We keep it small, on purpose.

Crumb is a digital menu platform operated by Aleksandar Opsenica (sole trader), trading as Crumb. If you scanned a QR code at a restaurant, the menu you’re reading is served by us on behalf of that restaurant. The restaurant is the data controller for menu content; we act as a processor for technical delivery. For all account and billing data we describe below, Aleksandar Opsenica is the data controller. Questions on data protection go to our privacy contact at privacy@crumb.menu. We have not appointed a statutory Data Protection Officer because we are not required to under Art. 37 GDPR; the privacy mailbox is monitored by the controller.

We process personal data on the following legal bases under the GDPR:

• Performance of a contract (Art. 6(1)(b)) — for creating and operating your account, providing the dashboard, and delivering the menus you publish.
• Legitimate interests (Art. 6(1)(f)) — for pseudonymous menu analytics, security, fraud prevention, and product improvement. We’ve assessed that these uses don’t override your rights because the data is minimal and not used for cross-site tracking or profiling.
• Legal obligation (Art. 6(1)(c)) — for tax, accounting, and responding to lawful requests from authorities.
• Consent (Art. 6(1)(a)) — only where required, e.g. optional marketing emails. You can withdraw at any time.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects on you (Art. 22 GDPR).

When a guest opens a menu, we record a small set of pseudonymous events so the restaurant can understand which dishes get attention and which filters are most used. Specifically:

• A per-tab pseudonymous session_id stored in browser sessionStorage. It is a random identifier — no name, email, or device fingerprint — and is wiped automatically when you close the tab. We do not set any cookie on guest menus.
• Event type (e.g. menu opened, dish opened, filter changed), the dish or section involved, and a timestamp.
• Country code (from your network) and viewport width — used to tell the restaurant whether guests are reading on mobile.
• The page that referred you, if any.

We do not collect IP addresses (beyond deriving a country code at the edge and discarding the raw IP), precise location, names, emails, payment data, or device fingerprints from menu guests. We do not use third-party trackers, advertising pixels, or session replay.

Guest menus do not set any cookies and do not use local storage. The pseudonymous session identifier described in §3 lives in browser sessionStorage and is cleared when the tab closes, so no consent banner is required for viewing a menu.

The dashboard uses the minimum set of cookies needed to operate:

• Auth session cookies (dashboard only) — strictly necessary to keep you signed in. Cleared on sign-out.
• Paddle checkout sets its own cookies during payment. Those are controlled by Paddle as an independent controller — see Paddle’s privacy notice linked below.

We do not use advertising, analytics-sharing, or social-media cookies anywhere on the service.

If you sign in to manage a restaurant, we store your email address, full name (if you provide one), workspace and venue memberships, and an audit log of edits to menus and ingredients. We use your email only for sign-in, invitations, and operational notices — never marketing without an opt-in.

Crumb is intended for restaurant operators and adult guests. The dashboard is not directed at children under 16; we do not knowingly collect personal data from children. If you believe a child has provided us personal data, email privacy@crumb.menu and we will delete it.

• Pseudonymous menu events: 18 months, then aggregated into month-level counts and the raw rows are deleted.
• The per-tab session_id in browser sessionStorage: cleared automatically when you close the tab.
• Account data: for as long as your account is active, plus 30 days after deletion to allow recovery.
• Audit log: 24 months, then archived.
• Billing records held by Paddle: retained per Paddle’s own policy and applicable tax law (typically 6–10 years for invoices).

Restaurant operators see analytics for their venues only. We never sell data and never share it with advertisers. We rely on the following categories of recipients (sub-processors), and commit to giving 30 days’ notice of any material change by updating this page:

• Infrastructure providers — Lovable Cloud (database and serverless compute) and Cloudflare (edge delivery and DNS). Both act as processors under data-processing agreements.
• Payments — Paddle. We use Paddle.com Market Limited as our Merchant of Record for all paid subscriptions. When you subscribe, Paddle collects and processes your billing details (name, email, billing address, payment method, tax identifiers) as an independent controller to take payment, calculate and remit sales tax, issue invoices, and handle refunds and chargebacks. See Paddle’s privacy notice.
• Professional advisers (legal, accounting), where strictly necessary.
• Authorities, only where required by law.

We protect personal data using appropriate technical and organisational measures, including: TLS encryption in transit, encryption at rest for the database, role-based access control, audit logging of dashboard actions, least-privilege service credentials, and short-lived authentication tokens. Access to production systems is limited to a small number of named operators and reviewed regularly. We don’t store card numbers ourselves — payment data is handled directly by Paddle.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the Irish Data Protection Commission within 72 hours of becoming aware of it, and notify affected account holders without undue delay where the risk is high. If you believe an account has been compromised, email security@crumb.menu and we’ll act promptly.

Where personal data is transferred outside the UK/EEA (for example by Paddle or Cloudflare), it is protected by Standard Contractual Clauses or an adequacy decision recognised by the European Commission. We do not transfer personal data to jurisdictions without one of these safeguards in place.

Under the GDPR and equivalent regimes you have the right to: access, rectification, erasure, restriction of processing, data portability, objection to processing, and (where based on consent) withdrawal of consent. To exercise any of these, email privacy@crumb.menu and we’ll respond within 30 days. Account holders can also export a full JSON snapshot of their account data and delete their account from Settings → Account in the dashboard.

To clear the per-tab session_id used on guest menus, simply close the menu tab.

You also have the right to lodge a complaint with your local supervisory authority. Our lead authority is the Irish Data Protection Commission (21 Fitzwilliam Square South, Dublin 2, D02 RD28, Ireland).

If we materially change this notice, we’ll update the date at the top and, for account holders, send an email at least 14 days before the change takes effect. For a copy of a previous version, email privacy@crumb.menu.