Skip to Content

Privacy Policy

Effective date: 1 January 2026·Last updated: 1 June 2026·Version: 1.2


This Privacy Policy explains how AccountsEd Business Solutions ("we", "us", "our") collects, uses, stores, and shares personal data when you use MenuCost — our recipe costing and menu management platform available at menucost.cloud and menucost.net (together, the "Service").

By creating an account or using the Service, you confirm that you have read and understood this policy. If you do not agree with how we handle personal data, please do not use the Service.

1. Who we are2. What we collect3. How we use your data4. Legal basis for processing5. Sharing your data6. International data transfers7. Data retention8. Security9. Cookies and tracking10. Your rights11. Children12. Changes to this policy13. Contact us

1. Who we are

MenuCost is a product of AccountsEd Business Solutions, based in Al Jubail, Saudi Arabia. We are the data controller responsible for personal data collected through the Service.

2. What we collect

We collect personal data in the following categories:

Account and identity data

  • Your full name and email address when you register
  • Your business name and type (restaurant, café, cloud kitchen, etc.)
  • Country and currency preference
  • Your profile photo, if you choose to upload one

Business and operational data

This includes the content you create inside MenuCost — your ingredient library, recipe details, staff records, overhead settings, catering quotes, and profitability reports. This is your business data. We store it to provide the Service and do not use it for any other purpose.

Payment and billing data

  • Subscription tier and billing cycle
  • Payment history and invoices
  • Payment card details are handled directly by our payment processor, Lemon Squeezy, and are not stored on our systems

Usage and technical data

  • IP address, browser type, and device information
  • Pages visited and features used within the app
  • Session timestamps and error logs
  • Referring URLs and search terms that led you to the site

Communications data

  • Emails you send to our support team
  • Responses to surveys or feedback forms, if you choose to participate

3. How we use your data

We use personal data for the following purposes:

To provide and operate the Service

  • Creating and managing your account
  • Storing your recipes, ingredients, staff records, and reports
  • Processing your subscription payments via Lemon Squeezy
  • Sending transactional emails — account confirmation, password reset, billing receipts

To improve the Service

  • Analysing how features are used to prioritise product development
  • Diagnosing errors and fixing bugs
  • Monitoring performance and uptime

To communicate with you

  • Responding to support requests
  • Sending product updates and new feature announcements — you can unsubscribe at any time
  • Notifying you of changes to our terms or this policy

To comply with legal obligations

  • Retaining transaction records as required under Saudi Arabian VAT regulations and applicable accounting laws
  • Responding to lawful requests from regulatory authorities

4. Legal basis for processing

We process personal data on the following legal grounds:

  • Contract performance— processing necessary to deliver the Service you have subscribed to, including account creation, data storage, and payment processing.
  • Legitimate interests— processing necessary to improve the Service, prevent fraud, ensure security, and manage our business operations, where those interests are not overridden by your privacy rights.
  • Legal obligation— processing required to comply with applicable laws, including VAT record-keeping obligations in Saudi Arabia.
  • Consent— where we rely on your consent, such as for optional marketing emails, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

5. Sharing your data

We do not sell your personal data. We do not share your data with advertisers. We share data only in the following circumstances:

Service providers (sub-processors)

We use a small number of third-party providers to operate the Service:

  • Supabase— database hosting and authentication (EU West, Ireland)
  • Vercel— web hosting and serverless functions
  • Lemon Squeezy— payment processing and subscription management (acts as merchant of record, handling GCC VAT compliance)
  • Resend— transactional email delivery

Each provider is bound by a data processing agreement and is only permitted to process your data as instructed by us for the purposes described in this policy.

Legal requirements

We may disclose personal data if required by law, court order, or a legitimate request from a government authority — and only to the extent required.

Business transfer

If AccountsEd Business Solutions is acquired, merged, or its assets are transferred, personal data may be transferred as part of that transaction. We will notify affected users before any such transfer takes effect.

6. International data transfers

Our primary database is hosted on Supabase in the EU West region (Ireland). This means your data is stored in the European Economic Area (EEA), a jurisdiction with strong data protection standards.

Other sub-processors — Vercel, Lemon Squeezy, Resend — may process data in the United States or other jurisdictions. Where data is transferred outside the EEA, we ensure appropriate safeguards are in place, including standard contractual clauses or equivalent mechanisms.

7. Data retention

We retain personal data for as long as is necessary for the purposes described in this policy:

  • Active accounts— we retain all account and business data for the duration of your subscription.
  • Deleted accounts— when you delete your account, we permanently delete your business data (recipes, ingredients, staff records) within 30 days. We retain billing records and transaction history for a minimum of 5 years as required by Saudi Arabian tax law.
  • Support communications— retained for 2 years after the conversation is closed.
  • Usage and technical logs— retained for up to 90 days for security and debugging purposes.

8. Security

We take the security of your data seriously. Measures in place include:

  • All data transmitted between your browser and our servers is encrypted using TLS (HTTPS)
  • Database access is restricted to authorised personnel and service accounts only
  • Passwords are hashed and never stored in plain text
  • Authentication is handled by Supabase Auth, with support for email verification and session management
  • Our infrastructure is hosted on providers with SOC 2 Type II certifications (Supabase, Vercel)

No system is completely secure. If you suspect your account has been compromised, contact us immediately at security@menucost.net.

9. Cookies and tracking

We use a minimal number of cookies necessary to operate the Service:

Essential cookies

  • Session cookie— keeps you logged in during your session. Expires when you close your browser or after 30 days if you choose "remember me".
  • CSRF token— protects against cross-site request forgery attacks.
  • Preference cookies— remembers your currency and language settings.

Analytics

We may use privacy-respecting analytics tools to understand how the product is used in aggregate. We do not use Google Analytics or other advertising-linked trackers. If we introduce any analytics tools, we will update this policy.

Managing cookies

You can manage or delete cookies through your browser settings. Disabling essential cookies will prevent the Service from functioning correctly.

10. Your rights

Depending on where you are located, you may have the following rights regarding your personal data:

  • Access— request a copy of the personal data we hold about you.
  • Rectification— request that we correct inaccurate or incomplete data.
  • Erasure— request deletion of your personal data, subject to our legal retention obligations.
  • Restriction— request that we limit how we use your data in certain circumstances.
  • Portability— request your data in a machine-readable format to transfer to another service.
  • Objection— object to processing based on legitimate interests, including for direct marketing.
  • Withdraw consent— where we rely on consent, you may withdraw it at any time without penalty.

To exercise any of these rights, contact us at privacy@menucost.net. We will respond within 30 days. We may need to verify your identity before processing your request.

Most account data can be updated or deleted directly within your Account Settings. You can export your data in bulk from the Reports tab at any time.

11. Children

The Service is intended for business use by adults. We do not knowingly collect personal data from anyone under the age of 18. If you believe we have inadvertently collected data from a minor, please contact us at privacy@menucost.net and we will delete it promptly.

12. Changes to this policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email and display a notice in the app at least 14 days before the changes take effect.

The version number and effective date at the top of this page always reflect the current version. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

Previous versions of this policy are available on request by emailing privacy@menucost.net.

13. Contact us

If you have any questions about this Privacy Policy, want to exercise your rights, or want to raise a concern about how we handle your data, please contact us:

We aim to respond to all privacy requests within 30 days. If you are not satisfied with our response, you have the right to raise a complaint with the relevant data protection authority in your country.