CliqMenu Legal

Privacy Policy

What personal information we collect, why, how long we keep it, who we share it with, and your rights (AU / NZ / IN).

Version 2026-07-11Effective 11 July 2026Applies to everyone

In short

We collect the minimum needed to run ordering, store it in Australia (Sydney), never sell it, and never store card numbers.

This summary is for convenience only — the full document below is what applies.

On this page
What changed4 versions
2026-07-11Deletion requests clarified (§8): separate paths for business owners and staff, the multi-business “ask each owner” note, and a 90-day response window (subject to tax-retention). · 11 July 2026
2026-07-02MATERIALContact-form and push-notification data added to the collection table; overseas-transfer countries named; Google Limited Use statement added. · 2 July 2026
2026-07-01.1Marketing-communications and automated-decisions statements added; Google sign-in storage clarified. · 20 June 2026
2026-07-01MATERIALFirst published cut. · 17 June 2026

This Privacy Policy explains how CliqMenu collects, uses, discloses, and protects personal information when you use the CliqMenu platform — the marketing website, the BMS, the OMS, and the FOS ordering app (the "Platform"). CliqMenu is a product and venture of INTHUB Solutions Pty Ltd (ABN 93 603 890 893), which owns the Platform; in this policy, "CliqMenu", "we", "us" and "our" mean INTHUB Solutions Pty Ltd and any related, affiliated, or successor entity that operates the CliqMenu platform.

It applies to three groups: business owners and their staff ("Merchants"), customers who place orders, and visitors to our website. It should be read with our Terms of Service.

Plain-language summary. We collect the minimum we need to run ordering: a Customer's call-name, and — only when needed — a phone number or email for order updates and receipts; and a Merchant's business and contact details. We store everything in Australia (Sydney). We don't sell your data. We don't store card numbers. None of what we collect is "sensitive information" (no health, biometric, or similar special-category data).

1. Who is responsible for your data

CliqMenu operates a marketplace model:

  • For a Customer's order data, the Merchant the Customer orders from is generally the controller (it receives the order to fulfil it), and CliqMenu processes that data to run the Platform. CliqMenu also uses certain Customer data for its own purposes — sending receipts, fraud prevention, push notifications, and support — and is a controller for those purposes.
  • For a Merchant's own account data (business profile, staff, billing), CliqMenu is the controller.

Where required, we make a Data Processing Addendum available to Merchants.

2. What we collect, why, and how long we keep it

InformationFrom whomWhen / requiredWhyRetention
Name (call-name)CustomerAlways, to orderIdentify and call out the orderWith the order (5 years)
Mobile numberCustomerOptional; required for pre-ordersPickup contact / status updatesWith the order (5 years)
EmailCustomerOptional; required for pre-orders and for online payment & receiptsReceipt / tax invoice / statusWith the order (5 years)
Google sign-in identity (name, email)CustomerOptional (if you sign in)Identify you and show your order historyHeld by our sign-in provider until removed; name/email also saved with your orders
Device identifierCustomerAutomaticOrder ownership and fraud preventionWith the order (5 years)
Push-notification subscription (browser push token)CustomerOptional — if you turn on order notificationsSend order-status notifications to your deviceUntil you unsubscribe or the subscription expires
Contact & access-request details (name, email, business name, message)Website visitor / prospective MerchantWhen you submit the contact formAnswer your question, or review your request for platform accessUntil actioned, then a reasonable administration period
Owner nameMerchantRequiredAccount identityLife of account + retention
Login emailMerchantRequiredLogin and noticesLife of account
Business & contact phone / email / addressMerchantRequiredListing, contact, taxLife of account
Business registration number (ABN / NZBN / CIN)MerchantRequiredTax and complianceLife of account
Food licence number and documentMerchantOptionalComplianceLife of account
Staff name / email / phoneMerchantRequired (name/email)Staff access to the OMSLife of account
Payment account identifiersMerchantOn payment setupRouting payoutsLife of account
Card / bank numbersNot stored by CliqMenu

We collect this information directly from you, from your use of the Platform, and (for sign-in) from Google. We do not collect special-category / sensitive information.

When you sign in with Google, we receive your name and email address (and a profile-photo URL) into our sign-in provider (Amazon Cognito) as your sign-in identity. We use your name and email to identify you and link your order history, and we save them with the orders you place. We do not store your Google profile photo in our systems — it is only shown in the app while you are signed in — and Google does not give us your phone number. Our use of information received from Google sign-in complies with the Google API Services User Data Policy, including its Limited Use requirements.

3. How we use your information

  • To operate ordering: publish menus, take and route orders, and process payments through the Merchant's provider.
  • To communicate: order status, receipts and tax invoices, one-time login passcodes, and service notices.
  • To keep the Platform safe: authentication, fraud prevention, and abuse detection.
  • To support you: responding to help requests, and (with consent) accessing a Merchant account to assist.
  • To improve and run the business: reporting and analytics on aggregated or Merchant-scoped data, and to meet our legal and tax obligations.

We do not sell your personal information, and we do not use it for cross-context behavioural advertising.

Marketing communications. The messages we send — order status, receipts and tax invoices, login passcodes, and service notices — are transactional and necessary to provide the service. We do not send marketing or promotional messages without your consent, and where we are permitted to send them you can opt out at any time using the unsubscribe option or by contacting us. Opting out does not stop transactional messages about your account or orders. (Australia: Spam Act 2003; New Zealand: Unsolicited Electronic Messages Act 2007.)

