Privacy Policy

This Privacy Policy describes how Legacy Sync LLC, doing business as Rail.menu ("Rail.menu," "we," "us," or "our"), collects, uses, and shares information in connection with the Rail.menu service (the "Service"). The Service has two audiences:

• Venue operators who sign in to the administrative dashboard to manage their menu, branding, and display settings.
• Dinerswho view a venue's menu through a Rail.menu URL (typically by scanning a QR code at the table).

What we collect, and how we handle it, differs between these two audiences. Sections 2 and 3 below cover each.

When you create or use a Rail.menu operator account, we collect:

• Account information. Email address, password (stored as a salted hash by our authentication provider), and the venue you are associated with.
• Authentication metadata. Sign-in times, IP addresses associated with sign-in attempts, and session identifiers. Used to keep your session active and to investigate suspicious activity.
• Customer Data you enter. Menu items, prices, descriptions, ingredient and allergen information, images, branding settings, and any other content you input into the administrative dashboard. Customer Data is your data; we host and process it to provide the Service per our Terms of Service.
• Communications. If you contact us by email or support form, we keep the conversation for service-history purposes.

The diner-facing menu is intentionally minimal. When a diner opens a Rail.menu URL we collect:

• Standard server logs. IP address, browser type and version, requested URL, referrer, and timestamp. Used for security, debugging, and aggregate traffic analysis. Standard server logs are retained for up to 30 days.
• Browser language preference.Read from the browser's Accept-Language header to render the menu in the diner's preferred language. Not stored.
• Local preferences.If a diner toggles the large-text accessibility setting, that preference is stored in the diner's own browser via localStorage. It never leaves the device.

We do not require diners to create accounts. We do not run advertising trackers, analytics pixels, or third-party cookies on the diner-facing menu. We do not knowingly collect personally identifiable information from diners.

We use the information described above to:

• provide, maintain, and improve the Service;
• authenticate operator sign-ins and protect accounts;
• render the venue's menu in the diner's preferred language;
• investigate and respond to suspected misuse, abuse, or security incidents;
• communicate with operators about service-related matters; and
• comply with legal obligations.

We do not sell or rent personal information. We do not use operator or diner information to train artificial intelligence models.

We share information only as needed to operate the Service, and only with service providers bound by confidentiality and data-handling obligations. Our principal service providers are:

• Supabase - database, authentication, and file storage.
• Vercel - application hosting and content delivery.
• Resend - transactional email delivery (magic links, password resets, email change confirmations).

We may also disclose information when required by law, in response to a valid legal process, or to protect the rights, property, or safety of Rail.menu, our users, or others. If Rail.menu is involved in a merger, acquisition, or sale of all or substantially all of its assets, information may be transferred as part of that transaction, subject to the receiving party honoring this Policy.

The diner-facing menu does not set tracking cookies or use third-party advertising technologies. A small amount of local browser storage (localStorage) is used to remember per-device accessibility preferences such as large-text mode; this data stays on the device and is not transmitted to us.

The operator-facing dashboard uses essential cookies set by our authentication provider to keep operators signed in. These are functional cookies required for the Service to work; they are not used for advertising or cross-site tracking.

We retain operator account information for as long as the account is active and for a reasonable period afterward to satisfy legal, accounting, and dispute-resolution obligations. Per our Terms of Service, Customer Data remains available for export for thirty (30) days after termination, after which we may delete it.

Server logs are retained for up to thirty (30) days unless a longer retention is required to investigate a specific incident.

We use commercially reasonable administrative, technical, and physical safeguards to protect information, including encryption in transit (TLS), hashed password storage, and access controls on our infrastructure. No system is perfectly secure; we cannot guarantee that data will not be accessed, disclosed, altered, or destroyed by breach of those safeguards.

Depending on where you live, you may have rights regarding your personal information, including the right to access, correct, delete, or restrict its use. To exercise any of these rights, email privacy@legacy-sync.com from the email address associated with your operator account. We will respond within a reasonable time and in accordance with applicable law.

California residents. California law provides additional rights to California consumers, including the right to know what categories of personal information we collect, the right to request deletion, and the right not to be discriminated against for exercising those rights. We do not sell personal information.

The Service is intended for venue operators and adult diners. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, contact privacy@legacy-sync.com and we will take appropriate action.

Rail.menu is operated from the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States. By using the Service, you consent to that transfer.

We may update this Privacy Policy from time to time. Material changes will be posted with a new effective date at the top of this page. Your continued use of the Service after the new effective date constitutes acceptance of the revised Policy.

Questions, requests, or concerns regarding this Policy may be directed to privacy@legacy-sync.com. Postal mail may be sent to Legacy Sync LLC at the address published on rail.menu.