← Back to DineDirect
Privacy Policy
Effective Date: 21 January 2026 | Last Updated: 21 January 2026
DineDirect ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you use our mobile application and services (collectively, the "Services").
DineDirect operates a marketplace platform connecting customers with professional private chefs in the United Kingdom. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Information We Collect
1.1 Personal Information You Provide
When you create an account or use our Services, we collect:
- Account Information: Name, email address, phone number, password (encrypted)
- Profile Information: Profile picture, bio, dietary preferences, cuisine preferences
- Chef-Specific Information: Professional certifications, food hygiene certificates, insurance documents, specializations, cooking experience
- Location Information: Precise location data (when you use the chef search feature), delivery/service addresses
- Payment Information: Credit/debit card details (processed securely via Stripe - we do not store full card numbers), billing address, transaction history
- Communications: Messages sent through our in-app chat feature, customer support inquiries, reviews and ratings
- Booking Information: Event details, number of guests, dietary requirements, special requests, booking history
1.2 Information Collected Automatically
When you use our Services, we automatically collect:
- Device Information: Device type, operating system, unique device identifiers, mobile network information
- Usage Data: App usage patterns, features accessed, search queries, chef profiles viewed, booking interactions
- Log Data: IP address, browser type, access times, pages viewed, crash reports
- Location Data: Approximate location based on IP address, precise location if you enable location services
1.3 Information from Third Parties
- Social Media: If you connect your social media accounts (optional), we may receive your public profile information
- Payment Processors: Stripe provides us with payment confirmation and fraud detection information
- Identity Verification: For chef accounts, we may use third-party services to verify professional credentials
2. How We Use Your Information
We process your personal information for the following purposes (with legal basis under UK GDPR):
2.1 Performance of Contract
- Creating and managing your account
- Processing bookings and payments
- Facilitating communication between customers and chefs
- Processing refunds according to our cancellation policy
- Providing customer support
2.2 Legitimate Interests
- Personalizing your experience (chef recommendations based on preferences)
- Improving our Services through analytics and usage data
- Preventing fraud, abuse, and security threats
- Sending service-related notifications (booking confirmations, payment receipts)
- Verifying chef credentials to maintain platform quality
2.3 Legal Obligations
- Complying with tax and financial regulations
- Responding to legal requests from authorities
- Maintaining transaction records as required by law
2.4 Consent
- Sending marketing communications (you can opt-out anytime)
- Using precise location data for chef search (you can disable in app settings)
- Placing optional cookies for analytics (you can manage in cookie settings)
3. How We Share Your Information
We do not sell your personal information. We share your data only in the following circumstances:
3.1 With Other Users
- Customers see: Chef's name, profile picture, bio, specializations, ratings, reviews, sample menus
- Chefs see: Customer's name, profile picture, event details, location (after booking), dietary requirements, chat messages
- Public Reviews: Your name and review content are visible to all users (you can choose a display name)
3.2 Service Providers
We share data with trusted third-party service providers who process data on our behalf:
- Stripe: Payment processing, fraud detection (see Stripe Privacy Policy)
- Amazon Web Services (AWS): Cloud hosting, file storage for profile pictures and documents
- Firebase (Google): Push notifications, app analytics, crash reporting
- Sentry: Error monitoring and crash reporting
- Twilio: SMS notifications for booking confirmations and OTP verification
- SendGrid: Email delivery for transactional emails (booking confirmations, password resets)
- Google Maps: Location services for chef search and mapping
3.3 Business Transfers
In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you via email and/or prominent notice in the app.
3.4 Legal Requirements
We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety, or that of our users.
4. Data Retention
We retain your personal information for as long as necessary to provide our Services and comply with legal obligations:
- Active Accounts: Data retained while your account is active
- Closed Accounts: Most data deleted within 90 days of account closure (exceptions: financial records kept for 7 years for tax compliance, reviews remain public unless you request deletion)
- Transaction Records: Retained for 7 years to comply with UK tax and accounting laws
- Marketing Data: Deleted within 30 days of opt-out
- Backup Systems: Data in backups may persist up to 90 days after deletion
5. Your Rights Under UK GDPR
You have the following rights regarding your personal data:
- Right of Access: Request a copy of your personal data we hold
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure ("Right to be Forgotten"): Request deletion of your data (subject to legal retention requirements)
- Right to Restriction: Limit how we process your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for marketing purposes
- Right to Withdraw Consent: Withdraw consent for processing (where consent is the legal basis)
- Right to Lodge a Complaint: File a complaint with the Information Commissioner's Office (ICO)
To exercise your rights, contact us at: privacy@dinedirect.org
We will respond to your request within 30 days. For complex requests, we may extend this by an additional 60 days and will notify you.
6. Data Security
We implement industry-standard security measures to protect your data:
- Encryption: All data transmitted between your device and our servers uses TLS/SSL encryption (HTTPS)
- Payment Security: We are PCI-DSS compliant; Stripe handles all payment card processing using tokenization
- Access Controls: Limited access to personal data; multi-factor authentication for employees
- Secure Storage: Passwords are hashed using bcrypt; sensitive documents encrypted at rest
- Monitoring: Continuous security monitoring and logging for suspicious activity
- Regular Audits: Quarterly security audits and penetration testing
However, no method of transmission over the internet is 100% secure. While we strive to protect your personal information, we cannot guarantee absolute security.
7. International Data Transfers
Your personal information is primarily processed and stored in the United Kingdom. However, some of our service providers (e.g., AWS, Firebase) may store data in the European Economic Area (EEA) or other jurisdictions.
For transfers outside the UK/EEA, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the UK ICO
- Adequacy decisions recognized by the UK government
- Service providers certified under recognized privacy frameworks
8. Children's Privacy
Our Services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at privacy@dinedirect.org, and we will delete the information promptly.
9. Cookies and Tracking Technologies
We use cookies and similar tracking technologies to improve your experience:
9.1 Essential Cookies
- Authentication: Keep you logged in securely
- Security: Detect and prevent fraudulent activity
- Functionality: Remember your preferences (language, location)
9.2 Analytics Cookies (Optional)
- Firebase Analytics: Understand how users interact with our app
- Usage Statistics: Track feature usage to improve our Services
9.3 Managing Cookies
You can manage cookie preferences in your device settings or browser settings. Note that disabling essential cookies may affect app functionality.
For more details, see our Cookie Policy.
10. Marketing Communications
We may send you marketing emails about new chefs in your area, special promotions, and platform updates. You can opt-out anytime by:
- Clicking "Unsubscribe" in any marketing email
- Updating your preferences in the app settings
- Contacting us at marketing@dinedirect.org
You will still receive transactional emails (booking confirmations, password resets) even if you opt-out of marketing.
11. Third-Party Links
Our app may contain links to third-party websites or services (e.g., chef personal websites, social media). We are not responsible for the privacy practices of these third parties. Please review their privacy policies before providing any personal information.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:
- Posting the updated policy in the app with a new "Last Updated" date
- Sending an email notification to your registered email address
- Displaying a prominent in-app notification
Your continued use of the Services after the effective date constitutes acceptance of the updated Privacy Policy.
13. Contact Us
14. Regulatory Authority
If you believe we have not handled your personal data properly, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):
© 2026 DineDirect Ltd. All rights reserved.