Automated decisions. We do not use automated decision-making or profiling to make decisions that produce legal or similarly significant effects about you. The only automated processing we apply is for security and fraud prevention (for example, rate-limiting and basic order-fraud checks).

4. When we share information

  • With the Merchant you order from — the details needed to prepare and hand over your order.
  • With service providers (sub-processors) who help us run the Platform, listed in section 5.
  • For legal reasons — to comply with the law, a lawful request, or to protect rights, safety, and the integrity of the Platform. Where we are legally required to disclose a Merchant's data (for example, to a regulator or law enforcement), we notify the Merchant unless legally prohibited from doing so.

5. Sub-processors

We use the following providers to deliver the Platform. Each handles personal information only as needed to provide its service.

ProviderPurposeRegion
Amazon Web Services (AWS)Hosting, database, file storage, email (SES), authentication (Cognito)Sydney (ap-southeast-2)
StripeOnline payments (Australia / New Zealand)Per Stripe
CashfreeOnline payments (India)Per Cashfree
GoogleSign-in (OAuth) and web push notifications (FCM)Per Google
CloudflareBot protection (Turnstile) on formsPer Cloudflare

6. Where we store your data

All Platform data is stored in AWS's Sydney region (ap-southeast-2), Australia. Some payment, sign-in, bot-protection, and push-notification processing occurs with the providers above, which may process data outside Australia — principally in the United States (Stripe, Google, Cloudflare) and India (Cashfree) — under their own safeguards. We do not currently operate infrastructure in India; see the India section below regarding data-localisation under the DPDP Act.

7. Security

We protect your data with encryption in transit (TLS, plus an application-layer encryption envelope between our apps and our servers) and encryption at rest (AES-256). Access is controlled and authenticated. Administrative "support access" (staff acting within a Merchant account, sometimes called impersonation or "Login As") is consent-gated — the Merchant grants time-boxed access (currently 1, 5, 15, or 30 days) through an in-app control and can revoke it at any time, with limited access during onboarding or while an account is not yet active. Such sessions are audited, and Customer name, email, and phone are masked from staff during them. More detail is in our Security Policy.

8. Retention and deletion

  • Order records are retained for 5 years by default to meet tax and record-keeping obligations.
  • When a Merchant closes its account, deletion is staged: a roughly 30-day undo window in which the account can be restored, followed by a tax-retention window for order records (Australia 5 years / New Zealand 7 years / India 8 years), after which records are purged. A legal hold pauses purging where required.

Requesting deletion. You can ask us to delete your personal information, and we honour deletion requests except where we must keep certain records by law (for example, tax records), in which case we restrict and minimise what is retained. On a verified request we delete or anonymise your personal data within 90 days, subject to the tax-retention windows above.

  • Business owners (account holders). Email privacy@cliqmenu.com to request deletion of your business account and its associated data.
  • Staff (Order Managers and Kitchen Staff). Your login for the staff ordering app (OMS) is created and managed by the business owner who added you. To have your email address and staff profile removed, ask that owner to remove you from their team in the business dashboard (BMS) — removal takes effect immediately. If more than one business has added you, ask each of those owners separately, because each business independently controls its own staff list. You can also email privacy@cliqmenu.com and we will action or help coordinate your request.

9. Your rights

Depending on where you are, you may have rights to access, correct, delete, or restrict the use of your personal information, to object to certain processing, and to complain to a regulator. To exercise a right, contact privacy@cliqmenu.com. We may need to verify your identity. We respond within the timeframes required by applicable law.

The mechanisms that support these rights already exist on the Platform — Merchants can export their business and transaction data from BMS Reports, and we operate a data-export and staged-deletion process for legal and compliance requests.

10. Cookies and tracking

We use a small number of strictly-necessary cookies and similar technologies, and the Cloudflare Turnstile bot-check on forms. We do not load third-party analytics or advertising trackers. See the Cookie & Tracking Notice.

11. Children

The Platform is not directed at children. We do not knowingly collect personal information from children under the age set by local law. If you believe a child has provided personal information, contact us and we will delete it.

12. Changes to this policy

We may update this policy. Each version carries a version identifier and effective date. For material changes affecting Merchant acceptance, we ask Merchants to re-acknowledge the updated policy in the BMS.


Country-specific information

The sections below supplement the policy above for each country we operate in. Where a country-specific rule conflicts with the general policy, the country-specific rule applies for residents of that country.

Australia

We handle personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). You may complain to us at privacy@cliqmenu.com; if unsatisfied, you may contact the Office of the Australian Information Commissioner (OAIC). We will notify you and the OAIC of eligible data breaches as required by the Notifiable Data Breaches scheme.

New Zealand

We handle personal information in accordance with the Privacy Act 2020 and the Information Privacy Principles (IPPs). You may complain to us or to the Office of the Privacy Commissioner. We will notify affected individuals and the Commissioner of notifiable privacy breaches as required.

India

For individuals in India we handle personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) once in force, including notice and consent requirements and your rights as a Data Principal. You may contact our grievance channel at privacy@cliqmenu.com.

Data localisation (under review). Platform data currently resides in Australia. If the DPDP Act or its rules require India-resident storage or impose cross-border-transfer conditions, we will adjust our infrastructure accordingly.

13. Contact

Privacy questions, requests, or complaints: privacy@cliqmenu.com. Entity: INTHUB Solutions Pty Ltd (ABN 93 603 890 893), which owns and operates the CliqMenu platform.