Leer este artículo en español →

The screen asks for your POS login. Or it asks you to drop in your sales export — “just paste your last month so we can show you what you’re leaving on the table.” The cursor is blinking in the box. This is the moment the whole question lives in: not after you’ve typed, after the report has already scrolled past and the damage is done, but right here, before the first real number leaves your hand. Before you type a real number into any free restaurant tool, you can find out in under a minute whether that number ever leaves your browser. That is the entire job of this page.

Because most “free margin audit” tools have a price tag — it’s just paid in data. The pattern is well-worn: you type your real ticket, your real food cost, your real labor — and the tool returns a number. It also tends to return sales reps in your inbox by morning, each with a proposal built on numbers that were never supposed to leave your office. The tool was the funnel. Your numbers were the qualifier.

The pattern hides because nobody asks the obvious question at the cursor: where do my inputs go the moment I type them? So treat what follows as a walkthrough you run with the sign-up screen still open in front of you — five tests, four data tiers, one worked example, and a verdict tree that ends in a plain keep-or-walk-away call on the exact tool you’re looking at. The tools that pass will tell you so, plainly. The tools that fail are about to explain why the tests don’t apply to them. That’s the tell.

The screen wants your real numbers before it gives you anything. The one minute before you type is the only leverage you’ll ever have over that tool — spend it.

1. The five tests — run before you type

Open DevTools ↗ on whatever tool you're evaluating (Cmd+Opt+I on Mac, Ctrl+Shift+I on Windows). Five questions:

  1. Does typing a number trigger a network request? Open the Network tab. Type. If the request list grows on every keystroke, the tool is silently sending your inputs to a server. Walk away.
  2. Is the privacy claim at the point of input? A trustworthy tool tells you what it does with your data where you're typing — not in a footer link three clicks deep.
  3. Is there an account / newsletter / cookie gate? “Enter your email to see your results” means your numbers are the price of admission. The tool is not free.
  4. Are there third-party analytics, session replay, or marketing scripts? Filter the Network tab by JS. If you see Google Analytics, Meta Pixel, HubSpot, FullStory, Hotjar — your inputs are being recorded by surveillance vendors who weren't even part of the deal you thought you were making.
  5. Is the source code readable? Right-click → View Source. A small, readable, unminified script is a tool you can audit. A 4-megabyte minified bundle from a SaaS framework is a tool you can't.

Pass all five and the tool is at least honest about its data flow. Fail any of them and the tool either doesn't know or doesn't want you to know — both are reasons to leave.

Each test has a tell you can read at a glance. Here is what a safe signal looks like beside the red flag it’s standing in for — same five tests, sorted into the two columns you’re actually deciding between.

Safe signal You type a full number and the Network tab stays still — nothing fires until you choose to submit.
Red flag A request lands on every keystroke. The tool is shipping your inputs to a server in real time, before you press anything.
Safe signal The privacy claim sits right where you type, in plain sight, telling you what happens to the number you’re about to enter.
Red flag The only privacy language is a footer link three clicks deep — or there isn’t one at the input at all.
Safe signal The result loads with no account, no email box, no cookie wall standing between you and the number you came for.
Red flag “Enter your email to see your results.” Your numbers are the price of admission — the tool is not free.
Safe signal Filter Network by JS and the origins are familiar — no surveillance vendor sitting on the inputs you typed.
Red flag Google Analytics, Meta Pixel, HubSpot, FullStory, or Hotjar are loaded — watchers who were never part of the deal.
Safe signal View Source shows a small, unminified script with every function named — a tool you can actually audit.
Red flag A four-megabyte minified SaaS bundle. You can’t read what it does, which means you can’t verify a word of the pitch.
  1. 1

    Network on keystroke

    Open Network tab, type a number. If the request list grows per keystroke, the tool is silently shipping inputs to a server. Fail = walk away.

  2. 2

    Privacy at the point of input

    A trustworthy tool tells you what it does with your data where you are typing — not in a footer link three clicks deep. Fail = walk away.

  3. 3

    Account / email / cookie gate

    “Enter your email to see your results” means your numbers are the price of admission. The tool is not free. Fail = walk away.

  4. 4

    Third-party scripts

    Filter Network by JS. GA, Meta Pixel, HubSpot, FullStory, Hotjar — surveillance vendors who were never part of the deal. Fail = walk away.

  5. 5

    Readable source

    Right-click → View Source. Small, unminified, every function named = auditable. 4MB minified SaaS bundle = you cannot. Fail = walk away.

The five tests in run-order. Any one failure ends the audit; pass all five and the tool is at least honest about its data flow.

2. The four-tier model — what to share, where

Most small-business owners carry all their data in the same mental bucket — which means the supplier list and the tax ID get the same protection (often the same low level of it). Four tiers, each with a different audience and a different level of caution:

  • Tier 1 — Public. Menu, hours, photos, address, phone, schema.org markup. Optimize aggressively; this is how customers find you.
  • Tier 2 — Competitive-sensitive. Cost of goods, supplier list, your actual commission tier (not the public rate), labor schedule template. Share with bookkeeper / consultant / broker — under NDA. Not with platforms, competitors, or “free audit” tools that keep your input.
  • Tier 3 — Operational-confidential. Monthly P&L, actual food cost %, customer pipeline, employee schedules. Inside the business only. POS vendor, payroll, accountant — and only under written contract.
  • Tier 4 — Regulated. SSN, EIN, customer card data, bank details, food-safety logs, I-9s. Encrypted storage, access logging, contracts with cybersecurity terms. Never email. Never in a shared spreadsheet.

