Privacy Policy

1. Who this policy applies to

This policy applies to the use of the WhatFood mobile application and the related app services that support restaurant discovery, startup routing, restaurant switching, optional QR add flows, and restaurant web sessions opened from inside the app.

WhatFood operates the application experience. Each restaurant available through the app is an independent business and may act as a separate controller or business for the order data it collects through its own website, checkout, booking flow or customer support process.

In particular, where you submit order details, delivery information, booking requests, payment details or merchant-side support requests through a restaurant experience, that restaurant is generally responsible for its own notices, legal bases, retention decisions and responses to customer rights requests for that merchant-side data.

2. The data we may handle

2.1 Restaurant list and local app state

The app stores your selected restaurants, active restaurant selection and certain startup state on your device so that the app can reopen consistently and return you to the right restaurant experience.

2.2 Camera access for QR-based restaurant add flows

If you use the QR add feature, the app asks for camera permission so it can scan a restaurant QR code. Camera frames are used to decode the QR content for that purpose and are not published by WhatFood as a customer photo feature.

2.3 Deferred install signals

If you install the app from a supported restaurant landing page, the app may receive a restaurant identifier after installation so it can initialise the correct restaurant on first open. On Android this may use Google Play Install Referrer. On iPhone this may use a pasteboard-based install handoff when supported by the landing page.

2.4 Search and on-device discovery signals

The app may expose supported restaurants to device-level search features so that a user can reopen a previously added restaurant quickly. These entries are designed to reflect the restaurants already available inside the app.

2.5 Game Centre and optional local features

If the Game Centre or similar optional in-app features are available in your version of the app, associated progress or cached state may be stored locally on your device.

2.6 Restaurant website session data

When you open a restaurant website inside the app, the restaurant site may place its own cookies, local storage or checkout/session data within that web session. Those technologies are controlled by the relevant restaurant and its service providers, not by this app privacy policy alone.

For example, those technologies may be used to keep you signed in to a restaurant web session, remember basket contents or preferences, preserve checkout progress, or support restaurant-operated payment and booking flows. Clearing app data, clearing browser-style storage or uninstalling the app may remove this locally stored session information.

3. Why we use this data

• To start the app in the correct restaurant context.
• To let you add, switch and reopen restaurants that you have already chosen.
• To support QR onboarding and other app entry routes.
• To support restaurant web sessions opened from the app.
• To maintain service quality, safety, troubleshooting and product continuity.

4. Legal bases

Depending on your location and the specific processing activity, WhatFood may rely on contractual necessity, legitimate interests, legal compliance, or your consent where consent is required.

Restaurant-side order fulfilment, booking and payment processing will typically rely on the legal bases stated in that restaurant’s own privacy policy.

5. Data sharing

WhatFood may share limited app-level data with service providers that help operate the app, such as hosting, security, crash diagnostics, messaging, analytics or infrastructure providers, where this is necessary to operate the application.

Order, booking and checkout information that you submit on a restaurant website may be shared directly with that restaurant and its own processors under that restaurant’s policies.

6. International transfers and retention

Some of WhatFood’s or a restaurant’s service providers may process data outside your home jurisdiction. Where required, appropriate safeguards should be used for those transfers.

Retention periods depend on the type of data. Some app state is kept on-device until you remove a restaurant, clear app data or uninstall the app. Restaurant-side retention is governed by the relevant restaurant and its providers.

7. Your rights

Subject to applicable law, you may have rights to access, correct, erase, restrict or object to certain processing, and to request a copy of relevant personal data.

For app-level questions, please use the contact route published on www.whatfood.co.uk. For order-specific, reservation-specific or checkout-specific requests, you should also contact the restaurant involved because it may control that data separately.

8. Children and linked restaurant services

The app is designed as a restaurant aggregation application and is not intentionally designed as a child-directed service. Restaurant websites, menus, offers and promotions are created by the relevant restaurants and may vary between merchants.

9. Changes to this policy

We may update this Privacy Policy from time to time to reflect changes to the app, legal requirements or operational arrangements. The version published on this page is the current WhatFood app privacy policy.