Privacy Policy

Last updated: 9 June 2026

This Privacy Policy explains how RESTROIQ LTD (“we”, “us”, “our”) collects, uses and protects your personal data when you use the RestroIQ platform and websites (restroiq.uk and login.restroiq.uk) (the “Service”). We are the data controller for the personal data described here.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

RESTROIQ LTD, a company registered in England and Wales (company number 17215432), registered office Flat 29, Middlepark Drive, Birmingham, B31 2FQ. For any privacy questions or to exercise your rights, contact us at support@restroiq.uk.

2. What data we collect

  • Account information — your name, email address and password (stored in encrypted/hashed form).
  • Assessment information — the business details and answers you enter to generate assessments and reports.
  • Billing information — your subscription plan and payment records. Card details are entered directly with our payment processor (Stripe); we do not see or store your full card number.
  • Usage and technical data — information about how you access and use the Service, such as log data, device and browser type, and IP address.
  • Communications — messages you send to us, for example to support@restroiq.uk.

3. How we use your data and our lawful bases

PurposeLawful basis
Creating and managing your account; providing the Service and generating your reportsPerformance of a contract
Processing subscription payments and renewalsPerformance of a contract
Sending service and transactional emails (e.g. verification, password reset, reports, billing notices)Performance of a contract
Securing the Service, preventing fraud and abuse, and improving our productLegitimate interests
Keeping accounting and tax recordsLegal obligation
Sending marketing emails (where applicable)Consent (you can opt out at any time)

4. Payment processing

Subscription payments are handled by Stripe, a PCI-DSS compliant payment processor. When you pay, your card details are collected and processed directly by Stripe under its own privacy terms. We receive confirmation of payment and limited details (such as the last four digits of your card and its expiry) but not your full card number.

5. Who we share your data with

We do not sell your personal data. We share it only with service providers who help us run the Service, under appropriate contracts, including:

  • Stripe — payment processing.
  • Amazon Web Services (AWS) — hosting and infrastructure (our production data is hosted in the EU/UK region).
  • Email service providers — to send transactional and support emails on our behalf.

We may also disclose data where required by law or to protect our legal rights.

6. International transfers

Some of our providers (such as Stripe) may process data outside the UK. Where data is transferred outside the UK, we ensure an appropriate safeguard is in place, such as a UK adequacy decision or the International Data Transfer Agreement / Standard Contractual Clauses.

7. How long we keep your data

We keep your account and assessment data for as long as your account is active and for a reasonable period afterwards. Billing and transaction records are kept for at least six years to meet UK tax and accounting requirements. When data is no longer needed, we securely delete or anonymise it.

8. Your rights

Under UK data protection law you have the right to:

  • access a copy of your personal data;
  • have inaccurate data corrected;
  • have your data erased in certain circumstances;
  • restrict or object to certain processing;
  • data portability;
  • withdraw consent where we rely on it.

To exercise any of these rights, email support@restroiq.uk. If you are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk, although we would appreciate the chance to address your concerns first.

9. Cookies

Our websites use cookies and similar technologies that are necessary for the Service to function (for example, to keep you signed in). We may also use analytics cookies to understand how the Service is used and improve it. You can control non-essential cookies through your browser settings or any cookie banner we provide.

10. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit, hashed passwords, access controls and secure cloud infrastructure. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

11. Children

The Service is intended for businesses and is not directed at children. We do not knowingly collect personal data from anyone under 18.

12. Changes to this policy

We may update this Privacy Policy from time to time. We will post the updated version here with a revised “Last updated” date, and notify you of material changes where appropriate.

13. Contact us

For any questions about this policy or your personal data, contact support@restroiq.uk.

RESTROIQ LTD — registered in England and Wales, company number 17215432. Registered office: Flat 29, Middlepark Drive, Birmingham, B31 2FQ.