Privacy Policy

This Privacy Policy explains how Deelz (operated by Kaeronea Limited, a company registered in England and Wales under company number 14797526, with its registered office at 86-90 Paul Street, London, England, EC2A 4NE, referred to as "Deelz", "we", "us", or "our") collects, uses, and protects your personal data when you use our website (deelz.uk), the restaurant portal (portal.deelz.uk), and our iOS app.

We're a small team building a restaurant-deals discovery platform for London. We only collect data we actually need to make the service work, and we don't sell your data to anyone. This policy is written to be understandable rather than defensively vague.

1. Who this applies to

There are three kinds of people who interact with Deelz, and we treat their data differently:

• Diners (consumers) - people browsing deals on the website or iOS app.
• Restaurants - people who sign up for a portal account to list deals on behalf of their business.
• Visitors - people who land on deelz.uk without creating an account.

2. What we collect

Account information

• Your name, email address, and password (only if you use email sign-in).
• Authentication details from Google or Apple if you sign in with those providers - typically your name, email, and a profile ID.
• For restaurant accounts: your restaurant name, location addresses, phone numbers, business social handles, and any images you upload.

Usage data

• Which deal cards you view, tap, save to favorites, or set reminders for.
• Which buttons you click (e.g., "Get directions", "Visit website").
• Broad device information (device type, browser) for diagnostics.
• Approximate IP-derived location, and precise location only if you grant the permission in your browser or iOS app (used for "deals near me").

Analytics for restaurants

Restaurants see aggregated stats about their own deals - total views, favorites, website clicks, etc. They do NOT see individual users, emails, or identifying data.

3. How we use your data

• To operate Deelz - log you in, show deals near you, let restaurants manage their listings.
• To show restaurants how their deals are performing (aggregated only).
• To send essential transactional emails (deal approvals, password resets, account notifications).
• To detect and prevent abuse or fraud.
• To improve the product - which features get used, where people drop off, etc.

We do not sell your personal data. We do not share your personal data with advertisers.

4. Who we share data with

We only share personal data with service providers we rely on to run Deelz, and only what they need to do their job:

• Google (Firebase) - hosts our database, authentication, file storage, and analytics pipeline. Data is stored on Google Cloud infrastructure, primarily in EU regions (eur3 multi-region) and europe-west2 / europe-west4.
• Squarespace - manages our DNS records for deelz.uk.
• Unsplash - seed-data deal images only; no user data shared.

We may also disclose data if required by law, to enforce our Terms of Service, or to protect the rights and safety of Deelz, our users, or the public.

5. Where your data lives

Your data is stored primarily in the European Union (Ireland, London, Netherlands regions). If we ever need to transfer data outside the EU/UK - for example to use a US-based service - we'll rely on Standard Contractual Clauses or other legally-recognised safeguards.

6. How long we keep data

• Account data - as long as your account exists, plus up to 30 days after deletion to allow for recovery.
• Deal listings - indefinitely, even for inactive restaurants, unless you ask us to delete them.
• Usage and analytics - raw event data for up to 2 years; aggregated stats indefinitely.
• Support correspondence - typically 2 years.

7. Your rights under UK GDPR

You have the following rights over your personal data. To exercise any of them, email privacy@deelz.uk.

• Access - ask for a copy of the data we hold on you.
• Rectification - ask us to correct inaccurate data.
• Erasure ("right to be forgotten") - ask us to delete your data.
• Portability - ask for your data in a machine-readable format.
• Objection - object to certain kinds of processing (e.g., direct marketing).
• Restriction - ask us to pause processing in specific circumstances.
• Withdraw consent - withdraw any consent you've given (e.g., location permission).

We'll respond within 30 days. If you're unhappy with how we handle your data, you can also complain to the UK Information Commissioner's Office (ico.org.uk).

8. Cookies and similar tech

We use a small number of cookies and local storage entries, all essential for the service:

• Firebase authentication cookies to keep you logged in.
• Local storage for your theme preferences, favorites (on the iOS app), and UI state.

We don't use tracking cookies or third-party advertising pixels. Because our cookies are all essential we don't currently show a cookie banner - this will change if we add any non-essential ones.

9. Children

Deelz is not designed for or directed to children under 13. We don't knowingly collect data from anyone under 13. If you think a child has created an account, contact us and we'll remove it.

10. Security

We use industry-standard security practices: HTTPS everywhere, bcrypt/Firebase-managed password hashing, principle-of-least-privilege access controls, and Google Cloud's physical and network security. No system is perfect - if we ever suffer a security incident affecting your data, we'll notify you promptly and report it to the ICO as required.

11. Changes to this policy

If we make material changes, we'll update the "Last updated" date at the top and notify existing users by email. Continued use of Deelz after the changes go live counts as acceptance.

12. Contact

Questions, complaints, or GDPR requests: privacy@deelz.uk

Data Controller: Kaeronea Limited (company number 14797526), registered office: 86-90 Paul Street, London, England, EC2A 4NE.

This is a good-faith plain-English summary of how we handle your data. It isn't legal advice. If you run a legal team, have them review this before relying on it.