Privacy Policy
Alfergy Privacy Policy
Quick summary
Alfergy is a service operated by Alfergy Ltd(company number 17231218, incorporated 20 May 2026 in England and Wales, registered office Canada House, St Leonards Road, Allington, Maidstone, Kent ME16 0LS). We provide allergen-aware menu pages for independent restaurants.
This notice tells you what data we collect, why, how long we keep it, who we share it with, and what rights you have. It is divided into three sections so you can read the part that applies to you:
- Section A — Diners. If you have arrived at an Alfergy menu page after booking a table at a restaurant that uses our service.
- Section B — Restaurants. If you are a restaurant owner or staff member using or considering using our service.
- Section C — Marketing site and enquiry form. If you visited alfergy.co or completed our enquiry form.
The rest of the notice (sub-processors, transfers, retention, rights, contact) applies to all three.
Alfergy Ltd’s ICO data protection fee registration is ZC152639 (registered 20 May 2026, expires 19 May 2027).
Section A — Diners (you have arrived at a restaurant’s Alfergy menu)
This is the most important section if you have come to Alfergy via a link from a restaurant where you have booked a table. Please read it before you tick the consent boxes on the menu page.
A1. Who is the controller of your data?
There are two roles in UK data protection law that matter here:
- A controller decides why and how your data is processed. The controller is the organisation responsible to you under UK GDPR.
- A processor acts only on the controller’s instructions.
For the allergen information you give us on the menu page:
- The restaurant (named at the top of the menu page) is the controller. They have asked us to collect this information from you so they can prepare your pre-order.
- Alfergy Ltd is the processor. We operate the platform on the restaurant’s behalf under a Data Processing Agreement.
For the technical operation of the website (cookies strictly necessary for the session, security logs, the consent audit record), Alfergy is the controller in its own right.
A2. What we collect from you and why
| Data | Why we collect it | Lawful basis |
|---|---|---|
| Your party booking details (booker name, email, booking date and time) | To match your pre-order to your booking | UK GDPR Article 6(1)(b) — performance of the pre-order arrangement you are entering into with the restaurant |
| The allergens you declare for yourself or each diner in your party | To personalise the menu and submit your pre-order to the restaurant | UK GDPR Article 6(1)(a) and Article 9(2)(a) — explicit consent (allergen data is special category health data) |
| First name of a child, where a parent is consenting on behalf of a child | To identify the child to the restaurant for the pre-order | As above |
| The pre-order itself (dishes selected, dietary notes you add) | To send the pre-order to the restaurant | UK GDPR Article 6(1)(b) |
| Your IP address, browser user-agent, and the time you ticked the consent boxes | To record that consent was given properly and to operate the site securely | UK GDPR Article 6(1)(c) — compliance with our legal obligation to be able to demonstrate consent under Article 7; and Article 6(1)(f) — legitimate interest in platform security |
| The exact text of the consent boxes you saw and a cryptographic hash of that text | To prove later, if asked, exactly what you consented to | Article 6(1)(c) as above |
A3. What allergen data is, in plain terms
Allergen information is treated as special category data under UK GDPR Article 9 because it concerns your health. UK law requires a stricter basis than for ordinary personal data. We rely on your explicit consent under Article 9(2)(a), captured on the two-tick consent screen you see before the menu loads.
The two ticks are not the same thing:
- The first tick confirms you understand the persistent disclaimer — that allergen information is provided by the restaurant, that you will always confirm with staff on arrival, and that Alfergy does not guarantee the absence of allergens or prevent cross-contact.
- The second tick is your explicit consent to processing your allergen information as special category health data, for the limited purpose of preparing your pre-order.
You can refuse either tick. If you refuse, the menu will not load and no pre-order will be submitted. There is no penalty for refusing — you can still attend your booking and speak to staff in person.
A4. Who we share your data with
We share your data with:
- The restaurant you booked with. This is the whole point of the pre-order. They will see the allergens you declared and the dishes you selected.
- Our sub-processors (see the table further down this notice). These are the technical providers who run the website, database, email, and so on. They do not use your data for their own purposes.
We do not share your data with advertisers, data brokers, social media platforms, or any third party that is not necessary to operate the service.
A5. How long we keep your data
- Your allergen declarations and pre-order: passed to the restaurant on submission. Your active diner session on Alfergy is held only as long as the page is open and the booking is in the near future, then deleted on session expiry plus a short technical buffer.
