Privacy Policy
Product: Qastio
Operator: CHATROOM DOO BEOGRAD
Website: https://menuwithai.com/
Version: v1.0
Publication date: 13 May 2026
Status: Final Website Version
Classification: Public / Website Legal Document
Governing law: Republic of Serbia
Operator Details
Legal name | CHATROOM DOO BEOGRAD |
|---|---|
Short name | CHATROOM DOO |
Company registration number | 21844616 |
Tax identification number (PIB) | 113317904 |
Registered seat | Vojvode Stepe 79, 11000 Belgrade, Vozdovac, Republic of Serbia |
ceo@inotium.com | |
Website / Platform domain | https://menuwithai.com/ |
Legal representative | Georgy Ronn, Director |
Contents
1. Purpose and Controller
This Privacy Policy explains how Qastio, operated by CHATROOM DOO BEOGRAD, processes personal data in connection with the website https://menuwithai.com/, mobile or web applications, QR menus, Restaurant dashboards, Supplier interfaces, POS/API integrations, order-management tools, analytics, procurement workflows, support channels, marketing and the voluntary payment module.
The data controller for the core platform is CHATROOM DOO BEOGRAD, registration number 21844616, PIB 113317904, registered seat Vojvode Stepe 79, 11000 Belgrade, Vozdovac, Republic of Serbia, email geoggeronn@gmail.com. The data protection contact is geoggeronn@gmail.com. Depending on the specific processing activity, Qastio may act as an independent controller, joint controller or processor on behalf of a Restaurant or Supplier.
2. Categories of Data Subjects
- Guests using QR menus, table ordering, pickup ordering, website functions or support channels.
- Restaurant representatives, account administrators, staff members and persons acting on behalf of a Restaurant.
- Supplier representatives, logistics partners, manufacturers, distributors and other procurement participants.
- Visitors to the website, users of forms, newsletter subscribers, marketing recipients and support requesters.
- Payment-module users whose payment status, transaction reference or refund/chargeback information is processed through a PSP.
3. Categories of Personal Data
Category | Examples | Source |
|---|---|---|
Identity and contact data | Name, email, phone, business role, company affiliation, dashboard account identifiers. | User, Restaurant, Supplier or onboarding form. |
Order data | Restaurant, order contents, comments, status, pickup/table context, timestamps, support messages and order history where available. | Guest, Restaurant, POS/API, Platform logs. |
Technical data | IP address, device/browser data, session identifiers, security logs, API logs, cookie choices and diagnostic data. | Website, app, infrastructure, analytics and security tools. |
Payment-related data | Payment status, amount, currency, transaction ID, PSP reference, refund status, chargeback status and limited card metadata if provided by PSP. Full card number and CVV are not stored by the Operator. | Licensed PSP, bank, acquirer or payment widget. |
Restaurant staff data | Names, roles, account permissions, actions in dashboard, support interactions and POS/API access logs. | Restaurant, dashboard, Platform logs. |
Marketing and consent data | Communication preferences, consent records, unsubscribe status and cookie category choices. | User actions and consent management tool. |
4. Purposes and Legal Bases
Purpose | Legal basis | Description |
|---|---|---|
Providing the Platform | Contract / pre-contractual steps / legitimate interest | Account creation, QR menu, ordering, dashboard, POS/API functionality, support and service operation. |
Restaurant order handling | Contract / legitimate interest / legal obligation | Routing orders to Restaurants, showing status, resolving technical issues and retaining evidence. |
Procurement and analytics | Contract / legitimate interest | Aggregated demand analysis, SKU-level procurement intelligence, supplier matching and commercial reporting, subject to confidentiality and data minimisation. |
Payment module | Contract / legal obligation / legitimate interest | Payment status routing, PSP integration, refunds, chargebacks, accounting, fraud prevention and support. The PSP processes card data under its own terms. |
Security and fraud prevention | Legitimate interest / legal obligation | Authentication, logs, abuse prevention, incident response, audit and access control. |
Marketing and non-essential cookies | Consent or legitimate interest where permitted | Newsletters, optional promotions, analytics, remarketing and preference-based communications. |
Compliance and dispute resolution | Legal obligation / legitimate interest | Tax, accounting, audit, claims, litigation, regulatory response and evidence preservation. |
5. Recipients and Processors
Qastio may disclose personal data to hosting providers, cloud infrastructure providers, POS integrators, analytics providers, customer support tools, email/SMS providers, security providers, professional advisers, payment providers, banks, acquirers, tax/accounting providers, competent authorities and other parties where required for the relevant service, legal duty or dispute resolution.
Guest personal data is not sold. Restaurant commercial data may be used in aggregated or anonymised form for procurement analysis, market reports and supplier negotiations, subject to confidentiality restrictions and the Data Access Appendix.
6. International Transfers
Data may be processed in Serbia and, where necessary, in other countries by service providers. Where applicable data protection law requires safeguards for international transfers, the Operator uses contractual, technical and organisational safeguards appropriate to the transfer, including data processing agreements and transfer clauses where required.
7. Storage Periods
Data type | Retention approach |
|---|---|
Account and onboarding data | For the duration of the account and thereafter as necessary for audit, tax, dispute and legal obligations. |
Order and payment-status data | For the period necessary to process orders, refunds, chargebacks, accounting, tax and evidence obligations. |
Support correspondence | For the period needed to resolve the request and protect rights. |
Cookie consent records | For the duration needed to evidence the user choice and apply current preferences. |
Aggregated data | May be retained without identifying individuals where it no longer constitutes personal data. |
8. Rights of Data Subjects
Subject to applicable law, data subjects may request access, correction, deletion, restriction, portability, objection, withdrawal of consent and review of automated processing where applicable. Requests may be sent to the Operator at the email shown above. Withdrawal of consent does not affect processing that was lawful before withdrawal or processing based on another legal basis.
9. Security
The Operator applies reasonable technical and organisational measures, including access control, logging, role-based permissions, backups, encryption where appropriate, incident response, confidentiality obligations and supplier controls. No online system can be guaranteed to be uninterrupted or completely secure.
10. Children and Allergens
The Platform is not designed to intentionally collect personal data from children without appropriate lawful basis. Allergen and ingredient information is provided by Restaurants and is not medical advice. Guests with allergies should verify information directly with the Restaurant.
11. Changes
This Policy may be updated by publication on https://menuwithai.com/. Material changes may be notified through the Platform, email, dashboard notice or another available communication channel where required by law.
Operator Details
Field | Value |
|---|---|
Operator | CHATROOM DOO BEOGRAD |
Company registration number | 21844616 |
Tax identification number (PIB) | 113317904 |
Registered seat | Vojvode Stepe 79, 11000 Belgrade, Vozdovac, Republic of Serbia |
ceo@inotium.com | |
Website | https://menuwithai.com/ |
Legal representative | Georgy Ronn, Director |
Final Disclaimer
This document forms part of the Qastio legal documentation made available by the Operator. It does not limit any mandatory rights granted to users under applicable law. Where a specific onboarding, payment, procurement, POS/API integration or supplier arrangement is governed by an additional accepted document, that document applies together with this document and prevails within its specific scope.