Welcome to ReadMenuAI. We provide you ("You" and "Your") with a service that uses generative artificial intelligence technology to transform Chinese menus into photo menus, including but not limited to AI-powered Chinese menu translation, dish image generation, and price conversion (the "Service").

This Privacy Policy (the "Policy") describes and sets out how we collect, use, share, and protect (collectively, "Process") personal information collected in the context of our Service. Please read this Policy carefully before using or submitting any information through or in connection with any part of the Service. By using any part of the Service, you consent to our collection, use, and disclosure of your information as described in this Policy. To the extent permitted by law, the English version of this Policy is binding, and other translations are for convenience only.

If you are located in the European Economic Area, the UK, or Switzerland ("Europe"): for the purposes of compliance with the European Union General Data Protection Regulation 2016/679 ("GDPR"), the Data Controller is ReadMenuAI, which can be contacted at the address listed in the "How to Contact Us" section below; and You are not required to consent to this Privacy Policy, but you acknowledge that you have read and understood its terms. If you are a resident of California, the California Consumer Privacy Act of 2018 and the California Privacy Rights Act of 2020 provide you with additional rights.

This Policy applies to the Processing of your Personal Information, provided it does not conflict with the laws and regulations applicable to you. This Policy will provide you with the following information:

1. Definitions

For the purposes of this Policy, the following definitions shall apply unless the context otherwise requires:

**We** or **Our** in this Policy refers to the ReadMenuAI team and service providers.

**Cookie** means a small file that is placed on your computer, mobile device, or any other device by a website, containing, among its many uses, the details of your browsing history on that website.

**Data Controller**, for the purposes of the GDPR, means the legal entity or company which alone or jointly with others determines the purposes and means of the Processing of Personal Information. For the purposes of the GDPR, ReadMenuAI is the Data Controller.

**Personal Information** (or **Personal Data**) is any information that relates to an identified or identifiable individual.

For the purposes of **GDPR**, Personal Data means any information relating to You such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

For the purposes of **CPRA**, Personal Information means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with You.

**Website** refers to ReadMenuAI, accessible from https://readmenuai.com/.

**Sell** means to disclose Personal Information to another business or a third party for monetary or other valuable consideration.

**Service** refers to the creation of photo menus using generative artificial intelligence technology, including but not limited to AI-powered Chinese menu translation, dish image generation, and price conversion.

**Service Provider** means any natural or legal person who processes the data on Our behalf. It refers to third-party companies or individuals employed by Us to facilitate the Service, to provide the Service on Our behalf, to perform services related to the Service, or to assist Us in analyzing how the Service is used. For the purpose of the GDPR, Service Providers are considered Data Processors.

**Usage Data** refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Under GDPR, You can be referred to as the Data Subject or as the User, as You are the individual using the Service.

2. Information We Collect

As further described below, we collect information in a variety of ways when you use or otherwise access the Service, including when you directly provide information to us and when we passively collect information from your browser or device (e.g., by logging how you interact with our Service).

2.1. Information You Provide Directly to Us

A. Registration Information

When you register for our Service or open an account, depending on the channel you choose to register through, we may collect your email address, username, and verification codes (used for multi-factor authentication and to send you important messages), as well as any information you choose to provide to us (e.g., a profile picture).

If you are located in Europe, the basis for our processing of this information is the contract concluded with you and its performance (GDPR Article 6(1)(b)).

B. Purchase Information

When you purchase a paid service (such as a membership subscription to our Service) through the Website, we may collect: (i) Personal Information related to your order, such as the order number, time of order, and the services you chose to purchase; (ii) your financial information, such as credit card information collected on our behalf by our payment service providers. If you are located in Europe, the basis for our processing of this information is the contract concluded with you and its performance (GDPR Article 6(1)(b)).

C. Content You Provide Through Our Service

We collect and securely store the content you post, send, and receive as part of the Service through our products, such as the menu images and custom requirements you upload. This content includes any Personal Information about you that you may choose to include. For any Personal Information you choose to include in the content, you acknowledge and agree that you have obtained authorization from the relevant data subject and have informed them that their Personal Information may be publicly displayed on our Service.