- The consent audit record (your tick selections, the rendered text you saw, IP, user-agent, time): retained for 6 years from the date of the session to meet the UK GDPR Article 7(1) requirement that we be able to demonstrate consent. Your IP address is anonymised after 12 months.
- The booking metadata (name, email, booking time): retained for the duration of the booking and a short period afterwards, then deleted.
If, after submission, you want any retained record about you deleted earlier, write to us at the address in Section E and we will erase what we can, subject to the limits explained in Section E (some records — particularly the consent audit log — may need to be retained for the 6-year period to meet our own legal obligations under Article 7).
A6. Your rights as a diner
UK GDPR gives you the following rights in relation to the data we hold about you:
- Right of access — to be told what data we hold about you and to receive a copy.
- Right to rectification — to have inaccurate data corrected.
- Right to erasure — to have your data deleted, subject to the limits above.
- Right to restrict processing — to ask us to stop using your data while a question is resolved.
- Right to data portability — to receive your data in a machine-readable format.
- Right to object — to processing on legitimate-interest grounds.
- Right to withdraw consent — at any time. For the explicit consent you give on the menu page, you can withdraw at any time before you submit the pre-order by closing the page or selecting Cancel pre-order. After you submit, the pre-order is in the hands of the restaurant; withdrawal at that point requires you to contact the restaurant directly.
- Right to complain to the Information Commissioner’s Office — at ico.org.uk or 0303 123 1113. You have this right regardless of whether you have first contacted us.
There is no automated decision-making within the meaning of Article 22 (decisions producing legal or similarly significant effects) in the diner flow. The colour codes on the menu are produced by software but the underlying allergen data was signed off by a person at the restaurant before the page went live; the decision about what you eat remains yours, in consultation with restaurant staff.
A7. What Alfergy does not do for diners
So there is no doubt:
- We do not create an Alfergy account for you. There is no login, no password, no persistent profile.
- We do not track you across restaurants. Each restaurant’s menu page is a separate, transient session.
- We do not use your data for marketing, advertising, or product development.
- We do not sell, license, or otherwise make your data available to anyone except the restaurant you booked with and the sub-processors listed below.
Section B — Restaurants (you use Alfergy as a customer)
If you are a restaurant owner, manager, or staff member using Alfergy to publish menu pages, this section applies to you in respect of your own account and business data. (For the diner data you collect via Alfergy, see Section A and the Data Processing Agreement we have with you.)
B1. Who is the controller?
For your own account, business contact details, billing, and the menu/allergen data you upload about your own business, Alfergy Ltd is the controller.
B2. What we collect from you and why
| Data | Why we collect it | Lawful basis |
|---|---|---|
| Your name, business email, restaurant name and address | To operate your account and communicate with you | UK GDPR Article 6(1)(b) — performance of the Customer Terms / customer agreement |
| Authentication data (magic-link tokens, session cookies) | To let you log in to the dashboard | Article 6(1)(b) |
| Menu and allergen sheets you upload | To produce your Alfergy menu page | Article 6(1)(b) |
| Per-menu sign-off records (signing email, IP, user-agent, time, JSON snapshot, hash) | To be able to demonstrate the sign-off later if questioned | Article 6(1)(c) — compliance with our legal obligations, and Article 6(1)(f) — legitimate interest in being able to evidence our own conduct in the event of a complaint or claim |
| Founder review records, including any session where we acted as your account (“impersonation”) on your request | Operational support and audit | Article 6(1)(f) — legitimate interest in supporting customers and maintaining audit integrity |
| Billing data (subscription payments processed by Stripe; card data handled by Stripe, not stored by Alfergy) | To collect payment | Article 6(1)(b) |
Note that the menu and allergen data you upload may also identify the staff member you name as the sign-off authority. We treat that as personal data about that individual member of staff. If they are someone other than you, you should ensure they know about this notice.
B3. Sub-processors and international transfers — restaurants
These are listed in the consolidated sub-processor table below. The same list applies whether we are processing your business data as controller or processing diner data on your behalf as processor.
B4. Retention — restaurants
- Account data: duration of your contract with us, plus 6 years to align with the UK limitation period.
- Sign-off audit logs: 6 years from the date of the sign-off.
- Founder-impersonation records: 6 years from the session date.
