M cenaly.ru
Start for free
Back to Home

Cookie Policy – meni.ge Admin Application

Last updated: 5 February 2026

This Cookie Policy explains how Individual Entrepreneur Aleksandr Verbitskii (Identification Number 345820891) ("we", "us", "our") uses cookies and similar technologies in the meni.ge admin application available at https://admin.meni.ge (the "Admin Application").

This Cookie Policy should be read together with our Privacy Policy available at https://meni.ge/privacy

Important: This policy is specifically for the Admin Application used by restaurant owners and staff. For the customer-facing application (available at meni.ge and via QR codes), please see the separate Cookie Policy at https://meni.ge/cookies

Language and translations: This Cookie Policy is drafted in English and the English version is the original and legally binding version. Any versions of this Cookie Policy that you may see in other languages are generated by machine translation and are provided solely for your convenience. In the event of any inconsistency or conflict between a translated version and the English version, the English version shall always prevail.


1. What are cookies and similar technologies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website or use an application. Cookies are widely used to make websites and applications work efficiently and provide information to the owners.

Types of cookies by lifespan:

  • Session cookies – temporary cookies that expire when you close your browser
  • Persistent cookies – cookies that remain on your device for a set period or until you delete them

Similar technologies:

In addition to cookies, we use similar technologies such as:

  • Local storage – data stored in your browser for functionality and authentication
  • Session storage – temporary data stored during your browsing session
  • IndexedDB – client-side database for caching and offline functionality

Throughout this Policy, we refer to cookies and similar technologies collectively as "cookies" unless otherwise specified.


2. Overview: What we use and don't use

✅ What we DO use:

  • Essential cookies and local storage – necessary for authentication, security, and core functionality
  • Sentry error monitoring – for identifying and fixing technical issues
  • AWS services – for hosting, authentication (Cognito), and content delivery (CloudFront CDN)

❌ What we DON'T use:

  • No advertising or marketing cookies – we do not track you for advertising purposes
  • No analytics cookies – we do not use Google Analytics, Firebase Analytics, Meta Pixel, or similar tools
  • No third-party tracking – we do not share your data with advertisers or data brokers
  • No cookie consent banner required – since we only use essential cookies for a B2B service

Legal basis: All cookies we use are strictly necessary for providing the Admin Application service you requested (GDPR Article 6(1)(b) - performance of contract, and Article 5(3) of the ePrivacy Directive exemption for technically necessary cookies).


3. Essential cookies and technologies

These cookies and similar technologies are necessary for the Admin Application to function. Without them, you would not be able to log in, manage your restaurant's data, or use core features.

3.1 Authentication and session management

Purpose:

  • User authentication via AWS Cognito
  • Maintaining your login session
  • Security and CSRF protection
  • Supporting multiple login methods (email/password, Google OAuth, QR code)
\n\n**Technologies used:**
Name Type Storage Duration Purpose
AWS Cognito tokens Local Storage Browser Session or persistent (if "remember me" selected) Authentication tokens (IdToken, AccessToken, RefreshToken) stored by AWS Amplify
meni_login_method Local Storage Browser Persistent until logout Stores your login method (password/google/loginCode)
meni_qr_navigation Local Storage Browser Persistent until logout Navigation settings for QR code logins
meni_current_login_code Local Storage Browser Persistent until logout Current login code for QR sessions
meni_qr_session_id Local Storage Browser Persistent until logout QR session identifier

Legal basis: GDPR Article 6(1)(b) - necessary for the performance of the contract (providing the Admin Application service) and Article 5(3) of the ePrivacy Directive (technically necessary)

Can you disable them? No. These are essential and cannot be disabled without preventing the Admin Application from working. When you sign out, authentication data is automatically cleared from local storage.

3.2 Application functionality

Purpose:

  • Storing your preferences (language, display settings)
  • Caching data for better performance
  • Enabling offline functionality
  • Managing UI state

Technologies used:

Name Type Storage Duration Purpose
Language preference Local Storage Browser 1 year Remembers your preferred interface language
User preferences Local Storage Browser Persistent Various UI settings and preferences
Cached data IndexedDB Browser Until manually cleared or data updated Cached menu data, images, and other content for faster loading

Legal basis: GDPR Article 6(1)(b) - necessary for the performance of the contract and enhancing the service functionality you requested

Can you disable them? Partially. You can clear browser data, but this will reset your preferences and require re-downloading cached data.

