Local Eats UK
Sign in

Privacy Policy

Last updated: 24 June 2026

This page is maintained by Local Eats UK to explain what personal data we collect, why we collect it, and what choices you have. It applies to customers, Vendors and visitors of our website.

1. Who we are

Local Eats UK is the data controller for personal data you provide directly to the platform. For data you share with a Vendor as part of an order, that Vendor is an independent controller for their own use of your data.

2. Data we collect

  • Account data: name, email, password (hashed), authentication identifiers.
  • Order data: items, delivery address, postcode, phone number, order notes, order history.
  • Payment data: handled by Stripe. We store a reference to the transaction but never card numbers or CVCs.
  • Vendor data: business name, contact details, address, menu, Stripe Connect account identifiers.
  • Technical data: IP address, device and browser information, basic analytics.
  • Location data: postcode you enter and (with permission) approximate browser geolocation, used to find nearby Vendors.

3. How we use your data

  • To create and manage your account.
  • To process orders and pass the necessary details to the Vendor that will fulfil them.
  • To process payments through Stripe.
  • To send transactional emails (order confirmations, receipts, account notifications).
  • To improve the platform, prevent fraud and meet legal obligations.
  • With your consent, to send marketing emails. You can opt out at any time.

4. Legal bases

We rely on the following legal bases under UK GDPR:

  • Contract: to provide the service you have signed up for.
  • Legitimate interests: to keep the platform secure, prevent abuse, and improve our service.
  • Consent: for optional marketing and for browser geolocation.
  • Legal obligation: for tax, accounting and responding to lawful requests.

5. Sharing your data

  • Vendors: receive the order details necessary to prepare and deliver your order.
  • Stripe: processes payments under their own privacy policy.
  • Infrastructure providers: our hosting and database provider (Lovable Cloud / Supabase) and email providers, acting as processors.
  • Authorities: where required by law.

We do not sell your personal data.

6. International transfers

Some of our processors (for example Stripe) operate outside the UK. Where personal data is transferred outside the UK or EEA, we rely on appropriate safeguards such as Standard Contractual Clauses or UK addenda.

7. Retention

We keep account and order data for as long as the account is active and for a reasonable period afterwards to meet legal, accounting and tax obligations. Payment records are retained as required by financial regulations.

8. Your rights

You have the right to access, correct, delete or port your personal data, to object to or restrict certain processing, and to withdraw consent. You can exercise these rights by contacting us. You also have the right to complain to the UK Information Commissioner's Office (ICO).

9. Cookies

We use a small number of cookies and similar storage strictly to keep you signed in, remember your cart and protect against abuse. We do not use third-party advertising cookies.

10. Security

We use industry-standard security measures including encryption in transit, row-level security in our database and access controls. No system can be guaranteed perfectly secure, so please use a strong, unique password.

11. Contact

Privacy questions can be sent to privacy@local-plate-map.lovable.app.