Scan55Back to Dashboard →

Legal

Privacy Policy

Last updated: 11 April 2026

1. Who We Are

Scan55 ("we", "us", "our") provides digital QR menu software to restaurants and hospitality venues. Our registered address is in the United Kingdom. We are the Data Controller for the personal data of our business customers. For data collected on behalf of restaurants (their end customers), the restaurant operator is the Data Controller and Scan55 acts as Data Processor.

2. What Data We Collect

We collect the following categories of personal data:

  • Account data: Name, email address, restaurant name, and password (hashed) when you create an account.
  • Billing data: Payment method details (processed by Stripe — we never store raw card numbers), billing address, and VAT number.
  • Usage data: Menu views, QR code scans, and feature usage to improve our service.
  • Customer visit data: Device fingerprint hashes, browser type, and consent preferences — collected on behalf of restaurant operators only with explicit customer consent.

3. Legal Basis for Processing (UK GDPR)

We process your data under the following lawful bases:

  • Contract (Art. 6(1)(b)): To provide our service and manage your subscription.
  • Legal obligation (Art. 6(1)(c)): To comply with VAT, financial, and legal requirements.
  • Legitimate interests (Art. 6(1)(f)): To improve our platform and prevent fraud.
  • Consent (Art. 6(1)(a)): For marketing communications and end-customer tracking features.

4. How We Use Your Data

  • Providing and improving the Scan55 platform
  • Processing subscription payments and issuing VAT invoices
  • Sending transactional emails (invoices, account alerts)
  • Providing customer support
  • Complying with legal and regulatory obligations

5. Data Sharing

We share data only with trusted processors necessary to deliver our service:

  • Stripe: Payment processing
  • Supabase: Database and authentication infrastructure
  • Resend: Transactional email delivery
  • Vercel: Application hosting

We do not sell personal data to third parties.

6. Data Retention

  • Account data: Retained for the duration of your subscription plus 7 years for legal/tax compliance.
  • Customer visit data: Retained for 24 months from last scan, then automatically deleted.
  • Invoice records: Retained for 7 years under UK tax law.

7. Your Rights

Under UK GDPR you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erasure ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise any right, contact us at privacy@scan55.com. We will respond within 30 days.

8. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies on our platform without consent. Restaurant operators may enable optional analytics features which use consent-gated device fingerprinting — not traditional cookies.

9. International Transfers

Your data is stored on UK-based infrastructure. Where any processor operates outside the UK, we ensure appropriate safeguards are in place including UK Standard Contractual Clauses (SCCs).

10. Security

We implement industry-standard security measures including encryption at rest and in transit, hashed passwords, SHA-256 hashed device identifiers, and regular security reviews. No system is completely secure — please contact us immediately if you suspect a breach.

11. Changes to This Policy

We may update this policy from time to time. We will notify you by email of any material changes. Continued use of Scan55 after changes constitutes acceptance.

12. Contact & Complaints

For privacy queries: privacy@scan55.com

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Scan55
Privacy PolicyTerms of Servicesupport@scan55.com