3.3 Security cookies

Purpose:

  • Cross-Site Request Forgery (CSRF) protection
  • Secure authentication flows
  • Session validation

Technologies used:

Name Type Storage Duration Purpose
CSRF tokens Session Storage / Cookies Browser Session Prevents unauthorized actions on your behalf
Session validation tokens HTTP-only cookies Browser Session Validates your session on server-side API requests

Legal basis: GDPR Article 6(1)(b) and 6(1)(f) - necessary for the performance of the contract and legitimate interests in protecting the security of our service

Can you disable them? No. These are essential security measures.


4. Error monitoring and diagnostics

We use Sentry (https://sentry.io) for error monitoring and diagnostics. This helps us identify and fix technical issues quickly.

4.1 What Sentry collects:

  • Error messages and stack traces – technical information about errors that occur
  • Browser and device information – browser version, operating system, screen size (no personal identifiers)
  • User actions leading to errors – what you clicked or did before an error occurred (anonymized)
  • Performance data – page load times, API response times

4.2 What Sentry does NOT collect:

  • Your personal information (name, email) – we anonymize user identifiers
  • Your restaurant's menu data or customer orders
  • Authentication tokens or credentials
  • Payment information

4.3 Sentry cookies and technologies:

Name Type Purpose
Sentry Session Replay data Local Storage Captures anonymized user interactions to help debug errors
Sentry breadcrumbs Memory only Tracks user actions in memory (cleared on page refresh)

Legal basis: GDPR Article 6(1)(f) - legitimate interests in maintaining service quality, fixing bugs, and ensuring service reliability

Data location: Sentry stores data in the European Union (Germany region)

Retention: Error data is retained for 90 days, then automatically deleted

Privacy Policy: https://sentry.io/privacy/

Can you opt out? Error monitoring is essential for service reliability. However, we anonymize all personal identifiers before sending data to Sentry.


5. AWS services

We use Amazon Web Services (AWS) for hosting, authentication, and content delivery.

5.1 AWS Cognito (Authentication)

  • Purpose: User authentication and identity management
  • Data stored: User credentials, authentication tokens, user profile information
  • Location: US East (N. Virginia) region
  • Privacy Policy: https://aws.amazon.com/privacy/

5.2 AWS CloudFront (CDN)

  • Purpose: Content delivery network for faster loading of static assets (images, menus)
  • Cookies: CloudFront may set cookies for load balancing and request routing
  • Type: Essential (strictly necessary for content delivery)
  • Privacy Policy: https://aws.amazon.com/privacy/

5.3 AWS S3 (Storage)

  • Purpose: Storing your restaurant's data (menus, images, settings)
  • Cookies: None (API-based access)
  • Locations:
    • EU Central (Frankfurt) – for customer-facing menu data (cdn.meni bucket)
    • US East (N. Virginia) – for user account data (data.meni bucket)

6. No advertising or analytics

We explicitly DO NOT use:

  • Google Analytics
  • Firebase Analytics
  • Meta Pixel (Facebook Pixel)
  • Google Tag Manager
  • Hotjar or similar heatmap tools
  • Advertising networks or retargeting pixels
  • Cross-site tracking cookies

Why? The Admin Application is a B2B tool for restaurant owners. We do not need to track your behavior for marketing purposes. We respect your privacy and focus solely on providing a reliable service.


7. How to manage cookies and local storage

7.1 Sign out to clear authentication data

When you sign out of the Admin Application, we automatically clear:

  • Authentication tokens
  • Login method information
  • QR session data
  • User-specific preferences

7.2 Browser settings

You can manage cookies and local storage through your browser settings:

Google Chrome:

  • Settings > Privacy and security > Cookies and other site data
  • Settings > Privacy and security > Site Settings > View permissions and data stored across sites

Mozilla Firefox:

  • Settings > Privacy & Security > Cookies and Site Data
  • Settings > Privacy & Security > Manage Data

Safari:

  • Preferences > Privacy > Manage Website Data

Microsoft Edge:

  • Settings > Cookies and site permissions > Manage and delete cookies

Brave:

  • Settings > Shields > Cookies and other site data

To clear local storage:

  1. Open browser Developer Tools (F12)
  2. Go to "Application" or "Storage" tab
  3. Find "Local Storage" and "IndexedDB"
  4. Delete data for https://admin.meni.ge

7.3 Impact of blocking cookies

If you block or delete essential cookies:

  • ❌ You will not be able to log in
  • ❌ Authentication will not work
  • ❌ You will not be able to access your restaurant's data
  • ❌ The Admin Application will be unusable

If you clear cached data (IndexedDB):

  • ⚠️ Pages may load slower until data is re-cached
  • ⚠️ You may experience brief delays when loading menus or images
  • ✅ No loss of data – everything is stored on our servers

8. Cookies and personal data

Some cookies and local storage data contain personal information, including:

  • User identifiers – your AWS Cognito user ID (sub)
  • Authentication tokens – JWT tokens containing your email and user metadata
  • Session information – linked to your account

We handle this data in accordance with our Privacy Policy and applicable data protection laws (GDPR, CCPA, etc.).

