1. Who we are
PLATOO LTD ("PLATOO", "we", "us", "our") is a company registered in England and Wales. We operate the PLATOO food delivery platform accessible at www.platoo.co.uk and via our mobile applications.
For questions about this policy, contact us at: privacy@platoo.co.uk
2. What data we collect
- Account data: name, email address, phone number, and password (hashed).
- Order data: delivery addresses, order history, payment method details (processed by Stripe — we do not store card numbers).
- Location data: delivery address you provide; approximate location if you use "Use my location".
- Device data: IP address, browser type, operating system, pages visited, and timestamps.
- Communications: messages sent via our in-app chat or support channels.
3. How we use your data
- To fulfil and manage your orders and communicate order status.
- To process payments securely via Stripe.
- To provide customer support and respond to enquiries.
- To send transactional emails (order confirmations, delivery updates).
- To improve our platform, diagnose bugs, and analyse usage trends.
- To comply with legal obligations.
We do not sell your personal data to third parties. We do not use your data for targeted advertising.
4. Legal basis (UK GDPR)
- Contract: processing necessary to deliver the services you ordered.
- Legitimate interests: fraud prevention, platform security, and service improvement.
- Legal obligation: financial and tax record-keeping requirements.
- Consent: where we ask for it separately (e.g. marketing emails).
5. Data sharing
We share data only with trusted service providers necessary to operate the platform:
- Supabase — database and authentication (EU/UK data residency).
- Stripe — payment processing (PCI-DSS compliant).
- Vercel — hosting and content delivery.
- Restaurants — your name, delivery address, and order details are shared with the restaurant fulfilling your order.
6. Data retention
We retain account data for as long as your account is active, plus 7 years thereafter to meet legal and tax obligations. Order records are retained for 7 years. You may request deletion at any time (subject to legal retention requirements) via your account settings or by emailing us.
7. Your rights
Under UK GDPR you have the right to:
- Access the personal data we hold about you.
- Correct inaccurate data.
- Request erasure ("right to be forgotten").
- Restrict or object to processing.
- Data portability.
- Withdraw consent at any time.
To exercise any right, email privacy@platoo.co.uk. You also have the right to lodge a complaint with the ICO at ico.org.uk.
8. Security
We use industry-standard security measures including TLS encryption in transit, hashed passwords, and row-level security on our database. No system is 100% secure; if you believe your account has been compromised, contact us immediately.
9. Changes to this policy
We may update this policy from time to time. We will notify you of material changes by email or in-app notice. Continued use of the platform after changes constitutes acceptance.