Legal

Privacy Policy

Last updated: 21 May 2026

This Privacy Policy explains how myfoodapp.uk collects, uses, shares and protects personal data. We are committed to handling your information lawfully, fairly and transparently in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

In this policy, “myfoodapp.uk”, “we”, “us” and “our” refer to the operator of the myfoodapp.uk platform, a software service for restaurants and takeaways in the United Kingdom. For any privacy question, or to exercise your rights, contact us at privacy@myfoodapp.uk.

2. Controller and processor roles

Our role under data protection law depends on whose data is involved:

  • We are the data controller for the personal data of visitors to this marketing website and of the restaurant and takeaway businesses (and their staff) who enquire about or subscribe to our service.
  • We are a data processor for the personal data of our customers’ own diners, that is, the people who place orders or book tables through a storefront built on myfoodapp.uk. In that case the restaurant or takeaway is the data controller and decides how that data is used. Our handling of it is governed by our data processing terms with that business.

3. The personal data we collect

When you use this website or contact us, we may collect:

  • Enquiry data — your name, email address, phone number, business (restaurant) name, the plan you are interested in and any message you send when you submit our “Book a demo” or “Talk to us” forms.
  • Account and billing data — if you become a customer, the details needed to administer your subscription and invoices.
  • Technical data — limited information your browser provides, such as IP address, device and browser type, and pages visited, used to keep the site secure and working.

We do not collect special category data through this website and ask that you do not send it to us in free-text fields.

4. How we use your data and our lawful basis

  • To respond to demo requests and enquiries, and to provide the service you ask for — lawful basis: steps taken at your request prior to a contract, and the performance of a contract.
  • To operate, secure and improve this website — lawful basis: our legitimate interests in running a safe, reliable service.
  • To send service messages, and, where you have agreed, occasional product updates — lawful basis: consent or legitimate interests, and you can opt out at any time.
  • To meet legal, accounting and tax obligations — lawful basis: legal obligation.

5. Cookies and analytics

We use a small number of cookies and similar technologies to keep the site secure and to understand, in aggregate, how it is used. Full detail is set out in our Cookie Policy.

6. Who we share data with

We do not sell your personal data. We share it only with trusted service providers who process it on our instructions, including:

  • Cloud hosting and infrastructure providers — our application and databases run on tier-one infrastructure operated by Amazon Web Services, Microsoft Azure and Google Cloud, and on managed database hosting.
  • Payment providers — where you become a customer, payments for your own diners settle directly into your own Stripe or Revolut Business account. We are not a party to those payments and never hold your customers’ card details.
  • Professional advisers and authorities — where required by law or to establish, exercise or defend legal claims.

7. International transfers

Where personal data is processed outside the UK, we ensure an appropriate safeguard is in place, such as UK adequacy regulations or the International Data Transfer Agreement (or the UK Addendum to the EU Standard Contractual Clauses), so that your data receives a level of protection essentially equivalent to that under UK law.

8. How long we keep data

We keep personal data only for as long as necessary. Enquiry data that does not lead to a contract is normally deleted within 24 months. Customer account and billing records are kept for the duration of the contract and for at least six years afterwards to meet legal and tax requirements.

9. Data security

We use appropriate technical and organisational measures to protect personal data, including encryption in transit, access controls, and hosting in secure, certified data centres. No system can be guaranteed completely secure, but we work to reduce risk and will notify you and the Information Commissioner’s Office where we are legally required to do so following a personal data breach.

10. Your rights

Under the UK GDPR you have the right to:

  • be informed about how your data is used;
  • access a copy of the personal data we hold about you;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability; and
  • withdraw consent at any time, where processing is based on consent.

To exercise any right, email privacy@myfoodapp.uk. We will respond within one month. Exercising your rights is free of charge in normal circumstances.

11. Complaints

We hope to resolve any concern directly, but you have the right to complain to the UK Information Commissioner’s Office (ICO) at ico.org.uk or by calling 0303 123 1113.

12. Changes to this policy

We may update this policy from time to time. The “Last updated” date above shows when it was last revised. Material changes will be highlighted on this page.