Your rights:

  • Access – view what data is stored in cookies and local storage
  • Delete – clear cookies and local storage at any time (impact described in Section 7.3)
  • Data portability – request a copy of your data (see Privacy Policy)
  • Erasure – request deletion of your account and all associated data

For more information, please see our Privacy Policy at https://meni.ge/privacy or https://admin.meni.ge/privacy (both link to the same document)


9. Third-party services

The Admin Application integrates with the following third-party services:

Service Purpose Privacy Policy Location
AWS Cognito Authentication https://aws.amazon.com/privacy/ USA
AWS S3 Data storage https://aws.amazon.com/privacy/ USA, EU
AWS CloudFront Content delivery https://aws.amazon.com/privacy/ Global CDN
Sentry Error monitoring https://sentry.io/privacy/ EU (Germany)
Google OAuth Optional login method https://policies.google.com/privacy USA

We do not control how these third parties use cookies. Please review their privacy policies for more information.

Google OAuth: If you choose to sign in with Google, Google may set their own cookies for authentication purposes. We only receive your email address and name from Google – we do not track your Google activity.


10. Updates to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in technology, legal requirements, or our practices.

When we make material changes:

  • We will update the "Last updated" date at the top
  • We may notify you through the Admin Application
  • Continued use of the service after changes constitutes acceptance

We encourage you to review this Cookie Policy periodically.


11. International users and compliance

We serve restaurant owners globally and comply with cookie and privacy laws in different jurisdictions.

11.1 European Union / EEA / UK

Under the ePrivacy Directive (Cookie Law) and GDPR:

  • ✅ We only use essential cookies (exemption under Article 5(3) of Directive 2002/58/EC as amended by Directive 2009/136/EC)
  • ✅ No cookie consent banner required (all cookies are strictly necessary for the provision of the service explicitly requested by you)
  • ✅ We provide transparent information about cookies and their purposes as required by GDPR Article 13
  • ✅ You can delete cookies at any time through browser settings

Data transfers: We use AWS services in the USA. Data transfers are protected by:

  • AWS Standard Contractual Clauses (SCCs)
  • AWS Data Processing Addendum (DPA)
  • Adequate safeguards under GDPR Article 46

11.2 United States

Under state privacy laws (CCPA, CPRA, VCDPA, etc.):

  • ✅ We disclose the use of cookies and similar technologies
  • ✅ We do not sell personal information collected through cookies
  • ✅ We do not use cookies for cross-context behavioral advertising
  • ✅ Essential cookies are exempt from opt-out requirements (necessary for service provision)

11.3 Other countries

We comply with cookie and privacy laws in countries where we operate, including:

  • Russia (Federal Law No. 152-FZ)
  • Brazil (LGPD)
  • Canada (PIPEDA)
  • Australia (Privacy Act)
  • Japan (APPI)
  • China (PIPL)
  • Turkey (KVKK)
  • Switzerland (nFADP)
  • Georgia (Law of Georgia on Personal Data Protection)

For country-specific privacy provisions, please see Section 14 of our Privacy Policy.


12. Contact us

If you have questions about our use of cookies or this Cookie Policy, please contact us:

Individual Entrepreneur Aleksandr Verbitskii
Registered in the Republic of Georgia
Email: info@meni.ge

Postal address:
6010, საქართველო, ქალაქი ბათუმი, გრიგოლ ელიავას ქუჩა, N 32ე, სართული 2, ბინა N201ა

For general privacy questions, please see our Privacy Policy at https://meni.ge/privacy or use our data deletion page at https://meni.ge/privacy/delete


13. Summary for quick reference

Aspect Admin Application (admin.meni.ge)
Cookie consent banner? ❌ No – we only use essential cookies
Advertising cookies? ❌ No advertising or marketing cookies
Analytics cookies? ❌ No Google Analytics, Firebase, or similar
Essential cookies? ✅ Yes – for authentication and security only
Local storage? ✅ Yes – for auth tokens and preferences
Error monitoring? ✅ Yes – Sentry (anonymized, EU-hosted)
Third-party tracking? ❌ No cross-site tracking or data sharing
Can you use the app without cookies? ❌ No – essential cookies are required
Can you delete cookies anytime? ✅ Yes – through browser settings or sign out
GDPR compliant? ✅ Yes – essential cookies exemption applies

Last reviewed: 5 February 2026
Next review: 5 August 2026