Privacy Policy

1. Who We Are

TrustDiner Ltd ("we", "us", "our") operates the TrustDiner platform, a community-driven food allergy safety service. We are registered in the United Kingdom. You can contact us at support@trustdiner.co.uk.

2. What Data We Collect

We collect and process the following data:

• Account details (name, email address, password)
• Allergy information you choose to provide
• Restaurant reviews and comments
• Technical data (IP address, browser type, usage data)
• Analytics information via Mixpanel
• Marketing preferences and email interactions

3. How We Use Your Data

We process data to:

• Operate and improve the TrustDiner platform
• Personalise your experience
• Send service and promotional emails (with consent)
• Conduct analytics and performance measurement
• Ensure platform security and community safety

4. Legal Bases for Processing

Under the UK GDPR, we rely on:

• Consent – for marketing emails and analytics tracking
• Legitimate interests – for operating and improving the platform
• Legal obligations – when required to comply with law or respond to lawful requests

5. Data Retention

We retain your personal data for the following periods:

• Account data: Retained while your account is active, plus 28 days after deletion request (grace period for restoration)
• Reviews: Retained permanently for community benefit, but anonymized upon account deletion (disconnected from your identity)
• Allergen preferences: Deleted immediately upon account deletion
• Consent records: Retained for 7 years to demonstrate GDPR compliance
• Audit logs: Retained for 7 years for legal and regulatory compliance
• Session data: Cleared after 7 days of inactivity

To delete your account and personal data, visit your Profile → Account Settings.

6. Sharing, Selling, and Transferring Your Data

We may share, transfer, or sell your personal data to third parties in the following circumstances:

6.1 Service Providers and Data Processors

We share data with third-party service providers who assist us in operating the platform:

• AWS (UK region) – secure cloud hosting and data storage
• Mixpanel – analytics and performance tracking
• SendGrid – email communications
• Other service providers – as necessary for platform operation, maintenance, and improvement

All third-party processors are contractually required to comply with UK data protection standards and use your data only for specified purposes.

6.2 Data Sales and Commercial Transfers

We may sell, license, or otherwise transfer certain categories of your personal data to third parties for commercial purposes, including but not limited to:

• Marketing and advertising partners – demographic information, preferences, and usage patterns for targeted advertising
• Research organisations – aggregated or anonymised data for market research and analytics
• Business partners – data sharing arrangements for commercial purposes
• Data brokers and aggregators – where legally permitted and in compliance with applicable law

Categories of data that may be sold or transferred include: demographic information (age range, location), dietary preferences and allergen information, usage patterns and behaviour data, restaurant preferences and review activity, and aggregated analytics data.

6.3 Legal and Regulatory Disclosures

We may disclose your data when required by law, court order, regulatory authority, or to protect our legal rights, property, or safety, or that of our users or third parties.

6.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or other business transfer, your personal data may be transferred to the acquiring entity as part of the transaction.

6.5 Your Rights Regarding Data Sharing and Sales

You have the following rights regarding our sharing and sale of your data:

• Right to opt out: You may opt out of certain types of data sales and sharing by contacting us at support@trustdiner.co.uk or adjusting your account privacy settings
• Right to object: You may object to processing based on legitimate interests, including data sharing for commercial purposes
• Right to withdraw consent: Where data sharing is based on consent, you may withdraw that consent at any time
• Right to information: You may request information about categories of third parties with whom we share or sell your data

Legal Basis: Our sharing and sale of data is based on your consent (where required), our legitimate business interests in operating and improving our services, compliance with legal obligations, and performance of our contract with you. For more information about exercising your rights, please see Your Data Rights.

7. Your Rights

Under the UK GDPR, you have the following rights regarding your personal data:

• Right to Access – Request a copy of all data we hold about you. Request your data via email.
• Right to Rectification – Update your profile information. Edit your profile.
• Right to Erasure ("Right to be Forgotten") – Request deletion of your account and personal data. Delete your account (28-day grace period applies).
• Right to Withdraw Consent – Manage your analytics and marketing cookie preferences. Manage consent settings.
• Right to Data Portability – Request your data in machine-readable format (JSON). Email support@trustdiner.co.uk.
• Right to Lodge a Complaint – You can complain to the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint.

For detailed information about exercising these rights, visit Your Data Rights or contact us at support@trustdiner.co.uk.

8. Data Security

We use encryption, access control, and regular security reviews to protect your information. Data is stored securely in AWS data centres within the United Kingdom.

9. Marketing & Communication

You will only receive promotional emails if you explicitly opt in. You can unsubscribe at any time via the link in each email.

10. Updates to This Policy

We may update this Privacy Policy to reflect operational or legal changes. Updates will be published on this page with a revised date.