Privacy Policy
Last Updated: May 23, 2026Welcome to Kitchio (kitchio.co.uk). Kitchio is a branded ordering platform for independent takeaways, restaurants, and food operators in the United Kingdom. We respect your privacy and are committed to protecting the personal data of both our restaurant merchants ("Merchants") and their end customers ("Diners").
This Privacy Policy explains how we collect, use, and share personal data when you use the Kitchio software, visit our website, or interact with an online ordering store built on our system.
1. Diner Data Ownership: The Kitchio Promise
Unlike third-party aggregator apps (e.g., Uber Eats, Deliveroo, or Just Eat) that capture and hide customer databases from the kitchens, **Kitchio maintains a strict direct-merchant ownership model**.
Any diner personal data collected on a Merchant's branded ordering page (such as names, emails, addresses, and order history) is owned exclusively by that Merchant. Kitchio acts solely as a data processor for these transactions. We will never sell, lease, or use your Diner lists to cross-promote competing food establishments or market direct aggregator services.
2. Information We Collect
We collect personal data through different channels depending on your interaction with our platform:
A. Merchant Information:When a restaurant registers for Kitchio, we collect contact details (owner name, business email, telephone, location addresses) and secure payment metadata (linked via Stripe) to route payouts.
B. Diner Information:When placing an order on a Kitchio-powered branded site, we collect data necessary for transaction completion and delivery fulfillment:
- Contact details: Full name, telephone number, and email address.
- Delivery details: Physical street address, post code, and optional delivery notes.
- Transaction details: Food items purchased, total charges, and secure transaction reference tags. (Payment details are routed directly to Stripe; Kitchio never logs full card numbers).
3. How We Use Collected Data
We process personal information under standard GDPR lawful bases to fulfill our business contracts and service requests:
- Fulfillment logistics: Providing address details to our on-demand courier networks (e.g., Stuart, Uber Direct) to ensure order transit.
- Communication updates: Sending automated order receipt emails and white-labeled SMS alerts containing delivery rider tracker maps.
- Direct payments: Routing Stripe payment processes securely to the Merchant's merchant bank account.
- Platform operations: Monitoring system health, preventing duplicate accounts, and managing automated re-engagement coupons on behalf of the Merchant.
4. Information Sharing & Third Parties
We only share necessary personal data with specific services to perform core operational actions:
- Integrated Couriers: Delivery details are shared dynamically with third-party logistics firms executing order dispatch.
- Payment Processors: We partner with Stripe to handle secure online transactions. Card processing details comply with PCI-DSS guidelines.
- Logistics APIs: Customer addresses are validated via global geolocation tools (such as Google Maps API) to compute accurate delivery ranges.
5. Data Security
Kitchio uses robust technical and administrative structures to prevent unauthorized access or modification. All ordering pages implement SSL certificates, secure endpoint verification, and tokenized API processing channels. However, no digital transmission is entirely secure, and we prompt Merchants to keep dashboard passwords strictly confidential.
6. Your GDPR Rights
As a UK resident, you retain standard statutory data rights under GDPR guidelines, including rights of access, correction, transfer, and deletion of personal files. Diners wishing to exercise these rights should contact the restaurant Merchant directly, as they manage the primary guest database. Merchants and other system operators can contact our privacy officer at onboard@kitchio.co.uk.