.2 or higher) and at rest for persistent data
• Role-based access control with mandatory multi-factor authentication
• Audit logging of administrative access and production data access
• Regular backups with defined retention
• Incident response procedures and defined breach notification workflow
• Periodic security reviews
• Employee confidentiality obligations

A summary of our Technical and Organisational Measures (TOM) is available to enterprise Business Customers on request.

10. Data Breach Notification

In the event of a personal data breach, BettterMenu will notify the competent supervisory authority within 72 hours of becoming aware of the breach, pursuant to Art. 33 GDPR. Where the breach is likely to result in a high risk to the rights and freedoms of data subjects, affected individuals will be notified pursuant to Art. 34 GDPR. For Business Customers acting as controllers whose data we process, notification will occur without undue delay in accordance with the applicable AVV.

11. Children

The Platform is not directed at children. BettterMenu does not knowingly process personal data of children under 16 without parental or legal guardian authorisation in accordance with Art. 8 GDPR and applicable national law.

12. Data Protection Officer

BettterMenu has assessed its obligation under Art. 37 GDPR. A formal Data Protection Officer is not currently mandatory based on the nature, scope, and purposes of our processing. Our internal privacy contact is Tushar Sood, reachable at tusharsood@betttermenu.com.

13. Changes to this Privacy Policy

Material changes to this Privacy Policy will be communicated to Business Customers at least 30 days in advance via email or in-platform notice. The "Last Updated" date at the top of this page reflects the most recent revision.