Privacy & Security
ShowMenu is designed to keep restaurant data isolated, reduce public traffic load, and limit sensitive information exposure.
Tenant isolation
Each restaurant stays in its own workspace, with cached pages, orders, and exports scoped to that tenant only.
Fast public cache
Guests see the restaurant's cached JSON snapshot first so pages stay fast even during busy periods.
Hardened sessions
The app uses CSRF checks, lockouts, secure cookies, and strict request boundaries.
Small uploads
Uploaded images are re-encoded and size-limited to reduce risk, storage use, and bandwidth.
Security controls
- Role-based access control for restaurant, website, and super-admin accounts
- Local JSON and HTML cache files protected by deny rules
- Output escaping and request validation throughout the app
- Optional AdSense / ad settings remain separated from core restaurant data
For full policy wording, see the Privacy Policy.