Plain-English summary: We collect only what's necessary to run the service. We don't sell your data. You can request deletion at any time.
1. Who we are
Secure It Fresh Ltd ("Secure It Fresh", "we", "us", "our") operates the Secure It Fresh platform — a tamper-proof food delivery service. Our registered address and data controller contact is listed in section 11.
We are the data controller for personal data collected through our website, mobile applications, and related services.
2. Data we collect
Information you give us
- Account details: name, email address, phone number, delivery address
- Payment information (processed by our payment provider — we do not store card numbers)
- Communications you send us (support tickets, feedback, waitlist sign-ups)
- Restaurant or courier business details (if you register as a partner)
Information collected automatically
- Device and browser type, operating system, IP address
- Pages visited, time spent, click patterns
- Location data (when you grant permission, for delivery matching)
- App usage logs and crash reports
Information from third parties
- Identity verification data (where legally required)
- Social login profile data (if you sign in with Google or Apple)
3. How we use your data
We process your data on the following legal bases:
- Contract performance: to create and manage your account, process orders, handle payments, and resolve disputes
- Legitimate interests: to prevent fraud, improve our platform, send service-related notifications, and perform analytics
- Consent: to send marketing emails and newsletters (you can withdraw consent at any time)
- Legal obligation: to comply with tax, anti-money-laundering, and food-safety regulations
We do not use your data for automated decision-making that produces significant legal effects without human review.
4. Sharing your data
We never sell personal data. We share data only with:
- Restaurants and couriers — limited to what's needed to fulfil your order (first name, delivery address, order contents)
- Payment processors — Stripe or equivalent, PCI-DSS compliant
- Cloud infrastructure providers — servers, databases, and CDN services under GDPR-compliant data processing agreements
- Analytics providers — aggregated, anonymised usage data only
- Law enforcement — when required by valid legal process
All third-party processors are bound by data processing agreements and may not use your data for their own purposes.
5. Retention
- Active account data: retained for the life of the account plus 2 years
- Order records: 7 years (tax and legal compliance)
- Marketing opt-ins: until you withdraw consent
- Support communications: 3 years
- Server logs: 90 days
After retention periods expire, data is securely deleted or anonymised.
6. Your rights
Under GDPR and equivalent laws, you have the right to:
- Access — request a copy of your personal data
- Rectification — correct inaccurate data
- Erasure — request deletion ("right to be forgotten")
- Portability — receive your data in a machine-readable format
- Restriction — limit how we process your data
- Objection — opt out of processing based on legitimate interests
- Withdraw consent — for any processing based on consent (e.g. marketing emails)
To exercise any right, email privacy@secureitfresh.com. We respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
7. Cookies
We use cookies and similar technologies. See our Cookie Policy for full details. You can manage cookie preferences at any time via our cookie banner or your browser settings.
8. Security
We implement industry-standard technical and organisational measures including:
- TLS 1.3 encryption in transit
- AES-256 encryption at rest for sensitive fields
- Role-based access controls and audit logging
- Regular penetration testing and vulnerability scanning
- SOC 2 Type II compliant infrastructure (target certification Q2 2027)
No system is 100% secure. If you believe your account has been compromised, contact us immediately at security@secureitfresh.com.
9. Children
Our service is not directed to children under 16. We do not knowingly collect personal data from anyone under 16. If we learn we have collected such data, we will delete it promptly. Contact privacy@secureitfresh.com if you believe a child's data has been submitted.
10. Changes to this policy
We may update this policy as our service evolves. For material changes, we will notify registered users by email at least 14 days before the change takes effect. The "last updated" date at the top always reflects the current version. Continued use of the service after changes constitutes acceptance.