Privacy Policy
Last updated: June 25, 2026
What we collect
We store only what is necessary to run Carte:
- Your account email (for authentication)
- Menu text and dish data that you upload
- Basic profile information you provide (name, restaurant)
We do not collect browsing behavior, device identifiers, or analytics data.
Your intellectual property
Everything you upload — menus, dish descriptions, tasting notes — is your exclusive intellectual property. We do not claim ownership, we do not train models on your content, and we do not share it with anyone. Your data is used solely to display your menus back to you and to anyone you choose to share them with.
How your data is processed
When you upload a menu, the text is sent through an AI service (Google Gemini / OpenAI) for tagging. The text is processed in real time and is not retained by the AI provider for training or any other purpose. We use these services strictly for on-demand inference.
All other data — your menus, account info, and tags — lives in a secure, isolated database with Row-Level Security (RLS) enabled. You can only access your own data.
Data sharing
We do not sell, rent, or share your data with third parties for marketing, advertising, or analytics. The only external services involved are:
- AI Gateway — for on-demand menu tagging (text processed and discarded, not stored)
- Stripe — for billing (if you subscribe to a paid plan). Only email and payment method details are shared, governed by Stripe's privacy policy
- Google OAuth — if you sign in with Google, only your email and name are exchanged
Contact
If you have questions about this policy, want to export your data, or request deletion of your account and all associated data, contact us at: