Legal

Privacy Policy

This policy explains what information Nibbli collects, why we use it, and the choices available to restaurant teams, menu guests, and website visitors.

Last updated:

1. Who this policy covers

This Privacy Policy applies to Nibbli’s website, restaurant dashboard, public QR menu pages, and related services. It covers people who create or use a Nibbli account, restaurant team members invited into a workspace, guests who view a restaurant menu powered by Nibbli, and visitors to the Nibbli website.

When a restaurant uses Nibbli to publish its menu, that restaurant remains responsible for the menu content it provides, including prices, allergens, dietary labels, descriptions, images, and availability information.

2. Information we collect

We collect information needed to run Nibbli and improve the product:

  • Account information, such as your name, email address, profile image, preferred language, account provider, and sign-in/session details.
  • Restaurant workspace information, such as restaurant names, menu content, prices, allergens, dietary labels, images, QR codes, table labels, team roles, invitations, and change history.
  • Billing information, such as subscription plan, billing status, customer identifiers, invoice or checkout status, and billing contact details. Payment card details are handled by our payment provider and are not stored by Nibbli.
  • Uploaded or imported menu files, such as photos or PDFs you upload so Nibbli can extract menu content.
  • Usage and analytics information, such as page views, menu views, QR scan counts, campaign parameters, referring pages, approximate location, browser/device information, and interactions with the website or app.
  • Technical and security information, such as IP address, user agent, request logs, rate-limit events, authentication events, and error logs.
  • Communications, such as emails or messages you send to us.

We do not currently provide reservations, guest ordering, newsletter signups, or guest payment collection through Nibbli.

3. How we use information

We use information to:

  • provide, secure, and maintain Nibbli;
  • create and manage user accounts and restaurant workspaces;
  • publish and update QR menus;
  • process subscriptions and billing operations;
  • send sign-in codes, invitations, transactional messages, and support replies;
  • extract, translate, format, and improve menu content when you use those features;
  • measure menu views, QR scans, website visits, campaigns, and product usage;
  • diagnose bugs, prevent abuse, enforce rate limits, and keep the service reliable;
  • comply with legal, accounting, tax, and security obligations.

4. Menu guests and public menu analytics

Guests can view public restaurant menus without creating a Nibbli account. When a guest scans a QR code or opens a public menu, we may collect scan and view analytics so restaurants can understand basic menu activity and so Nibbli can keep the service reliable.

Public menu analytics are intended to measure usage, not to identify individual guests. If a guest follows a link from a public menu to the Nibbli website, we may use referral and campaign information to understand that visit.

5. Cookies and similar technologies

Nibbli uses cookies and similar browser storage for necessary functions such as authentication, security, remembering language preferences, and keeping the service working.

We may also use analytics and marketing technologies on the Nibbli website to understand visits, campaign performance, and interest in Nibbli. These technologies may collect information such as pages viewed, referral source, campaign parameters, approximate location, browser/device details, and interactions with the site.

You can control cookies through your browser settings. Blocking necessary cookies may prevent some parts of the service from working correctly.

6. Service providers

We use trusted service providers to operate Nibbli. These may include providers for hosting, database infrastructure, file storage, authentication, email delivery, payments, analytics, security, and AI-powered menu processing or translation.

We share information with these providers only as needed for them to provide their services to Nibbli. We do not sell personal data.

Where EU or UK data protection law applies, we process personal data under the following legal bases:

  • Contract, when processing is needed to provide Nibbli to you or your restaurant.
  • Legitimate interests, such as securing the service, preventing abuse, improving the product, measuring usage, and understanding website performance.
  • Consent, where required for certain optional communications or non-essential technologies.
  • Legal obligation, where we need to keep records or respond to lawful requests.

8. How long we keep information

We keep personal data only as long as needed for the purposes described in this policy. Account and workspace data is generally kept while the account or restaurant workspace remains active. Billing, tax, security, and legal records may be kept longer where required. Logs and analytics data may be retained in aggregated or limited form to understand usage, protect the service, and improve Nibbli.

When a restaurant deletes content or closes its workspace, we may retain limited records where needed for billing, security, backups, dispute resolution, or legal compliance.

9. International transfers

Nibbli may use providers located outside your country. When personal data is transferred internationally, we rely on appropriate safeguards where required, such as contractual protections or adequacy decisions.

10. Security

We use technical and organizational measures designed to protect personal data, including access controls, authentication, encrypted connections, provider security controls, and operational monitoring. No online service can be guaranteed to be completely secure, but we work to keep risk proportionate to the data we process.

11. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or receive a copy of your personal data. You may also have the right to withdraw consent where processing is based on consent, and to lodge a complaint with your local data protection authority.

To make a request, contact us at hello@nibbli.io. We may need to verify your identity before responding.

12. Changes to this policy

We may update this policy as Nibbli evolves. If changes are material, we will take reasonable steps to make them visible. The “Last updated” date shows when this policy was last changed.

13. Contact

For privacy questions or requests, contact Nibbli at hello@nibbli.io.