Last updated: January 17, 2026
If you are located in the European Union (EU) or European Economic Area (EEA), the General Data Protection Regulation (GDPR) grants you specific rights regarding your personal data. This page explains those rights and how MenuMate complies with GDPR requirements.
For the purposes of GDPR, the data controller is:
Alexandra Gerken
Email: menumate@posteo.no
Service: MenuMate
We process your personal data under the following legal bases:
We collect and process the following personal data:
You have the right to request access to your personal data and receive a copy of the data we hold about you.
You have the right to correct inaccurate or incomplete personal data. You can update your name and email directly in your account settings.
You have the right to request deletion of your personal data. When you request account deletion, we will delete your name and email address within 30 days. Please note:
You have the right to request that we restrict processing of your personal data in certain circumstances, such as while we verify the accuracy of data you have contested.
You have the right to receive your personal data in a structured, commonly used, and machine-readable format (e.g., JSON or CSV) and to transfer it to another service provider.
You have the right to object to processing of your personal data where we rely on legitimate interests as our legal basis for processing.
Where processing is based on consent, you have the right to withdraw your consent at any time. This does not affect the lawfulness of processing before consent was withdrawn.
You have the right to lodge a complaint with your local data protection authority if you believe your data protection rights have been violated.
To exercise any of your GDPR rights, please contact us at:
Email: menumate@posteo.no
Please include:
We will respond to your request within 30 days as required by GDPR. In complex cases, we may extend this period by up to 60 additional days and will inform you of the extension.
We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected:
Your personal data may be transferred to and processed in countries outside the EU/EEA, specifically:
When transferring data outside the EU/EEA, we ensure appropriate safeguards are in place:
We implement appropriate technical and organizational measures to protect your personal data:
MenuMate does not use automated decision-making or profiling as defined by GDPR Article 22.
MenuMate is not intended for children under 16 years of age (or the applicable age of digital consent in your country). We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.
In the event of a data breach that poses a risk to your rights and freedoms, we will:
We use the following third-party processors:
We have ensured that all processors comply with GDPR requirements and have appropriate data processing agreements in place.
Privacy Protection: Your ratings and reviews are anonymized and de-identified before being displayed to other users. Other users can see ratings and reviews within your canteen community, but they cannot identify who posted them. Your name is not displayed alongside your ratings.
Data Controller:
Alexandra Gerken
Email: menumate@posteo.no
To Lodge a Complaint:
If you are not satisfied with how we handle your data, you have the right to lodge a complaint with your local data protection supervisory authority. In Germany, this is your state's data protection authority (Landesdatenschutzbeauftragte).
We may update this GDPR information from time to time. Material changes will be communicated to you via email or through the app. The "Last updated" date at the top of this page shows when changes were made.