Effective: May 2026 · Applies to: onlinemenu.co.nz
Short version: We collect only what we need to run the service. We store it on New Zealand servers. We don't sell it. We delete it when we no longer need it. You can ask us to delete yours at any time.
1. Who We Are
OnlineMenu is operated by LivewireSolutions, based in Masterton, New Zealand. References to "we", "us", or "OnlineMenu" in this policy refer to LivewireSolutions.
Privacy queries: hello@onlinemenu.co.nz
2. Who This Policy Covers
This policy applies to three groups of people who interact with OnlineMenu:
- Venue customers — people who scan a QR code and place an order at a participating café
- Venue operators — café owners and managers who use the admin panel
- Finders — people who participate in our lead referral programme
3. What Data We Collect
| Who | Data collected | Why |
|---|---|---|
| Venue customers | Order contents, table number or order type (dine-in/takeaway), optional name, optional phone number (takeaway only), optional email address (only if customer opts in post-order) | To transmit the order to the kitchen and confirm it to the customer. Contact details are voluntary and used only for the purpose stated at the time of collection. |
| Venue operators | Email address, venue name and configuration, menu content, order history | To deliver and operate the ordering system for the venue. Email is used for account access (magic link) and service communications. |
| Finders | Name, email address, phone number, postal address, bank account details (for fee payment), submitted venue lead information including uploaded menu photos | To operate the finder referral programme and process fee payments. Bank details are held solely for the purpose of paying finder fees. |
We do not collect payment card data. We do not collect any data from customers beyond what is listed above. We do not use cookies for tracking or advertising.
4. How We Store Data
All data is stored in a SQLite database on a server located in New Zealand (shared LiteSpeed hosting). Data does not leave New Zealand except for email delivery (see section 5). We do not use cloud databases or offshore storage for operational data.
Finder menu photo uploads are stored in a protected directory that is not accessible via the public web.
5. Third Parties We Share Data With
| Provider | What is shared | Why |
|---|---|---|
| Brevo (email delivery) | Recipient email address, email content (order confirmations, trial invites, reminders) | We use Brevo to deliver transactional emails reliably. Brevo is EU-based and GDPR-compliant. Emails are not used for marketing by Brevo. |
We do not sell data to any third party. We do not share data with advertisers.
6. How Long We Keep Data
| Data type | Retention period |
|---|---|
| Customer order records (table, items, total) | 90 days from the order date, then deleted |
| Customer contact details (name, phone, email — if provided) | 90 days from the order date, then deleted |
| Venue menu content and configuration | Retained while the venue is active. Deleted 90 days after cancellation. |
| Billing and invoice records | 7 years (required by NZ tax law) |
| Finder personal details and bank details | Retained while the finder is active. Deleted 12 months after their last activity and any outstanding fee has been paid. |
| Finder-submitted menu photos | Deleted 90 days after the associated lead is closed or converted. |
7. Your Rights Under the NZ Privacy Act 2020
Under the NZ Privacy Act 2020, you have the right to:
- Ask whether we hold personal information about you
- Request a copy of that information
- Request correction of inaccurate information
- Ask us to delete your information (subject to our legal obligations to retain certain records)
To exercise any of these rights, email hello@onlinemenu.co.nz. We will respond within 20 working days as required by the Act.
If you believe we have breached the Privacy Act, you may complain to the Office of the Privacy Commissioner at privacy.org.nz.
8. Data Breaches
If a privacy breach occurs that is likely to cause serious harm, we will notify affected individuals and the Privacy Commissioner as required by the NZ Privacy Act 2020. We will act promptly and honestly in the event of any breach.
9. Cookies
The OnlineMenu customer ordering interface does not use cookies. The venue admin panel uses a session cookie to maintain your login — this is a functional cookie and is not used for tracking. It is deleted when you close your browser or log out.
10. Children
OnlineMenu is not directed at children under 16. We do not knowingly collect personal information from children. If we become aware that a child has submitted personal information, we will delete it promptly.
11. Changes to This Policy
We may update this policy from time to time. Material changes will be notified to venue operators by email at least 14 days before taking effect. The current version is always available at onlinemenu.co.nz/privacy/.
12. Contact
Privacy queries: hello@onlinemenu.co.nz
Phone: 027 202 5876
OnlineMenu is a product of LivewireSolutions, Masterton, New Zealand.