Privacy Policy
Last updated: 10 March 2026
This Privacy Policy explains how CompliChef ("we", "us", "our") collects, uses, stores, and protects your personal information when you use the CompliChef restaurant platform ("Platform"), including table reservations, click & collect ordering, point of sale (POS), kitchen display, and online payment services.
We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who We Are
CompliChef is the data controller for information collected through the Platform. For data collected on behalf of a venue (restaurant, café, etc.), the venue is the data controller and CompliChef acts as a data processor.
Contact: support@complichef.co.uk
2. What Information We Collect
2.1 Customer Information (when you book a table or place an order)
| Data |
Purpose |
Lawful Basis |
| Full name |
Identify your booking or order |
Contract performance |
| Phone number |
Contact you about your booking/order |
Contract performance |
| Email address |
Send confirmations, invoices, and order status updates |
Contract performance / Consent |
| Order details |
Fulfil your click & collect or dine-in order |
Contract performance |
| Special requests / dietary notes |
Pass your requirements to the venue |
Contract performance |
| Payment information |
Process your payment (handled by Stripe/PayPal — we do not store card details) |
Contract performance |
2.2 Venue Operator Information
- Account details (name, email, password) to manage your venue.
- Venue details (address, phone, opening hours, menu items, pricing).
- Payment gateway credentials (Stripe/PayPal API keys) to process customer payments.
- SMTP email settings to send transactional emails from your own email server.
2.3 Automatically Collected Data
- IP address and browser type (for security and analytics).
- Pages visited, timestamps, and referral source.
- Cookies (see Section 8 below).
3. How We Use Your Information
- Booking fulfilment: To confirm your reservation, send reminders, and notify you of any changes.
- Order processing: To process your click & collect order, send invoice/confirmation emails, and notify you when your order is being prepared or is ready for collection.
- Payment processing: To securely process payments through Stripe or PayPal.
- Venue operations: To enable venues to manage bookings, orders, kitchen workflow, and customer communications.
- Platform improvement: To analyse usage patterns and improve the Platform.
- Legal compliance: To comply with legal obligations and resolve disputes.
4. Who We Share Your Information With
| Recipient |
Purpose |
| The venue you booked with or ordered from |
To fulfil your booking or order |
| Stripe / PayPal |
To process your payment securely |
| Email service providers (venue SMTP or CompliChef SMTP) |
To send transactional emails (confirmations, invoices, status updates) |
| Hosting & infrastructure providers |
To operate and maintain the Platform |
We do not sell your personal information to third parties. We do not share your data for marketing purposes without your explicit consent.
5. How Long We Keep Your Data
- Booking records: Retained for up to 24 months after the booking date, unless the venue requires longer for legal or operational reasons.
- Order records: Retained for up to 24 months for accounting and dispute resolution purposes.
- Venue accounts: Retained for the duration of the subscription and up to 12 months after cancellation.
- Payment data: We do not store card details. Payment references are retained as part of order records.
6. Your Rights
Under the UK GDPR, you have the right to:
- Access your personal data — request a copy of the information we hold about you.
- Rectification — ask us to correct inaccurate information.
- Erasure — ask us to delete your personal data (subject to legal retention requirements).
- Restrict processing — ask us to limit how we use your data.
- Data portability — request your data in a machine-readable format.
- Object — object to processing based on legitimate interests.
- Withdraw consent — where processing is based on consent, you can withdraw it at any time.
To exercise any of these rights, contact us at support@complichef.co.uk. We will respond within 30 days.
7. Data Security
- All data is transmitted over HTTPS (TLS encryption).
- Passwords are hashed and never stored in plain text.
- Payment processing is handled by PCI-DSS compliant providers (Stripe, PayPal).
- SMTP credentials are stored securely on the server and are not exposed through the API (passwords are masked in responses).
- Access to the Platform is protected by authentication (SSO and session-based).
8. Cookies
The Platform uses cookies for:
- Essential cookies: Session management, authentication, and security. These are necessary for the Platform to function.
- Analytics cookies: To understand how the Platform is used and improve performance. These are only set with your consent where required.
You can manage cookie preferences through your browser settings. Disabling essential cookies may prevent the Platform from functioning correctly.
9. Third-Party Services
The Platform integrates with the following third-party services, each with their own privacy policies:
10. Children's Privacy
The Platform is not intended for children under 16. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will delete it.
11. International Transfers
Your data is primarily processed within the United Kingdom and European Economic Area. Where data is transferred outside the UK/EEA (e.g., by third-party payment processors), appropriate safeguards are in place in accordance with UK GDPR requirements.
12. Changes to This Policy
We may update this Privacy Policy from time to time. The "Last updated" date at the top indicates the latest revision. Continued use of the Platform after changes constitutes acceptance of the updated policy.
13. Complaints
If you are unhappy with how we handle your data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
14. Contact Us
For any privacy-related questions or requests: