Data Processing Agreement
Last updated: 29 May 2026
This Data Processing Agreement (“DPA”) forms part of the Terms of Service between Menu Ember Technologies Ltd. (“Ember”, “Processor”) and the restaurant operator (“Operator”, “Controller”) who uses the Ember platform.
This DPA governs the processing of personal data by Ember on behalf of the Operator, in compliance with the Ghana Data Protection Act 2012 (Act 843), the Nigeria Data Protection Act 2023 (NDPA), and the EU General Data Protection Regulation (GDPR) where applicable.
1. Definitions
| Term | Definition |
|---|---|
| Personal Data | Any information relating to an identified or identifiable natural person |
| Data Controller | The Operator, who determines the purposes and means of processing diner data |
| Data Processor | Ember, who processes personal data on behalf of the Operator |
| Sub-Processor | A third party engaged by Ember to process personal data on behalf of the Operator |
| Processing | Any operation performed on personal data, including collection, storage, use, disclosure, erasure, or destruction |
| Data Subject | A diner or other individual whose personal data is processed |
| Data Breach | A breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data |
2. Scope and Duration
This DPA covers the processing of diner personal data that Ember performs on behalf of the Operator in the course of providing ordering, reservation, review, and kitchen queue management services. It is effective from onboarding acceptance and remains in effect for the duration of the Operator's use of the Platform.
3. Nature and Purpose of Processing
- Receiving, recording, and routing food orders
- Processing payments for orders and reservation deposits via Paystack
- Sending transactional emails (order confirmations, reservation confirmations)
- Displaying and moderating diner reviews
- Managing reservation bookings and cancellations
- Providing order history, analytics, and kitchen queue management
- Coordinating order handoff with diners' self-arranged couriers
4. Types of Personal Data Processed
| Category | Specific Data |
|---|---|
| Diner Identity | Full name |
| Diner Contact | Phone number, email address (where provided) |
| Order Data | Items, quantities, totals, payment status, order type, pickup time, queue position, status timestamps |
| Courier Contact | Third-party courier name and phone (provided by diner) |
| Review Data | Star rating, review text |
| Reservation Data | Date, time slot, guest count, deposit status |
| Technical Data | IP address (for rate limiting and security only) |
5. Categories of Data Subjects
- Diners: Individuals who place orders, make reservations, or submit reviews
- Courier contacts: Third parties whose contact details are provided by diners for order collection
6. Operator Obligations (Controller)
- Ensure processing complies with applicable data protection laws
- Provide Ember with documented, lawful instructions for processing
- Ensure there is a valid legal basis for processing diner data
- Not instruct Ember to process data in a manner that would violate applicable laws
7. Ember's Obligations (Processor)
7.1 Documented Instructions
Process personal data only on the Operator's documented instructions, unless required by applicable law.
7.2 Confidentiality
Ensure that all persons authorised to process personal data are bound by confidentiality obligations.
7.3 Security Measures
- Row-Level Security (RLS) on all database tables
- Encryption at rest (AES-256) and in transit (TLS 1.2+)
- HMAC-SHA512 webhook signature verification
- Sliding-window rate limiting on all API endpoints
- Sanitised error responses
- Role-based access control
- OTP and magic link authentication
7.4 Sub-Processors
Ember engages the sub-processors listed in Section 9. Ember will notify the Operator at least 14 days before engaging any new sub-processor. If the Operator objects, the parties will work in good faith to resolve the objection.
7.5 Data Subject Rights
Ember will assist the Operator in responding to data subject rights requests (access, correction, deletion, portability, objection, restriction) and will forward any requests received directly.
7.6 Breach Notification
Ember will notify the Operator of any data breach within 72 hours of becoming aware, including the nature, likely consequences, and mitigation measures taken. See Section 10.
8. Restrictions on Processing
Ember shall not:
- Process data for any purpose not described in this DPA
- Sell personal data to any third party
- Use personal data for advertising profiles or direct marketing
- Transfer data to jurisdictions without adequate safeguards
9. Sub-Processor List
| Sub-Processor | Purpose | Data Accessed |
|---|---|---|
| Supabase | Database hosting, authentication | All platform data |
| Paystack | Payment processing | Transaction amounts, references |
| Resend | Transactional email | Email, order/reservation details |
| Twilio | OTP/SMS verification | Phone number |
| Anthropic | AI review moderation, menu parsing | Review text, menu content |
| Sentry | Error monitoring | IP address, browser metadata |
| Vercel | Application hosting | HTTP request metadata |
| Upstash | Rate limiting | IP address (hashed) |
| Inngest | Background jobs | Job metadata |
| Cloudflare | Image CDN | Dish media (no PII) |
| Toast / Square / Lightspeed / Clover | POS integration (if connected) | Menu and order data |
10. Data Breach Notification
In the event of a Data Breach, Ember will notify the Operator without undue delay and within 72 hours, including:
- Nature of the breach and approximate number of data subjects affected
- Contact details for further information
- Likely consequences of the breach
- Measures taken or proposed to mitigate the breach
The Operator is responsible for assessing whether the breach triggers notification obligations to supervisory authorities or data subjects.
11. Data Deletion and Return
Upon termination of the Operator's account, Ember will delete or anonymise all personal data within 90 days, except where retention is required by law. Upon written request (within 30 days of termination), Ember will provide a data export in JSON or CSV format.
12. Governing Law
This DPA is governed by the laws of the Republic of Ghana. Disputes shall be resolved in accordance with the dispute resolution provisions of the Terms of Service.
By clicking “Agree and Go Live” during the Ember onboarding process, the Operator acknowledges that they have read, understood, and agreed to this Data Processing Agreement.
© 2026 Menu Ember Technologies Ltd. All rights reserved.