Privacy Policy
Effective May 19, 2026
Plate Up is a free menu-analysis tool for restaurant owners. We try to collect as little data as possible, share it with as few third parties as possible, and let you delete it at any time. This page describes exactly what we do.
The short version
- We collect: your email, your restaurant's public info (name, city, locations, type), and a copy of the menu you analyze.
- We use it to: generate your report, send it to you, and (if you opt in) follow up with a few related emails over the next 7 days.
- We share it with: Anthropic (for the AI analysis), Supabase (for storage), Resend (for email delivery), Google Places (for lookup), Firecrawl (for menu scraping), and Stripe (for payments, if you choose to pay).
- We never sell your data. Email privacy@plateup.io to delete everything we have on you within 7 days.
1. Who we are
Plate Up ("we," "us," "our") is an AI-powered menu analyzer operated by [Plate Up Holdings LLC], registered in Delaware. We're reachable at hello@plateup.io.
2. What we collect
When you use Plate Up, we collect:
- Account info: your email address (required to send your report) and the restaurant name + locations you provide.
- Menu data: the image or URL of the menu you submit, plus the structured items, prices, and descriptions extracted from it.
- Public restaurant signals: data we look up about your restaurant via Google Places (address, website, hours, photos, rating, price tier, additional locations).
- Usage events: pages visited, buttons clicked, results viewed — used to improve the product. Stored anonymized and rolled up after 90 days.
- Payment info: only what Stripe collects on its own checkout page. We never see or store your card number.
We do not collect: your physical location (GPS), your contacts, your microphone, or any health information.
3. How we use it
Your data is used to:
- Generate your free menu analysis and redesign.
- Email you your report and (with consent) brief follow-ups.
- If you opt in, refer you to our consulting partners (e.g., for multi-unit operators interested in finance + ops support).
- Aggregate anonymized data to improve our scoring model — e.g., "what does the average casual-dining menu in Austin score on description quality?" No identifying details surface in these aggregates.
4. Who we share it with (sub-processors)
We use a small number of vetted third-party services to operate Plate Up. Each is bound by contract to handle your data securely and only for the purpose listed.
| Service | What we send | Why |
|---|---|---|
| Anthropic | Menu image + text | AI analysis + redesign |
| Supabase | Email, restaurant info, menu data, events | Database + auth |
| Resend | Email address, report HTML | Email delivery |
| Google Places | Restaurant name + city | Restaurant lookup + locations |
| Firecrawl | Restaurant website URL | Menu scraping |
| Stripe | Payment info (collected by Stripe) | Payments |
| Vercel | Page request logs | Hosting + delivery |
None of these vendors are permitted to use your data for their own marketing or to sell it.
5. How long we keep it
- Menu uploads and reports: kept while your account is active, deleted within 30 days of account deletion.
- Email and contact info: kept as long as you're a customer; deleted within 7 days of a verified deletion request.
- Analytics events: rolled up and anonymized after 90 days.
- Payment records: kept 7 years as required by US tax law.
6. Your rights
You can, at any time:
- Access a copy of all data we have on you.
- Correct any inaccurate data.
- Delete your account and all associated data.
- Opt out of marketing emails via the unsubscribe link in every email.
- Object to specific uses (e.g., consulting referrals).
Email privacy@plateup.io to exercise any of these rights. We respond within 7 business days.
7. Cookies + tracking
We use a minimal set of essential cookies (e.g., to remember you're mid-flow on the discovery page) and one analytics service (PostHog) that respects Do Not Track. No third-party advertising or behavioral cookies.
8. Children
Plate Up is not for kids. We don't knowingly collect data from anyone under 18. If you believe we have, email privacy@plateup.io and we'll delete it immediately.
9. Security
All data is encrypted in transit (TLS) and at rest (AES-256). Database access is restricted to authenticated service accounts only. We follow standard practices but no system is 100% secure — if you spot something, email security@plateup.io.
10. Changes to this policy
We'll update this page with the new effective date when we make material changes, and email anyone with an active account at least 14 days before changes take effect.
11. Contact
Questions, complaints, or data requests: privacy@plateup.io.