Legal

Privacy notice

Last updated: May 2026

This notice explains how SafePlate Ltd ("SafePlate", "we", "us") handles personal data across the SafePlate platform and the safe-plate.io website. We have written it in plain English. If anything is unclear, write to us at privacy@safe-plate.io.

Who we are

SafePlate Ltd is a company registered in England and Wales. For data we process about diners (allergen profiles, order history), we act as a data processor on behalf of the venue you are dining in, which is the data controller.

For data we process about operators, prospective customers, and website visitors, we act as a data controller.

The data we hold

Diner data (when you eat in a venue using SafePlate)

The venue captures, and we process on its behalf:

• Allergen declarations and dietary requirements you make at the start of an order. This is health-category data under UK GDPR Article 9.
• Optional contact details (name, phone) where the venue takes a reservation through SafePlate.
• Order history during your visit — what was ordered, what was blocked, what was acknowledged in the kitchen.

We do not link diner data across venues. Your declaration to one restaurant is not visible to another.

Operator data (when you run a venue on SafePlate)

• Account information for staff users — name, email, role, password hash.
• Menu and ingredient data you upload.
• Audit-log records of allergen events, overrides, and shift summaries.
• Integration credentials (encrypted) for your EPOS — Square OAuth tokens or Access EVO API keys.

Visitor data (when you use safe-plate.io)

• What you write into the contact form.
• Basic server logs — IP address, user agent, page visited, timestamp — retained for 30 days for security and abuse prevention.
• We do not use third-party advertising trackers. The site uses no marketing cookies.

Lawful basis

• Diner allergen declarations: processed under Article 6(1)(b) (necessary for the contract between the diner and the venue) and Article 9(2)(a) (explicit consent for health-category data, given when the declaration is captured).
• Operator account data: processed under Article 6(1)(b) (necessary for the contract).
• Visitor contact-form data: processed under Article 6(1)(a) (consent) and 6(1)(f) (legitimate interest in responding to enquiries).

Where we store data

All personal data is hosted in the United Kingdom or European Union. Encryption at rest (AES-256) and in transit (TLS 1.2+). Database backups are encrypted and stored in the same region.

Retention

• Diner allergen profiles: retained by the venue for the duration of the visit and rolled up into anonymised compliance data thereafter. Personally identifiable diner records are deleted within 90 days unless the venue has a separate retention reason (e.g. an open complaint or insurance claim).
• Operator account data: retained for the duration of the contract plus 6 years after termination, in line with UK accounting and tax requirements.
• Audit-log records: retained for 6 years from the date of the order. This reflects the limitation period for civil claims and the FSA's recommended record-keeping period.
• Contact-form messages: retained for 24 months unless we agree a longer retention with you (e.g. a live customer relationship).

Sharing

We share data only with:

• Sub-processors: our hosting provider, our payment processor (Stripe), and our error-monitoring service. Each is contracted under UK GDPR-compliant data-processing terms. We will publish a full sub-processor list on request.
• Authorities: where we are legally required to do so (e.g. a court order or FSA investigation).

We do not sell, rent, or share personal data with marketing partners or data brokers under any circumstances.

Your rights

Under UK GDPR you have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion (right to be forgotten), subject to our retention obligations above.
• Object to processing or request restriction.
• Receive your data in a portable format.
• Withdraw consent at any time.

To exercise any of these rights, write to privacy@safe-plate.io. We respond within 30 days.

Complaints

If you believe we have mishandled your personal data, please contact us first — we want to fix it. You also have the right to complain to the Information Commissioner's Office (ICO): ico.org.uk.

Changes

We will publish material changes to this notice on this page with an updated date. For changes that affect existing operator customers, we'll also notify the account admin by email.

Contact: privacy@safe-plate.io  ·  SafePlate Ltd, United Kingdom