wowmenu is an AI-powered digital menu platform operated by Hyve AI Labs FZCO, registered in Dubai, UAE. WowMenu is a brand of Hyve AI Labs FZCO, serving restaurants and hospitality businesses in the United Arab Emirates and globally.
Registered address: Hyve AI Labs FZCO, Dubai, United Arab Emirates Data controller email: privacy@wowmenu.me
From restaurant owners: - Account information: name, email address, phone number, restaurant name and address - Payment information: credit/debit card details are processed by our payment provider (Stripe) and are never stored on wowmenu servers - Menu content: dish names, descriptions, prices, and photographs you upload - Usage data: login times, feature usage, QR code download activity, and in-portal actions
From restaurant guests (via the customer-facing digital menu): - Anonymous device tokens (generated on first scan, stored locally on the guest's device) - Order data: items ordered, quantities, variants, table label, order timestamp - Optional: dietary preferences and allergen flags if submitted via the AI assistant - Optional: review and rating content if submitted - Language preference as set by the guest - Browsing interactions: which menu items were viewed, how long was spent on each category
We do not collect: guest names, email addresses, phone numbers, or payment card details from the customer-facing menu unless explicitly provided by the guest.
Restaurant owner data: - To provide, maintain, and improve the wowmenu platform - To process payments and send billing confirmations - To review and approve menu submissions - To provide customer support - To send service notifications (menu approval status, billing reminders) - To comply with UAE legal and regulatory requirements
Guest data: - To serve the correct restaurant menu and active offers - To power AI recommendation engine responses - To display order status and payment confirmation - To generate anonymised analytics for restaurant owners (e.g. 'Table 4 had 12 AI sessions this week') - To improve the AI recommendation quality over time
We do not sell any personal data to third parties. We do not use guest data for advertising.
We process personal data under the following legal bases: - Contract performance: processing necessary to provide the services you have subscribed to - Legitimate interests: analytics and service improvement, fraud prevention, and network security - Consent: where we ask for explicit consent (e.g. marketing emails), processing is based on that consent - Legal obligation: where processing is required to comply with UAE law, DIFC Data Protection Law, or applicable international regulations
Where we rely on legitimate interests, we have conducted a balancing test confirming that our interests do not override your fundamental rights.
We share data with the following categories of third parties: - Cloud infrastructure: AWS (servers located in the EU and UAE) - Payment processing: Stripe (PCI-DSS Level 1 compliant) - Email delivery: SendGrid (for transactional emails) - Analytics: anonymised, aggregated analytics only; no individual guest data is shared - Legal authorities: when required by UAE law, court order, or regulatory request
All third-party processors are bound by data processing agreements that comply with applicable data protection law.
Restaurant owner account data is retained for the duration of the account plus 7 years (for financial record purposes under UAE commercial law).
Guest order and review data is retained for 3 years.
Anonymous device tokens expire after 2 years of inactivity.
You may request deletion of your data at any time by emailing privacy@wowmenu.me. Deletion requests are processed within 30 days.
Under UAE Federal Law No. 45 of 2021 (Personal Data Protection Law) and, where applicable, the EU General Data Protection Regulation, you have the following rights: - Access: request a copy of the personal data we hold about you - Rectification: request correction of inaccurate or incomplete data - Erasure: request deletion of your personal data (subject to legal retention requirements) - Restriction: request that we restrict processing of your data - Portability: receive your data in a structured, machine-readable format - Objection: object to processing based on legitimate interests - Withdraw consent: where processing is based on consent, withdraw it at any time
To exercise any of these rights, contact privacy@wowmenu.me. We will respond within 30 days.
wowmenu uses the following cookies and tracking technologies: - Session cookies: required for login and portal functionality; expire when you close your browser - Preference cookies: store your language and theme preferences; expire after 1 year - Analytics cookies: anonymised, aggregate usage analytics (no personal identification); you may opt out in your account settings
The customer-facing digital menu does not use advertising or third-party tracking cookies. The anonymous device token is stored in localStorage, not cookies.
We implement appropriate technical and organisational security measures including: - TLS 1.3 encryption for all data in transit - AES-256 encryption for data at rest - Access controls and role-based permissions for all staff - Regular security audits and penetration testing - SOC 2 Type II certification (in progress; expected Q3 2026)
In the event of a data breach that affects your rights and freedoms, we will notify you and the UAE TDRA within 72 hours of becoming aware.
For any privacy-related questions, requests, or complaints, contact:
privacy@wowmenu.me
Hyve AI Labs FZCO Dubai Internet City, Building 5, Office 301 Dubai, United Arab Emirates
If you are not satisfied with our response, you have the right to lodge a complaint with the UAE Telecommunications and Digital Government Regulatory Authority (TDRA) or, if you are located in the European Economic Area, your national data protection supervisory authority.