D. Communications with Us

You may contact us via email or other means (e.g., to ask questions about our Service, seek customer support, or inform us of ideas for new or modified existing products). You may also choose to respond to surveys we issue or inquiries about your generated content. When you do so, we collect the information you choose to provide to us, such as your contact information, any images you choose to upload, and the content and nature of your message. To ensure the security of your Personal Information, we kindly request that you avoid sending any financial or sensitive data through our chat service or other channels, unless specifically requested by us to provide you with the Service. If you do choose to share such information directly with us, please be aware that we will handle it with care and process it in accordance with the provisions of our Service Providers.

2.2. Passively or Automatically Collected Information

A. Usage Information

When you interact with us through the Service, we automatically receive and store certain information from the device you use to access the Service, such as your IP address, browser settings, device information, clickstream data, crash data, session ID, geolocation information, and more. This information is passively collected through various technologies, including the type of internet browser or mobile device you use, the website that referred you to the Service, your operating system, and location data obtained by identifying the city and state from which your IP address logs into ReadMenuAI. We collect the above Personal Information to ensure the security and stability of our Service provision.

If you are located in Europe, the basis for our processing of this information is our legitimate interests in supporting our business, and your data protection rights do not override our interests (GDPR Article 6(1)(f)).

B. Cookies and Other Electronic Technologies

We collect certain types of information through various common technologies. These technologies typically include tracking pixels, JavaScript, and various "local storage data" technologies, such as Cookies and local storage. Depending on the technology we use, locally stored data may include text, Personal Data (such as your IP address), and information related to your use of ReadMenuAI.

3. How We Use the Information We Collect About You

We use the information collected from the Service in a manner consistent with this Policy. We use the information you provide (or otherwise allow the Service to access) for the following purposes:

3.1. Providing the Service

We use the collected information to operate, maintain, and provide the Service to you, such as analyzing menus and generating images. We may also use this information to limit attempts to use the Service from restricted regions and to limit attempts to use the Service in violation of the applicable terms of service.

3.2. Analyzing and Improving Our Services and Platform

We use this information to manage, develop, improve, and maintain any Service (including responding to and processing inquiries, providing maintenance and support, and preparing data backups). We use the collected information to analyze data usage trends and preferences to enhance the accuracy, effectiveness, security, usability, or popularity of our Service.

4. How We Disclose the Information We Collect About You

In certain circumstances, we share information collected through the Service with certain third parties without further notice to you, as set forth below. In particular, we are not in the business of selling your information to advertisers or other third parties.

4.1. Third-Party Service Providers Who Process Your Data on Our Behalf

This includes:

A. Security Service Providers

We may share your clickstream data, crash data, session ID, and device information with such providers (where permitted by applicable law) to improve our Service and protect the security of our Service.

B. Other Third-Party Service Providers

Such as hosting providers, IT service providers, and other similar services required by us to provide you with the Website and other business-related services. Any data processing performed on our behalf complies with applicable laws.

4.2. Government Authorities/Law Enforcement Officials

Personal Data may also be shared with government authorities and/or law enforcement officials if required for the above purposes, or as required by law, or as legitimately necessary to protect our legitimate interests in compliance with applicable law.

4.3. Potential Buyers and Advisors

In the event of a company sale, merger, reorganization, dissolution, similar event, or steps taken in preparation for such an event (e.g., due diligence in a transaction), your Personal Data may be shared (where permitted by applicable law) with our advisors and the advisors of any potential purchaser, and will be transferred to the new owners of the business.

4.4. Third Parties That Partner with Us or Provide Services You Choose to Link

We share Personal Information with third parties that partner with us on various projects. When we share Personal Information with third parties, we require these third parties to Process the information in accordance with relevant laws. When you link to or interact directly with third-party companies, their use of your Personal Information and your use of their functionalities are governed by those companies' privacy statements. We encourage you to read their privacy statements carefully.

4.5. Your Consent

We may share your information for other purposes if (i) you instruct us to do so or (ii) you consent to such sharing.

4.6. Aggregated Data

We aggregate, anonymize, and/or de-identify information about you collected actively or passively so that the information no longer relates to you personally. We then use this data for various legitimate purposes, including but not limited to our research into customer interests and behavior. We also share this information with our affiliates, agents, business partners, research institutions, or other third parties (e.g., Google Analytics).

4.7. Other Users of Our Service

If you choose to make your information public in publicly accessible areas of the Service (such as in your posted content or comments), we will make your information available to other users of our Service.

