← Back

Privacy Policy

Last updated: June 2026  |  Burger Society HQ

1. Who we are

This platform ("Burger Society HQ") is operated by the vendor registered on this account. Your data is processed to operate the food-truck management features described below. The platform is hosted in the UK and processes data in accordance with UK GDPR and the Data Protection Act 2018.

2. What data we collect

• Account data — your name, email address, business name, and role when you register.
• Staff data — employee HR records, contact details, right-to-work documents, payroll information, and shift data entered by the vendor.
• Customer data — enquiry and booking details (name, email, phone, event details) submitted through the public enquiry form.
• Financial data — invoices, expenses, and purchase records entered by the vendor.
• Usage data — browser type, session data, and logs used to operate the service securely.

3. How we use your data

• To operate the platform and provide the features you have signed up for.
• To send transactional emails (onboarding, reminders) where configured.
• To generate AI-assisted content (social posts, pitch emails) using anonymised prompts.
• To comply with legal obligations.

4. Legal basis for processing

We process data under contract (to provide the service you agreed to), legitimate interests (to operate the platform securely), and legal obligation (e.g. fraud prevention). Where we send marketing communications we rely on consent.

5. Data sharing

We do not sell your data. We share data only with:

• AI providers (Anthropic) — anonymised prompts for AI-generated content features.
• Payment processors (Square) — only where you have connected your Square account.
• Email/SMTP providers — where you configure outbound email in Integrations.

6. Data retention

We retain your data for as long as your account is active. You can request deletion at any time using the "Delete my account" option in account settings, which permanently removes all vendor data from our systems.

7. Your rights

Under UK GDPR you have the right to:

• Access your personal data (use "Download all my data" in account settings)
• Rectify inaccurate data (edit your profile and settings at any time)
• Erasure (use "Delete my account" in account settings)
• Portability (the data export is provided in machine-readable JSON)
• Object to processing — contact us at the address below

8. Cookies

We use a single session cookie to keep you logged in. We do not use tracking or advertising cookies. No consent is required for strictly necessary cookies under UK GDPR.

9. Security

Sensitive fields (NI number, bank details) are stored with additional access controls. HTTPS is required for all connections. We review our security practices regularly.

10. Contact

For data protection enquiries, please use the email address configured in your vendor profile, or contact the platform operator via the Help page.