Privacy policy.

Chefsline ("Chefsline", "we", "us", "our") provides reservation, guest management and payments software for restaurants. This Privacy Policy explains what personal data we collect, how we use it, and the rights you have over it.

We are the data controller for information we collect about you directly — for example when you visit our marketing site, create an account, or contact our team. When you book a table at a venue that uses Chefsline, the venue is the controller for your booking data and we act as their processor.

Account data — name, email address, phone number, role, venue details and authentication credentials.

Booking data — reservation time, party size, special requests, dietary notes and guest history recorded by the venue.

Payment data — handled by Stripe Connect. We never store full card numbers on our servers.

Usage data — pages you view, features you use, device identifiers, IP address and approximate location.

To deliver the Chefsline service: authenticating you, powering the dashboard, syncing bookings, sending confirmations, and processing deposits and voucher payments.

To improve the product: diagnosing issues, measuring feature adoption, and shaping our roadmap.

To communicate with you: service updates, billing notices, security alerts, and — with your consent — marketing emails you can opt out of at any time.

We share data with vetted sub-processors that help us run the service: Stripe (payments), AWS (hosting), Postmark (transactional email), Twilio (SMS) and Sentry (error monitoring).

We never sell your personal data. We only disclose information to law enforcement when legally compelled to do so and, where possible, with prior notice to you.

Account and booking data is retained for as long as your venue operates on Chefsline, plus up to 24 months after closure for accounting and fraud prevention purposes.

Payment records are held for 7 years to meet HMRC and financial-services obligations.

Under UK GDPR you have the right to access, correct, export, restrict, or erase your personal data, and to object to processing.

To exercise any of these rights email privacy@chefsline.uk. We will respond within 30 days. You may also complain to the Information Commissioner’s Office (ico.org.uk) if you are unhappy with how we’ve handled your data.

Data is encrypted in transit (TLS 1.3) and at rest (AES-256). Access to production systems is restricted to a small team, protected by single sign-on and hardware security keys, and audited continuously.

We’ll post material changes at the top of this page and, for significant updates affecting your data, notify you by email at least 14 days before they take effect.