Privacy Policy

Last updated: March 2026

1. Introduction

RestaurantIQ Ltd ("we", "us", "our") operates the RestaurantIQ restaurant analytics platform. We are a company registered in England and Wales. Our registered office is 71-75 Shelton Street, Covent Garden, London WC2H 9JQ. We are registered with the Information Commissioner's Office (ICO); registration number: 00013447026.

This Privacy Policy explains how we collect, use, store, and protect your data. We are committed to protecting your privacy and complying with applicable data protection laws, including the UK GDPR and EU GDPR where applicable.

2. Data We Collect

We collect the following categories of data:

  • Account data: Name, email address, password (hashed), and business details you provide when signing up
  • POS and booking data: Orders, payments, reservations, timing metrics, and related data we receive via integrations you authorise (e.g. Square, Lightspeed, SevenRooms)
  • Usage data: Logs of your use of the Service, including IP address, browser type, and feature usage
  • Communications: Emails and messages you send to us for support or enquiries

We do not collect data from your restaurant's customers (e.g. diners) unless that data is included in the POS or booking data you authorise us to access. We process such data only as necessary to provide the Service.

3. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the Service
  • Generate analytics, insights, and reports for your restaurant
  • Process payments and manage your subscription
  • Respond to support requests and communicate with you
  • Send service-related notices (e.g. security alerts, billing)
  • Comply with legal obligations and enforce our Terms
  • We do not use your restaurant or order data for our own product analytics or marketing; we use it only to provide the Service to you

We do not sell your data. We do not use your data for advertising or share it with third parties for their marketing.

4. Legal Basis (GDPR)

For users in the UK and EEA, we process your data on the following legal bases:

  • Contract: Processing necessary to perform our contract with you (providing the Service)
  • Legitimate interests: Improving the Service, security, fraud prevention, and business operations
  • Consent: Where we explicitly ask for consent (e.g. marketing emails)
  • Legal obligation: Where we must comply with law

You may withdraw consent at any time where consent is the basis. Withdrawal does not affect the lawfulness of processing before withdrawal.

5. Data Sharing

We share data only with:

  • Service providers: Hosting (e.g. Vercel, Supabase), payment processors (e.g. Stripe), and analytics tools. They process data on our instructions and under data processing agreements
  • POS and booking platforms: When you connect integrations, data flows between us and those platforms as authorised by you
  • Authorities: When required by law or to protect our rights

We do not sell or rent your data. We require processors to protect your data and use it only for the purposes we specify.

6. Data Retention

We retain your data as follows:

  • Account and subscription data: For the duration of your account plus up to 7 years for legal and accounting purposes
  • POS and booking data: For the duration of your subscription. After cancellation, we retain data for up to 90 days to allow export, then delete it unless we must retain it for legal reasons
  • Usage and logs: Typically up to 12 months for security and troubleshooting
  • Support communications: For the duration of the enquiry plus a reasonable period thereafter

You may request earlier deletion of your data. We will comply where we have no overriding legal obligation to retain it.

7. Data Security

We use industry-standard measures to protect your data, including encryption in transit (TLS) and at rest, access controls, and secure authentication. OAuth tokens and sensitive credentials are encrypted. We use multi-tenant architecture with row-level security so your data is isolated from other customers. We regularly review and update our security practices.

8. International Transfers

Your data may be processed in the UK, EU, or other jurisdictions where our service providers operate. Where we transfer data outside the UK/EEA, we ensure appropriate safeguards (e.g. adequacy decisions, standard contractual clauses) are in place as required by law.

9. Your Rights (GDPR)

If you are in the UK or EEA, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request that we limit processing in certain circumstances
  • Portability: Receive your data in a structured, machine-readable format
  • Object: Object to processing based on legitimate interests
  • Withdraw consent: Where processing is based on consent
  • Complain: Lodge a complaint with the ICO (UK) or your local supervisory authority

To exercise these rights, contact us at iakovos.petrocheilos@restaurantiq.co.uk. We will respond within one month. You can also export your restaurant data to CSV from within the Service at any time.

10. Cookies and Tracking

We use cookies and similar technologies to provide and improve the Service. We ask for your consent before using non-essential cookies.

Essential Cookies

These cookies are necessary for the Service to function and cannot be disabled:

  • Authentication: Keep you logged in securely
  • Session management: Maintain your session state
  • Security: Protect against cross-site request forgery

Analytics Cookies (Optional)

With your consent, we use PostHog for product analytics to understand how the Service is used and improve it:

  • Usage patterns: Which features are used most
  • Performance: How quickly pages load
  • Errors: Technical issues to fix

We do not use your restaurant data or customer data for analytics. We minimise personal data collection and use privacy-focused settings.

You can manage your cookie preferences at any time using our cookie banner or through your browser settings. Disabling essential cookies may affect the Service functionality.

11. Children

The Service is not intended for individuals under 18. We do not knowingly collect data from children. If you believe we have collected such data, please contact us and we will delete it.

12. Changes

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. The "Last updated" date at the top indicates when changes were last made. Continued use after changes constitutes acceptance.

13. Contact

RestaurantIQ Ltd is the data controller. Our registered office is 71-75 Shelton Street, Covent Garden, London WC2H 9JQ. We are registered with the ICO (registration number: 00013447026).

For privacy enquiries, data subject requests, or to contact our data protection contact, email us at iakovos.petrocheilos@restaurantiq.co.uk.