- Billing data: 6 years (HMRC retention requirement).
B5. Your rights as a restaurant data subject
The same rights listed in Section A6 apply to you in respect of your own personal data (your own name, email, IP, etc.). For data about your business (turnover, opening hours, etc.) those are not “personal data” under UK GDPR and the rights do not bite.
Section C — Marketing site and enquiry form
If you visited alfergy.co or completed the enquiry form on our landing page, this section applies.
C1. The landing-page form
When you submit the enquiry form on alfergy.co, we receive:
- Your email address
- Anything else you choose to include in the form (restaurant name, message)
- Technical metadata (IP, user-agent, time)
At this point, no agreement exists between you and Alfergy. We process this data:
- Under UK GDPR Article 6(1)(b) — to take steps at your request prior to entering into a contract — to triage your enquiry and respond.
- As a documented fallback, Article 6(1)(f) — legitimate interest — for the limited purpose of retaining a record of your enquiry if it does not lead to a contract.
We retain enquiry submissions for 24 months from submission, or earlier if you ask us to delete them.
The form is operated by Formspree (form ID xkokjbrk), a US-based service. Submissions are transferred to the US (see the sub-processor table and the International Transfers section).
C2. Cookies and analytics
Alfergy operates with strictly necessary cookies only:
- Session cookie (to keep you logged in to the dashboard, where applicable)
- CSRF token (to prevent cross-site request forgery on form submissions)
We do not run any analytics provider, error tracking, session-replay tool, heatmap tool, or advertising pixel. We do not use Cloudflare or a separate CDN. We do not have any third-party cookie partners.
Because we do not set non-essential cookies, we do not display a cookie consent banner under the Privacy and Electronic Communications Regulations (PECR). If we add any non-essential cookies in future, we will add a consent mechanism first.
Sub-processors (applies to all sections)
We use the following sub-processors. We will update this list and notify restaurant customers in advance of material changes (30 days’ notice, per our Data Processing Agreement). Diners are notified of changes through updates to this notice.
| Sub-processor | What they do for us | Location | Transfer mechanism |
|---|---|---|---|
| Vercel Inc. | Hosting, build, edge, function execution | US / EU | UK Extension to the EU–US Data Privacy Framework; UK IDTA Addendum to EU SCCs in Vercel’s DPA as fallback |
| Vercel Blob | Storage of uploaded menu and allergen files (operated by Vercel) | EU region | As above |
| Neon Inc. | Postgres database, including audit/sign-off logs | EU region (Frankfurt / Dublin) | Neon’s DPA incorporates EU SCCs + UK IDTA Addendum; DPF status of Neon to be confirmed |
| Anthropic PBC | Claude API — used to parse restaurant menu PDFs and allergen sheets into structured data for the restaurant to review | US | EU SCCs (Module 2 — Controller to Processor) + UK IDTA Addendum, per Anthropic’s commercial DPA |
| Resend | Transactional email (magic links, sign-off confirmations, founder notifications) | EU / US | EU–US DPF; EU SCCs + UK IDTA Addendum as fallback |
| Stripe Inc. | Billing and payment processing — subscription billing via Stripe Checkout | US / EU | EU–US DPF; EU SCCs + UK IDTA Addendum |
Formspree (form ID xkokjbrk) | The landing-page enquiry form on alfergy.co/ — controller-side sub-processor of Alfergy only; not in the restaurant DPA chain | US | UK IDTA |
Authentication is handled by an open-source library (Auth.js / next-auth) running on our own infrastructure. It is not a separate sub-processor.
We do not use, and have not engaged: any analytics provider, any error-tracking service, any session-replay or heatmap tool, any payment processor other than Stripe, any separate CDN, or Cloudflare.
International transfers (applies to all sections)
Some of our sub-processors are based in the United States. Where data is transferred to the US, we rely on one of the following safeguards in each case, as set out in the table above:
- The UK Extension to the EU–US Data Privacy Framework, where the recipient is a certified DPF participant;
- The European Commission’s Standard Contractual Clauses with the UK International Data Transfer Addendum, where DPF certification is not available;
- The UK International Data Transfer Agreement, where used directly.
For Anthropic specifically (the AI parser): restaurant menus and allergen sheets are transferred to Anthropic in the United States under EU SCCs + UK IDTA Addendum. Diner allergen declarations are not sent to Anthropic. Diner declarations are processed only within our database (Neon, EU region) and shared with the restaurant.
