Privacy Policy

1. Introduction

Welcome to Servio ("we," "our," or "us"). We are committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our point-of-sale and ordering platform and services.

Servio is operated from the United Kingdom and complies with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

2. Information We Collect

2.1 Business Account Information

When you create a Servio business account for your restaurant, cafe, food truck, market stall, or other food service business, we collect:

• Name and email address
• Business name and address (or operating location)
• Phone number
• Payment information (processed securely by Stripe)
• VAT number (if applicable)

2.2 Customer Order Information

When customers place orders through your QR codes (at tables, counters, trucks, or stalls), we collect:

• Customer name (optional)
• Table number, counter location, truck window, or stall identifier
• Order details (items, quantities, special instructions)
• Payment information (processed by Stripe, we do not store card details)
• Order timestamps and status

2.3 Technical Information

We automatically collect:

• IP address and browser type
• Device information and operating system
• Usage data and analytics (pages visited, features used)
• Cookies and similar tracking technologies

3. How We Use Your Information

We use the information we collect to:

• Provide Services: Process orders, manage your business operations, and deliver our platform features
• Process Payments: Handle billing and subscriptions through Stripe
• Customer Support: Respond to your inquiries and provide technical assistance
• Improve Our Platform: Analyze usage patterns to enhance features and performance
• Communication: Send service updates, security alerts, and marketing communications (with your consent)
• Legal Compliance: Comply with applicable laws and regulations

4. Legal Basis for Processing (UK GDPR)

We process your personal data under the following legal bases:

• Contract Performance: To provide services you've subscribed to
• Legitimate Interest: To improve our platform and prevent fraud
• Consent: For marketing communications (you can opt-out anytime)
• Legal Obligation: To comply with tax, accounting, and legal requirements

5. Data Sharing and Disclosure

We may share your information with:

• Service Providers: Stripe (payments), Supabase (database), Google Cloud (infrastructure), OpenAI (AI features)
• Legal Requirements: When required by law or to protect our rights
• Business Transfers: In case of merger, acquisition, or asset sale

We never sell your personal data to third parties.

6. Data Security

We implement industry-standard security measures to protect your data:

• Encryption in transit (TLS/SSL) and at rest
• Secure authentication with OAuth 2.0 and PKCE flow
• Row-level security in our database
• Regular security audits and updates
• Access controls and authentication requirements

7. Data Retention

We retain your information:

• Account Data: Until you delete your account
• Order Data: For 7 years (UK tax compliance requirements)
• Analytics Data: For 2 years
• Backup Data: For 30 days after deletion

8. Your Rights (UK GDPR)

Under UK GDPR, you have the right to:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restrict Processing: Limit how we use your data
• Data Portability: Receive your data in a machine-readable format
• Object: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent for marketing communications

To exercise these rights, contact us at: privacy@servio.app

9. Cookies and Tracking

We use essential cookies to:

• Maintain your session and keep you logged in
• Remember your preferences
• Analyze platform usage (anonymized)

For more details, see our Cookie Policy.

10. International Data Transfers

Your data may be transferred to and processed in countries outside the UK. We ensure adequate safeguards are in place through:

• Standard Contractual Clauses approved by the UK ICO
• Service providers with UK GDPR-compliant practices
• Encryption and security measures during transfers

11. Children's Privacy

Servio is not intended for children under 16. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of unknown material changes by:

• Posting the new policy on this page with an updated date
• Sending an email notification to your registered address

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, please contact us:

14. Supervisory Authority

If you have concerns about how we handle your data, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):