5. How We Treat Children's Personal Information

Our Website is not directed to children (meaning children under the age of 13, or under 16 in the European region), and we do not knowingly collect Personal Data from children. If we learn that a child has provided us with Personal Data, we will immediately delete such Personal Data from our systems. Children may not submit any Personal Data to us without parental or guardian consent. If you have reason to believe that a child has provided us with Personal Information through the Service, please contact us at support@readmenuai.com, and we will delete that information from our databases as required by law.

6. Security Measures

We are committed to protecting the security of your Personal Data and strive to maintain the highest security standards. To this end, we have adopted current state-of-the-art technologies and implemented robust technical and organizational measures to ensure your Personal Data is adequately protected against loss, misuse, unauthorized access, disclosure, alteration, and destruction. We exclusively use encrypted transmission paths for the transmission of particularly sensitive Personal Data over the internet.

Unfortunately, data transmission over the internet is not completely secure. Therefore, while we will do our best to protect your Personal Data, we cannot guarantee the absolute security of data transmitted to our Website. Any transmission is at your own risk. Once we have received your Personal Data, we will use strict procedures and security features to prevent unauthorized access. This includes, but is not limited to, the following measures:

We have a dedicated information security professional team and have established an information security system.

We have adopted security protection measures for data collection, storage, display, Processing, use, deletion, and destruction, and we use access control and encryption technology.

For employees who may have access to your information, we have signed confidentiality agreements with them and established an approval mechanism for information access, internal and external transmission, and decryption. We also conduct regular training related to Personal Data protection to enhance employee privacy protection awareness.

For third parties that provide data Processing services to us (i.e., external companies), we have required them to comply with our data privacy regulations.

If you believe you have found a potential security vulnerability, please inform us by sending an email to support@readmenuai.com.

7. Do Not Track Signals

"Do Not Track" (DNT) is a privacy preference that users can set in some web browsers. We do not recognize or respond to browser-initiated DNT signals, as the internet industry is currently still working to clearly define what DNT means, what is required to comply with DNT, and a common approach to responding to DNT.

8. Your Rights

Subject to applicable law, you have certain rights regarding your Personal Data. These rights include:

Access to your Personal Data: You have the right to request confirmation from us as to whether we are Processing your Personal Data and, if so, to access that Personal Data and receive information regarding how your data is being Processed, as well as to request a copy of your Personal Data from us.

Rectification of your Personal Data: This enables you to have any incomplete, incorrect, or inaccurate data we hold about you corrected.

Erasure of your Personal Data: This enables you to ask us to delete your Personal Data, for example, where the data we hold about you is no longer needed or where your data has been unlawfully Processed.

Object to Processing: You have the right to object to the Processing of your Personal Data and ask us to stop Processing it, for example, where the data is used for direct marketing purposes, or where we are relying on a legitimate interest (or those of a third party). In some cases, we may demonstrate that we have compelling legitimate grounds to Process your information which override your rights and freedoms.

Restriction of Processing: This enables you to ask us to suspend the Processing of your Personal Data in the following scenarios: (a) if you want us to establish the data's accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise, or defend legal claims; or (d) you have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

Receive your Personal Data in a usable electronic format and transmit it to a third party (Data Portability Right): If we are Processing your Personal Data based on your consent or contract, you can ask to receive your Personal Data in a structured, commonly used, and machine-readable format and have this data transmitted to another controller without hindrance.

Withdraw Consent: Where we are relying on consent to Process your Personal Data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any Processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you that require that Personal Data. We will advise you if this is the case at the time you withdraw your consent.

Request not to be subject to a decision based solely on automated Processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Complain to your local data protection authority: You have the right to submit your requests and complaints to your local supervisory authority at any time, especially in the Member State of your habitual residence, place of work, or where the alleged infringement of the GDPR occurred. However, we would appreciate the chance to deal with your concerns before you approach the data protection authority, so please contact us first.

These rights may be limited in some situations - for instance, where we can demonstrate that we have a legal requirement to Process your data (e.g., tax authorities require us to keep it) or where it is necessary for the proper performance of a contract. In some instances, this may mean we can retain the data even if you withdraw your consent. If you wish to exercise any of the rights set out above, please contact us using the details in the "How to Contact Us" section below. You can also update your Personal Information in your profile in the Website settings.

