Privacy Policy
How InOrdera collects, uses, and protects your personal data
Last updated: 23 April 2026 · InOrdera Ltd
Summary: InOrdera Ltd takes your privacy seriously. We collect only the data we need, use it to provide our service, and never sell it. This policy explains what we collect, why, and your rights under UK GDPR.
1. Who We Are
InOrdera Ltd ("InOrdera", "we", "us", "our") is a company registered in England and Wales. We operate the InOrdera platform, which provides AI-powered voice and chat ordering services to independent restaurants and takeaways in the United Kingdom.
For the purposes of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, InOrdera Ltd is the data controller for personal data we process.
Contact: privacy@inordera.com
2. What Data We Collect
We collect the following categories of personal data:
- Restaurant operators (our customers): Business name, contact name, email address, telephone number, billing address, payment information (processed via a PCI-DSS compliant third party).
- End users (restaurant customers): Name, telephone number, delivery address, order details, dietary preferences and allergen information provided voluntarily during ordering, and call/chat transcripts.
- Website visitors: IP address, browser type, pages visited, and referral source via cookies and analytics tools.
3. How We Use Your Data
We process personal data for the following purposes and on the following legal bases:
- Providing the service — processing orders, managing calls and chats, and operating the platform (legal basis: contractual necessity).
- Allergen safety — flagging allergen risks and maintaining auditable records as required under Owen's Law and FSA guidance (legal basis: legal obligation and legitimate interests).
- Billing and account management — invoicing and support (legal basis: contractual necessity).
- Service improvement — anonymised analysis of usage patterns to improve accuracy and performance (legal basis: legitimate interests).
- Marketing — sending product updates and offers to existing customers (legal basis: legitimate interests; you may opt out at any time).
- Legal compliance — responding to lawful requests from regulatory bodies (legal basis: legal obligation).
4. How Long We Keep Your Data
- Order and call records: 7 years (required for allergen compliance audit trails and financial records).
- Customer account data: Duration of the contract plus 2 years.
- Marketing preferences: Until you opt out.
- Website analytics: 26 months (rolling).
5. Who We Share Your Data With
We do not sell personal data. We share data only with trusted third parties who help us deliver the service:
- Cloud infrastructure providers — for hosting and storage (EU/UK data centres).
- Payment processors — for billing (PCI-DSS compliant).
- POS system integrations — order data is passed to your restaurant's POS system as necessary to fulfil orders.
- Analytics providers — anonymised, aggregated website analytics.
- Professional advisers — legal, financial, and insurance advisers under strict confidentiality obligations.
All third-party processors are subject to data processing agreements that ensure they handle your data in compliance with UK GDPR.
6. International Transfers
We store and process data in the United Kingdom and the European Economic Area. Where data is transferred outside the UK, we ensure adequate safeguards are in place, such as the UK International Data Transfer Agreement (IDTA) or equivalent mechanisms.
7. Your Rights
Under UK GDPR, you have the following rights:
- Right of access — to request a copy of the personal data we hold about you.
- Right to rectification — to request correction of inaccurate data.
- Right to erasure — to request deletion, where we have no legal obligation to retain it.
- Right to restriction — to request we limit how we use your data.
- Right to data portability — to receive your data in a machine-readable format.
- Right to object — to object to processing based on legitimate interests or direct marketing.
- Rights related to automated decision-making — to request human review of any automated decisions that significantly affect you.
To exercise any of these rights, contact us at privacy@inordera.com. We will respond within 30 days. You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.
8. Security
We implement appropriate technical and organisational measures to protect personal data, including encryption in transit and at rest, access controls, and regular security assessments. In the event of a data breach that poses a risk to your rights, we will notify the ICO within 72 hours and affected individuals without undue delay.
9. Cookies
We use cookies on our website. Please see our Cookie Policy for full details.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify customers of material changes by email. The "Last updated" date at the top of this page will always reflect the most recent version.
11. Contact Us
For any privacy-related queries or to exercise your rights: