Privacy Policy

This Privacy Policy applies to the Carte AI website, application, and related services that help restaurants and chefs generate, edit, publish, host, and share menus.

By using Carte AI, you acknowledge that we may process information about you, your account, your menus, and your use of the service as described below.

• Account information such as your name, email address, authentication data, and session information.
• Restaurant and menu information you submit, including restaurant name, cuisine, dishes, prices, descriptions, branding notes, allergens, dietary notes, and publishing preferences.
• AI interaction data such as prompts, instructions, edit requests, generated drafts, and related model telemetry needed to operate menu generation and editing features.
• Payment and billing records related to publish credits, checkout events, customer portal activity, invoices, and transaction status. We do not store full payment card numbers ourselves.
• Published asset data such as public menu URLs, QR codes, generated PDF or image assets, public slugs, and version history when you publish a menu.
• Technical and usage data such as device information, browser type, IP address, logs, timestamps, and activity needed for security, debugging, abuse prevention, and service reliability.
• Communications you send to us, including support requests and transactional email history such as verification and password reset messages.

• Provide authentication, account management, and secure access to your workspace.
• Generate, revise, store, render, publish, and deliver menus and related assets.
• Process purchases, track publish entitlements, and provide billing and customer portal functionality.
• Send transactional emails such as sign-up verification, password reset, receipts, and service-related notices.
• Operate public menu pages, downloadable assets, and QR-code destinations you choose to publish.
• Detect misuse, investigate security issues, enforce our Terms of Service, and improve reliability and performance.
• Comply with legal obligations and respond to valid legal requests.

Carte AI uses third-party AI infrastructure to generate and revise menu content. When you use AI features, prompts, menu drafts, and related context may be sent to those providers to produce outputs and support safety, logging, and abuse prevention.

You should not submit sensitive personal information, health data, payment card data, or other information that is unnecessary for creating restaurant menus.

We use service providers to operate the product, including providers for:

• Authentication and account sessions, including email/password sign-in and social login flows.
• Transactional email delivery for verification, password reset, and other service notices.
• Billing, checkout, customer records, and publish-credit purchases.
• Cloud object storage and public asset delivery for published menus, PDFs, images, and QR codes.
• Database hosting, caching, logging, and infrastructure needed to run the application.
• AI model access used for menu generation and editing.

As of April 6, 2026, this may include providers such as Google for optional social login, Resend for transactional email, Polar for billing and customer portal features, OpenRouter-connected AI model providers for menu generation and editing, and Cloudflare R2-compatible object storage for durable snapshots and published assets. These providers may process information on our behalf under their own applicable terms and privacy commitments.

Publishing a menu may require payment. Billing and checkout are handled through third party payment infrastructure. Carte AI receives payment status, transaction identifiers, customer identifiers, and related billing metadata necessary to grant publish credits, record purchases, and support refunds or disputes where applicable.

If you publish a menu, the published version may become publicly accessible through a permanent or semi-permanent public URL, downloadable asset URL, and QR code. Published menu content is intended to be shared with your customers and may be accessible to anyone with the link or QR code.

Do not include confidential information, private employee information, or personal data in published menu content unless you are comfortable making it public.

• With service providers and vendors that help us operate Carte AI.
• With payment, billing, authentication, email, hosting, and AI providers as needed to deliver the service.
• When you intentionally publish content so that it is accessible through public menu links, PDF or image assets, or QR codes.
• When required by law, regulation, court order, or valid legal process.
• In connection with a merger, financing, acquisition, reorganization, sale of assets, or similar transaction.
• To protect the rights, safety, security, and integrity of Carte AI, our users, and the public.

We retain information for as long as reasonably necessary to provide the service, maintain security and audit records, comply with legal obligations, resolve disputes, and enforce our agreements.

Published menu versions and related public assets may remain retained for archival, version-history, operational, or legal reasons even after a draft changes, especially because the publishing workflow is designed around immutable published versions.

We use reasonable technical and organizational measures to protect information, but no system can be guaranteed completely secure. You are responsible for safeguarding your account credentials and for controlling who can access your published links and QR codes.

Depending on your location, you may have rights to access, correct, delete, or object to certain processing of your personal information. You may also be able to update some information directly in your account.

To request privacy assistance, contact support@support.carte-ai.com. We may need to verify your identity before completing certain requests.

Carte AI is intended for business and professional use by restaurants, chefs, and other adults. It is not directed to children under 13, and we do not knowingly collect personal information from children under 13.

Carte AI may be accessed from different countries, and your information may be processed in jurisdictions other than your own. By using the service, you understand that information may be transferred to and processed in locations where we or our service providers operate, subject to applicable law.

We may update this Privacy Policy from time to time. If we make material changes, we may update the date above and provide additional notice where appropriate. Your continued use of Carte AI after an update becomes effective means the updated policy will apply to your use of the service.

For privacy questions, support requests, or legal notices related to this Privacy Policy, contact support@support.carte-ai.com.