SweetAsMenu

Privacy Policy

Last updated: 6 January 2026

1. Introduction

Zestio Tech Limited (trading as "SweetAsMenu") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our restaurant management platform and related services.

We comply with the New Zealand Privacy Act 2020 and the Information Privacy Principles (IPPs). By using SweetAsMenu, you consent to the practices described in this policy.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, business name
  • Restaurant Details: Business address, GST number, IRD number, menu items
  • Payment Information: Bank account details for transfers (stored securely via Stripe)
  • Staff Information: Staff names, roles, PIN codes for POS access
  • Customer Orders: Order details, delivery addresses, special instructions

2.2 Information Collected Automatically

  • Device Information: Browser type, operating system, device identifiers
  • Usage Data: Pages visited, features used, time spent on platform
  • Log Data: IP address, access times, referring URLs
  • Cookies: Session cookies for authentication and preferences

2.3 Information from Third Parties

  • Payment Processors: Transaction confirmations from Stripe
  • Authentication: Profile data if you sign in via Google or social providers

3. How We Use Your Information

We use collected information to:

  • Provide and maintain our restaurant management services
  • Process orders and payments
  • Generate AI-powered menu translations and food images
  • Send order notifications and service updates
  • Provide customer support
  • Analyse usage patterns to improve our services
  • Comply with legal obligations (e.g., GST reporting)
  • Detect and prevent fraud or security issues

4. AI-Powered Features

SweetAsMenu uses artificial intelligence (Google Gemini) to provide:

  • Menu Translation: Automatic translation of menu items between languages
  • Food Image Generation: AI-generated images for menu items
  • Image Enhancement: Improving quality of uploaded food photos

Menu text and descriptions may be processed by Google's AI services. We do not share personal customer information with AI services.

5. Information Sharing and Disclosure

We may share your information with:

5.1 Service Providers

  • Supabase: Database hosting and authentication (Australia/US servers)
  • Stripe: Payment processing (PCI-DSS compliant)
  • Google Cloud: AI services for translation and image generation
  • Vercel: Website hosting

5.2 Legal Requirements

We may disclose information if required by New Zealand law, court order, or government request, including to IRD for tax compliance purposes.

5.3 Business Transfers

If Zestio Tech Limited is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

6. Data Retention

We retain your information for:

  • Account data: Until you delete your account
  • Order history: 7 years (NZ tax record requirements)
  • Payment records: 7 years (NZ tax record requirements)
  • Usage logs: 12 months
  • AI-generated images: Until deleted by restaurant owner

7. Your Rights (NZ Privacy Act 2020)

Under New Zealand privacy law, you have the right to:

  • Access: Request a copy of your personal information
  • Correction: Request correction of inaccurate information
  • Deletion: Request deletion of your information (subject to legal retention requirements)
  • Data Portability: Request your data in a portable format
  • Withdraw Consent: Withdraw consent for optional data processing

To exercise these rights, contact us at support@zestiotech.com. We will respond within 20 working days as required by the Privacy Act.

8. Data Security

We protect your information using:

  • SSL/TLS encryption for all data in transit
  • Encrypted database storage (Supabase with Row Level Security)
  • Secure authentication with hashed passwords
  • Regular security audits and updates
  • Staff access controls and PIN-based POS authentication

9. Cookies and Tracking

We use cookies for:

  • Essential Cookies: Required for login and security
  • Preference Cookies: Remember your language and settings
  • Analytics Cookies: Understand how you use our platform

You can disable cookies in your browser settings, but some features may not work properly.

10. International Data Transfers

Your data may be processed in Australia, United States, or other countries where our service providers operate. We ensure appropriate safeguards are in place, including contractual protections with our providers.

11. Children's Privacy

SweetAsMenu is designed for business use and is not intended for children under 16. We do not knowingly collect information from children.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform. Your continued use after changes constitutes acceptance of the updated policy.

13. Contact Us

For privacy-related questions or to exercise your rights:

Privacy Officer

Zestio Tech Limited

Email: support@zestiotech.com

Website: sweetasmenu.com

If you are not satisfied with our response, you may contact theOffice of the Privacy Commissioner.

← Back to Home