9. Region-Specific Supplemental Terms and Conditions

9.1 Privacy Information for California Residents

9.1.1 Categories of Information Collected and Disclosed

If you are a resident of California, you have certain rights under the California Consumer Privacy Act (CCPA), and we want to provide you with the following additional information regarding the purpose of our use of each category of Personal Information we collect (as defined by CCPA), and the categories of third parties to whom we disclose Personal Information for a business purpose or for cross-context behavioral advertising. This includes our use of third-party analytics services and online advertising services. These are described in detail in our Cookie Policy and may result in the disclosure of online identifiers (e.g., Cookie data, IP address, device identifiers, and Usage Information).

Specifically, your contact information (such as email) or internet network and device information (such as Cookie data and IP address) may be disclosed to online advertising and analytics partners.

For more information on each category of Personal Information, the purposes of use, and the third parties to whom we disclose the Personal Information, please see the "Information We Collect," "How We Use the Information We Collect About You," and "How We Disclose the Information We Collect About You" sections of this Policy.

9.1.2 Other CPRA Rights

We do not offer any financial incentives in exchange for your Personal Information.

The CPRA also allows you to limit the use or disclosure of your Sensitive Personal Information (as defined in the CPRA) when it is used for certain purposes. Please note that we only use or disclose Sensitive Personal Information for business purposes, for which you cannot opt out under the CPRA.

Please refer to the "Your Rights" section above in this Policy for other rights you have regarding your Personal Information under California law and how to exercise those rights.

9.1.3 Retention of Your Personal Information

Please refer to the information under "How Your Information Will Be Stored" in this Policy.

9.1.4 California "Shine the Light" Law Disclosure

The California "Shine the Light" law gives residents of California the right to opt out of the sharing of certain categories of Personal Information (as defined in the Shine the Light law) with third parties for their direct marketing purposes in certain circumstances, or for us to provide a cost-free means for consumers to opt out of any such disclosure. We do not currently disclose your Personal Information to third parties for their direct marketing purposes.

9.2 Privacy Information for European Residents

If you are located in Europe, our basis for Processing Personal Information is the contract concluded with you and its performance (GDPR Article 6(1)(b)).

9.2.2 How Your Information Will Be Transferred Globally

For users located in the European Economic Area, we may transfer Personal Data to law enforcement agencies or other organizations, including those located outside of Europe, for the purposes described in this Policy.

The laws in certain jurisdictions outside of Europe may not be as protective as the data protection laws in Europe. Where your Personal Data is transferred to a country not subject to an adequacy decision by the European Commission, we will ensure that appropriate safeguards (such as EU Standard Contractual Clauses or the third party's binding corporate rules) are implemented for these jurisdictions to ensure an adequate level of protection for your Personal Data.

9.3 Privacy Information for Residents of Mainland China

9.3.1 How Your Information Will Be Stored

Your Personal Information will be stored overseas in the United States.

9.3.2 How Your Information Will Be Transferred Globally

For users located in Mainland China, we may transfer Personal Information to law enforcement agencies or other organizations for the purposes described in the "How We Use the Information We Collect About You" section of this Policy.

We will only transfer your Personal Information in accordance with applicable laws and regulations and will adopt necessary organizational and technical measures to protect your Personal Data. For more information, or to exercise your rights as a data subject, please contact us by email at support@readmenuai.com.

9.3.3 Your Rights

For users located in Mainland China, in addition to the "Your Rights" section of this Policy, you also have the right to cancel your account and the right to request an explanation of how your Personal Information is Processed. To exercise these rights, please contact us using the details in the "How to Contact Us" section below. We will respond to your data subject requests within 15 working days.

10. How This Policy Will Be Updated

We reserve the right to update or modify this Policy at any time. If we do so, we will update the date at the top of its front page accordingly and encourage you to check for changes we have made. When the changes to the Policy will have a fundamental impact on the nature of the Processing or a significant impact on you, we will provide you with advance notice, as required by applicable law, via email or a pop-up banner on the Website to give you an opportunity to exercise your rights. If you do not agree to our revisions of the Policy, you may deactivate your account or discontinue the use of our Service. Please review this Policy periodically for any updates or changes. If you are located in Europe, you will not be required to consent to any changes to this Policy, but you do acknowledge that you have read and understood its terms.

11. How to Contact Us

If you have any questions about this Policy or the Service's user information Processing practices, please feel free to contact us at the following email address: support@readmenuai.com