Privacy Policy

Data controller: MDMP Technologies Ltd
Product: Fourked
Email: [email protected]
Registered address: [Insert registered office address]

If you have questions about this Policy or want to exercise your rights, contact us at [email protected].

A) Restaurant staff (accounts)

If you are a restaurant owner/admin/staff using Fourked's management features, we may collect:

• Account details: name (if provided), email address
• Authentication data: password (stored as a secure hash, not in plain text)
• Access and usage: role/permissions, restaurants you have access to, last login time, and actions taken in the dashboard
• Support communications: if you contact us, the content of your message and our responses

B) Diners (anonymous users of digital menus)

Diners typically do not create accounts. We may collect limited data to run and improve the Service:

• Device and technical data: IP address (may be logged), device type, browser type, operating system, language settings
• Approximate location inferred from IP (city/region-level)
• Usage and interaction analytics (custom analytics): pages viewed, menu views, item opens, searches, filter usage, clicks (e.g., "Google review" click), timestamps, and session identifiers

We do not intentionally collect special category data (e.g., health, religion). Dietary/allergen filtering interactions are treated as functionality/analytics data and are not intended for sensitive profiling.

C) Cookies and similar technologies

We use cookies and similar technologies to keep the site working (essential cookies) and measure usage and performance (analytics cookies). See Section 9 for more detail.

D) Payments (planned)

Fourked does not currently process payments. When we introduce payments using Stripe Connect, we will process transaction-related data such as order totals, payment status, and identifiers needed to reconcile payments. We will not store full card details; card payments will be handled by Stripe.

We use information collected through the Service to operate it. Some of this information is personal data under UK GDPR (for example, a staff member's email address or a diner's IP address / session identifier).

We use this information to:

• Provide and operate the Service (e.g., staff account access, menu rendering for diners)
• Secure the Service and prevent fraud or abuse
• Provide support and respond to requests
• Monitor performance, debug issues, and improve the Service (including aggregated analytics)
• Comply with legal obligations

We rely on the following legal bases:

• Contract: to provide the Service to restaurant staff and fulfil our obligations (e.g., account access)
• Legitimate interests: to secure, maintain, and improve the Service, and understand how it is used (analytics, troubleshooting), balanced against user privacy
• Consent: where required for non-essential cookies/analytics (see Section 9, depending on your cookie banner/settings)
• Legal obligation: where we must comply with legal requirements

We may share data with:

• Service providers (processors) who help us run the Service, such as hosting/database providers and storage/CDN providers (eu-west-2 / London region where applicable)
• Restaurant partners: authorised users within the same organisation/restaurant can access relevant dashboard data; diner analytics may be shared in aggregated or operational form and is not intended to identify individual diners
• Legal and safety: if required by law or to protect rights, safety, and security
• Business transfers: if MDMP is involved in a merger, acquisition, or asset sale (we would provide notice where required)

We do not sell personal data.

We primarily operate in the UK. Some service providers may process data outside the UK. Where international transfers occur, we will use appropriate safeguards as required under UK data protection law.

We implement reasonable technical and organisational measures to protect personal data, including:

• Access controls and least-privilege permissions
• Encryption in transit (HTTPS)
• Secure password storage (hashed)
• Logging/monitoring for security and reliability

No system is 100% secure. Please use strong passwords and keep login details confidential.

We keep personal data only as long as needed for the purposes described above, including as long as staff accounts remain active or as required for legitimate business needs. Where practical, we may anonymise or aggregate data for analytics so it no longer identifies individuals.

For the purposes we rely on, see Section 3 and Section 4.

We use cookies to support core site functionality and analytics:

• Essential cookies: required for the website to work (e.g., security, session management).
• Analytics cookies: help us understand usage and improve performance.

You can usually control cookies through our cookie banner/preferences and your browser settings. In the UK, cookies and similar technologies are governed by e-privacy rules (including PECR) alongside UK data protection law. Blocking cookies may affect site functionality.

Depending on your situation, you may have rights to:

• Access your personal data
• Correct inaccurate data
• Request deletion
• Restrict processing
• Object to processing (especially where we rely on legitimate interests)
• Data portability (where applicable)
• Withdraw consent (where processing is based on consent)

To exercise rights, email [email protected]. We may need to verify your identity. You also have the right to complain to the UK regulator: the Information Commissioner's Office (ICO).

Fourked is not directed at children and we do not knowingly collect personal data from children.

We may update this policy from time to time. We will update the "Last updated" date, and if changes are material, we will take reasonable steps to notify users.