Product
From the moment the customer declares an allergen, to the audit log the FSA inspector reads next month — every step is structured, enforced, and recorded.
The flow
SafePlate sits inside the existing service rhythm. Servers, kitchen, and managers each see the part of it they need — and nothing they don't.
The customer's allergens are captured at the start of the order — entered by the server, selected by the customer on a tablet, or pre-declared on online ordering. Each cover (per-seat) carries its own allergen profile, so a table of four with four different sensitivities is handled correctly.
Every menu item is decomposed into its constituent ingredients in a structured database — 877 ingredients live today, mapped across 595 reference recipes. Matching happens at ingredient level, not at allergen-category level. "This customer reacts to garlic; this dish contains garlic in the marinade; therefore this dish is unsafe."
Unsafe items cannot be added to the bill in Strict mode. Moderate mode requires manager override with a logged reason. Advisory mode warns but allows. The mode is set by the operator, not by the server — and is configurable per venue or per service period.
Tickets pushed to the kitchen display system carry per-cover allergen banners and item-level ingredient callouts. A four-step chef safety acknowledgement (with a 3-second hold) is required before the ticket can be marked complete.
Every check, override, and confirmed safe order is timestamped and logged. Shift summaries and per-cover audit trails are first-class data. The compliance subsystem produces the structured digital record an FSA inspector or insurer would ask for — without anyone reaching for a paper folder.
Beyond the FSA 14
Most allergen tools — POS allergen flags, standalone apps, kitchen reference systems — operate at category level: a dish either "contains milk" or it does not. But the customers I have served react to specific ingredients, and the regulated 14 is not the boundary of what hurts them.
Garlic. Onion. Specific peppers. Nightshades. Individual spices. Alliums. Legumes. Coriander. In current restaurant systems, these are categorised as "preferences" — given the same operational weight as "no ice in the drink." For the customer who carries an EpiPen for a non-FSA-14 allergen, that is not a preference.
SafePlate treats every declared sensitivity — regulated or not — as an enforcement target. Same rigour, same audit trail, same workflow.
In numbers
POS-agnostic
SafePlate is built as an integration layer that sits across multiple POS systems — not a replacement till, not another piece of hardware. Two integrations are live in code today; two more are scoped to ship next.
OAuth 2.0 flow, 32 endpoints, 4,398 lines. Catalog sync, real-time order webhooks, allergen-aware order validation, payments, refunds, loyalty.
Partner API integration, 12 endpoints. Product catalog sync, order pipeline, real-time polling, multi-site support.
Scoped as the third integration once pilot data is in hand.
Toast's UK presence and API maturity make it the fourth integration target.
Kitchen display
Real-time order tickets pushed over WebSocket. Bold per-cover allergen banners. Item-level ingredient callouts on the dish itself. A four-step chef safety acknowledgement with a 3-second hold prevents accidental clear-throughs.
The kitchen display is a separate application, deployable on existing kitchen hardware. It receives orders the moment they are confirmed at the till and stays in sync with the floor.
Compliance & audit
Every allergen check is logged with timestamp, user, dish, customer profile, and outcome. Manager overrides record a reason. Shift summaries roll up the day's allergen events for the operator and for due-diligence reporting.
When an inspector walks in, you don't reach for a folder. You open the audit dashboard.
Security & data
SafePlate handles them as such. Encryption at rest and in transit, EU/UK data residency, role-based access control with 160 granular permission scopes.
Superadmin, admin, manager, staff, customer — each with their own permission set. The kitchen sees what the kitchen needs; the customer sees only their own profile.
Every sensitive action logged with user, timestamp, and details. Token refresh and route protection on every protected endpoint.
POS and KDS devices pair via 6-digit OTP with 5-minute expiry. No shared logins on shared devices.
Pilots open
We'll take three of your trickiest dishes and show you, on screen, how SafePlate would handle them today.