Yumee

Privacy Policy

Last updated: January 2025

1. Who we are

Yumee Compliance is operated by Yumee Ltd (“we”, “us”, “our”). We provide a food safety compliance platform for UK hospitality businesses. Our registered address is in England and Wales.

General enquiries: hello@yumeeservices.com
Privacy enquiries: privacy@yumeeservices.com

ICO registration number: [pending]

2. What data we collect

We collect the following categories of personal data:

  • Account data: name, email address, phone number
  • Business data: venue name, venue type, address, FSA registration number
  • Usage data: compliance records submitted through the app (temperature logs, checklists, routine completions, HACCP records), timestamps and user actions
  • Payment data: subscription plan and billing cycle. Payment card details are processed exclusively by Stripe and are never stored on our systems.
  • Analytics data: page views, session duration, feature usage — collected via Google Analytics 4 only if you have accepted analytics cookies.
  • Device data: device type, operating system, push notification tokens (used to send compliance reminders)
  • Communications: messages you send to our support team, contact form submissions

3. Why we collect it (lawful basis)

We process your personal data on the following legal bases under UK GDPR:

  • Contract performance: account data, business data and usage data are necessary to provide the Yumee Compliance service you have subscribed to.
  • Legitimate interests: analytics data, product improvement and relevant product updates — balanced against your privacy rights.
  • Legal obligation: compliance with applicable UK law.
  • Consent: analytics cookies and marketing emails. You can withdraw consent at any time.

We do not sell your personal data to third parties. We do not use your compliance records for any purpose other than providing the service to you.

4. How long we keep your data

  • Active accounts: data is retained for as long as your account remains active.
  • Deleted accounts: account data is deleted within 30 days of account deletion.
  • Compliance records: temperature logs, checklists, HACCP records and other food safety records are retained for a minimum of 13 months. This reflects your legal obligation to produce records on demand under UK food safety legislation (Food Hygiene (England) Regulations 2013 and General Food Regulations 2004).
  • Marketing consent: retained until you withdraw consent.

5. Who we share your data with

We use the following third-party services (data processors) to operate the platform. All are under appropriate Data Processing Agreements:

  • Google Firebase (Firestore, Auth, Storage, FCM) — primary infrastructure. Data is stored in the europe-west2 (London) region. Google's privacy policy.
  • Stripe — payment processing. Stripe is PCI-DSS compliant. We never see or store your payment card details. Stripe's privacy policy.
  • Resend — transactional email delivery (contact form replies, notifications, billing receipts).
  • Vercel — website hosting and edge network. Used for this marketing website only, not the app. Vercel's privacy policy.

6. Your rights under UK GDPR

You have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you
  • Rectification: request correction of inaccurate or incomplete data
  • Erasure: request deletion of your data (“right to be forgotten”)
  • Portability: request your data in a structured, machine-readable format
  • Restriction: request that we limit processing of your data
  • Objection: object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent, you can withdraw at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please email privacy@yumeeservices.com. We will respond within 30 days.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

7. Cookies policy

We use the following types of cookies on this website:

  • Essential cookies: required for the website to function correctly (session, security). These cannot be disabled.
  • Analytics cookies (GA4): Google Analytics 4 cookies used to understand how visitors use our site (page views, session duration, traffic sources). These are only set if you click “Accept All” on our cookie banner.

You can withdraw your analytics consent at any time by clicking “Reject Non-essential” in the cookie banner (clear your browser cookies to reset).

To disable all cookies, you can also adjust your browser settings. Note that disabling essential cookies may prevent parts of the website from working correctly.

8. Data security

We implement appropriate technical and organisational measures to protect your data:

  • Encrypted data transmission (HTTPS / TLS 1.3)
  • Firebase Security Rules limiting data access by user role and organisation
  • Multi-tenant data isolation — your data is never accessible to other businesses
  • Staff access on a need-to-know basis only
  • Regular security reviews

9. Changes to this policy

We may update this privacy policy from time to time. When we make significant changes, we will notify you by email or through the app. The date at the top of this page shows when it was last updated.

10. Contact

For all privacy enquiries: privacy@yumeeservices.com