You can ask us for a copy of the relevant safeguards in place by emailing the address in the contact section below.
Retention (consolidated)
| Data | How long we keep it |
|---|---|
| Diner allergen declarations and pre-order content | Held during the active diner session; deleted on session expiry plus a short technical buffer |
| Diner consent audit records (IP, user-agent, tick selections, rendered text, hash) | 6 years from the date of the session; IP anonymised after 12 months |
| Bug report submissions from the diner-facing error path | 6 years from creation; any optional email anonymised 30 days after the issue is marked resolved (or 90 days from creation if never resolved) |
| Restaurant account, sign-off audit logs, founder-impersonation records | 6 years from the relevant event |
| Restaurant billing data | 6 years (HMRC retention) |
| Landing-page enquiry submissions (Formspree) | 24 months |
| Founder business correspondence held in our mailbox | Per Alfergy Ltd’s document retention schedule |
The 6-year period reflects the limitation period for contractual and tortious claims in England and Wales (Limitation Act 1980).
Your rights (consolidated)
Wherever Alfergy is the controller of your data, you have the rights set out in UK GDPR Articles 15–22 plus the right under Article 7(3) to withdraw consent and the Article 21 right to object. These are summarised in Section A6 and apply equally to restaurant data subjects.
Where Alfergy is the processor and the restaurant is the controller (diner allergen data), you can exercise your rights against the restaurant directly. If you contact us in that situation, we will route your request to the restaurant within a reasonable period.
To exercise any right, email privacy@alfergy.co.
You can also complain to the UK Information Commissioner’s Office at ico.org.uk or 0303 123 1113. You do not need to contact us first.
AI processing and automated decision-making
We use an AI system (Anthropic’s Claude) to parse restaurant menu PDFs and allergen sheets into a structured form. A person at the restaurant reviews and signs off the output before any Alfergy menu page goes live. The AI does not make the final decision about what is published.
We do not carry out automated decision-making within the meaning of UK GDPR Article 22 — that is, decisions producing legal or similarly significant effects on you, taken without human review. The colour codes on a diner-facing menu are produced by software but the underlying allergen data was signed off by a person at the restaurant before the page went live.
From 2 August 2026, when the EU AI Act Article 50 takes effect, we will comply with the additional transparency obligations Article 50 imposes on providers and deployers of AI systems that interact with natural persons or generate or manipulate content.
Children
Alfergy is not directed at children. We do not knowingly collect personal data from anyone under the age of 13.
Where a parent or person with parental responsibility uses the diner flow to pre-order on behalf of a child, the parent gives the explicit consent under Article 9(2)(a) and provides only the child’s first name and the allergens that affect the child. We rely on the parent’s confirmation that they have parental responsibility. The exact treatment of parental consent in this transient flow is being reviewed by our solicitor; this notice will be updated if the position changes.
Changes to this notice
We will update this notice from time to time. The version tag at the top of this page tells you which version is currently in force. Where we make a material change — particularly to lawful bases, sub-processors, retention, or your rights — we will notify restaurant customers by email and surface the change on the next visit. Diners will see any change reflected in the version shown in the consent screen.
This is version 1.1, dated 20 May 2026, published as an interim notice. v1.1 reflects the transfer of the Alfergy product line to Alfergy Ltd (incorporated 20 May 2026, CRN 17231218). The previous version was v1 dated 19 May 2026. It will be replaced by a solicitor-drafted version in due course. The history of versions is available on request.
Contact and complaints
Controller for Alfergy data: Alfergy Ltd
Company number: 17231218
Incorporated: 20 May 2026 (England and Wales)
Registered office: Canada House, St Leonards Road, Allington, Maidstone, Kent ME16 0LS
ICO registration: ZC152639
Email for privacy queries and rights requests: privacy@alfergy.co
We do not have a Data Protection Officer because we are not required to appoint one under UK GDPR Article 37. Privacy queries are handled by the company director (Ben Smith).
You can complain to the Information Commissioner’s Office:
Website: ico.org.uk
Phone: 0303 123 1113
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
This notice is published under UK GDPR Articles 13 and 14. It is intended to be read alongside our diner terms (linked from the consent screen on every restaurant’s Alfergy menu page) and, for restaurants, our Customer Terms and Data Processing Agreement.