The principle: data never flows up a tier. A Tier 3 vendor doesn't get Tier 4 access just because they asked. A Tier 1 audience (a platform, a listing site) doesn't get Tier 2. The easiest way to reduce your attack surface is to stop volunteering data that wasn't actually required.

Tier 1: Public data flows fully open T1

PublicMenu, hours, photos, address. Optimize aggressively.

Tier 2: Competitive-sensitive data flows under NDA only T2

Competitive-sensitiveSuppliers, costs, real commission tier. NDA only.

Tier 3: Operational-confidential data stays inside the business under written contract T3

Operational-confidentialP&L, food cost, pipeline, schedules. Contract only.

Tier 4: Regulated data is encrypted only, never email, never shared spreadsheets T4

RegulatedSSN, EIN, card data, I-9s. Encrypted only. Never email.

Four tiers, four allowable audiences. The ring shrinks as the data tightens. The single rule: data never flows up a tier.

3. What “safe” looks like — the worked example

Here's the standard every tool on this site is held to. Nine claims about how every Muntin tool handles your inputs, each one verifiable in your own browser. Tap any claim to see the DevTools step that confirms it.

The full version with each claim's specific DevTools verification step lives at /security/. Four of them (1, 2, 4, 5) are build invariants — the cohesion-check pass that runs on every deploy fails CI if a future tool ships a forbidden pattern. So “verifiable” isn't marketing copy; it's a contract enforced by the build, with a public hash of the production bundle published at /security/integrity.txt.

The claim that the build won’t let slide

Four of the nine claims — 1, 2, 4, and 5 — are enforced as build invariants, not promises. A tool that ships a forbidden pattern fails the deploy outright. That’s the difference the tree below is built to read: a claim a vendor can quietly break the week after you sign up versus one a machine re-checks on every release. Read your own audit the same way — worst failure first, and let the first hard fail decide it.

So stop reading the five tests as a checklist and read them as a verdict. Walk the spine top to bottom; the first branch that fires hands you a keep-or-walk-away call on the exact tool in front of you, and you’re done.

  1. 1Did a request fire on a keystroke?

    The most serious failure, and it overrides every check below. A request per keystroke means the tool is streaming your raw inputs to a server before you ever press submit.

    Walk away Yes — this is the one failure that ends the audit on its own, no matter how clean the rest looks.

    Keep checking No — inputs stay on the page so far. Drop to the next gate.

  2. 2Is there an account / email / cookie gate?

    “Enter your email to see your results” means the numbers are the cost of entry. The tool is not free; it is a lead-capture funnel wearing a calculator costume.

    Walk away Yes — unless you would hand those exact numbers to the vendor's sales team by name, decline.

    Keep checking No gate — nothing stands between you and the result. Continue.

  3. 3Are third-party surveillance scripts recording?

    Meta Pixel, FullStory, Hotjar, HubSpot — vendors who were never part of the deal you thought you were making. Even if inputs stay client-side, watchers you never approved are on the page.

    Not free, watched Yes — a soft fail. Usable only if the surveillance is genuinely incidental and nothing financial reaches it.

    Last gate No watchers — one honest check left.

  4. 4Readable source + privacy claim at the input?

    A small, unminified script you can read in five minutes, with the privacy line sitting next to where you type — not buried in a footer. This is the standard every Muntin tool meets and enforces as a build invariant.

    Safe to use Yes — the tool is at least honest about its data flow, and you can confirm it yourself in the browser.

    Walk away No — a tool you cannot audit is a tool asking for trust it has not earned.

The same five tests read as a verdict, worst failure first: one keystroke leak ends it; a clean source with the privacy claim at the input is the only path to “safe to use.”

"Verifiable" should be a build flag, not a marketing claim. If the only proof is the brochure, treat it as the brochure.

4. Run the audit

The 5-test framework is also an interactive checklist at /learn/checklists/audit-any-tool/ — walk through it with DevTools open on any tool you're evaluating. Save the result to your Workshop as a baseline; re-run it whenever a vendor pushes a “new feature.”

And if you find a tool that fails the audit but you can't tell whether it's malicious or just sloppy, write through The Window and tell me about it. I read every one. The pattern of free tools that quietly turn operators into the product is worth naming — out loud, with the tool's name attached.

Tell us

Be the first field note on this piece.

Tried this in your own restaurant? 100–400 words, your name on it. Don reads every one. Your note shows up here once approved.

Sources & further reading

OWASP — client-side data exposure

OWASP — OWASP's ongoing guidance on client-side data exposure underpins Test 4 (third-party scripts) and the principle that any input typed into a page reachable by GA, Pixel, or session-replay vendors should be treated as published. The categories of script flagged in Test 4 (analytics, session replay, marketing) map to OWASP's "untrusted client-side data" risk class.

NIST data classification frameworks

NIST data classification frameworks — The four-tier data model in this post is operator-friendly framing of NIST SP 800-60 Volume I — the federal data-classification framework that distinguishes Public / Sensitive / Confidential / Regulated. The vocabulary differs; the principle ("data never flows up a tier without a contract") is the same one NIST applies to federal information systems.

RFC 3986 — URL fragment behavior

RFC 3986 — The "shareable scenario links use the URL fragment" claim relies on RFC 3986 §3.5: browsers do not transmit the fragment portion of a URL to the server in HTTP requests. This is what makes fragment-encoded scenario links a valid privacy-preserving share mechanism.