MenuList
How It WorksFeaturesPricingMulti-Location
LoginCreate your MenuList →

Trust & Security

Your business data is safe here.

We have built MenuList from the ground up with security and data integrity as non-negotiable foundations — not features. Here is exactly how we protect your business.

Security at a glance

For technical owners and their teams — the facts, plainly stated.

Password breaches possibleZero — we store no passwords
Data sold to third partiesNever
Cross-account data accessImpossible by design
Infrastructure providerGoogle Cloud / Firebase
Transit encryptionTLS/HTTPS everywhere
Webhook verificationHMAC-SHA256 signed

How we protect your business

Eight layers of security and data integrity built into the platform.

Your data, your ownership

Your menu, your business information, and your customer-facing content belong to you. MenuList does not sell, share, or monetise your business data.

  • You can export your data at any time
  • Deleting your account removes your data from our systems
  • We do not sell data to third parties — ever

Isolated by design

Every business on MenuList operates in a completely isolated environment. Your data is logically separated from every other business on the platform — at the database level.

  • Tenant ID and Store ID enforced on every database query
  • No shared data between businesses
  • Firestore security rules prevent cross-account access

Authentication without passwords

MenuList uses industry-standard OAuth via Google Sign-In. We never store passwords — there are no passwords to breach.

  • Powered by NextAuth.js — industry standard
  • Google OAuth — the same login billions of people trust daily
  • Session tokens expire automatically

HTTPS everywhere

Every connection to MenuList — your dashboard, your public menu pages, your official page — is encrypted in transit.

  • TLS/SSL on all endpoints
  • Customer-facing menu pages served over HTTPS
  • No unencrypted data in transit

Built on Google Cloud

MenuList runs on Firebase and Google Cloud infrastructure — the same foundation trusted by millions of production applications worldwide.

  • Firebase Firestore for real-time, secure data storage
  • Google Cloud infrastructure with 99.95% SLA
  • Automated backups handled by Google infrastructure

Webhook security

If you use integrations like POS Webhook Sync, every request is signed with HMAC-SHA256. Your endpoint can verify the request is genuinely from MenuList.

  • HMAC-SHA256 signatures on all outbound webhooks
  • Secret keys stored securely, never exposed in UI
  • Replay attack prevention built in

Privacy-conscious analytics

Customer analytics are passive and aggregate-only. We track menu engagement patterns — never personal identities. We don't know who your customers are.

  • No personal customer data collected
  • Aggregate behaviour patterns only (views, clicks, timing)
  • GDPR-aware design — no PII in analytics pipeline

Menu data integrity

Every menu save goes through automatic validation. Incomplete data, missing prices, or broken items are caught before they can reach your customers.

  • Client-side validation on every save
  • Menu Correctness Engine runs automatically
  • Published surfaces always reflect validated data

Found a security issue?

We take security reports seriously. If you discover a vulnerability, please contact us directly before public disclosure so we can address it promptly.

Reach us at security@menulist.ai

Built to be trusted.

Security is not a feature we added — it is the foundation we built on.

Create your MenuList →
MenuList

Where your menu lives.

hello@menulist.ai

Product

  • How It Works
  • Features
  • Multi-Location
  • Pricing
  • About

Legal

  • Privacy Policy
  • Terms of Service
  • Refund Policy
  • Trust & Security
  • Contact

© 2026 MenuList. Built in India.

Official menu pages. Built to be found.