DEELZ

Privacy Policy

Plain English on what we collect and why.

Last updated: 21 April 2026

This Privacy Policy explains how Deelz (operated by Kaeronea Limited, a company registered in England and Wales under company number 14797526, with its registered office at 86-90 Paul Street, London, England, EC2A 4NE, referred to as "Deelz", "we", "us", or "our") collects, uses, and protects personal data when you use our website (deelz.uk), the restaurant portal (portal.deelz.uk), our admin console (admin.deelz.uk), our outreach domain (mail.deelz.uk), and our iOS app.

We're a small team building a restaurant-deals discovery platform for London. We only collect data we actually need to make the service work, we don't sell your data to anyone, and we don't run third-party advertising. This policy is written to be understandable rather than defensively vague.

1. Who this applies to

Four kinds of people interact with Deelz, and we treat their data differently:

  • Diners (consumers) - people browsing deals on the website or iOS app.
  • Restaurants - people who sign up for a portal account to list deals on behalf of their business.
  • Restaurants we contact - businesses we reach out to by email who haven't yet signed up. See Section 10 for the specific rules that apply to you.
  • Visitors - people who land on deelz.uk without creating an account.

2. What we collect

Account information

  • Your name, email address, and password (only if you use email sign-in).
  • Authentication details from third-party sign-in providers (if you use them) - typically your name, email, and a provider-issued ID.
  • For restaurant accounts: your restaurant name, location addresses, phone numbers, business social handles, and any images you upload or we import from your own website with your consent.

Usage data

  • Which deal cards you view, tap, save to favorites, or set reminders for.
  • Which buttons you click ("Get directions", "Visit website", etc.).
  • Broad device information (device type, browser, app version) for diagnostics.
  • Approximate IP-derived location, and precise location only if you grant the permission in your browser or iOS app (used for "deals near me" and walk-time estimates). Your precise coordinates are never sent to our analytics - only rounded values.
  • Marketing attribution signals from links you click. We store these in your browser for a limited window so we can understand which channels bring people to Deelz. They are not shared with ad networks.

Analytics for restaurants

Restaurants see aggregated stats about their own deals - total views, favorites, website clicks, directions, etc. They do NOT see individual users, emails, or identifying data.

Content we process with AI

When a restaurant uses our AI-assisted features (for example, the "Scan website for deals" button or profile autofill), we fetch the public pages of the restaurant's own website and send the cleaned text to our AI sub-processor to draft suggestions. We don't pass user account credentials, diner data, or analytics to AI providers. The outputs are proposals - a human operator chooses what, if anything, to publish.

Images we import

With the operator's action, we may download images referenced from a restaurant's own website (typically the page preview image) and store a copy on our infrastructure so the deal card displays reliably. These images remain subject to the restaurant's rights; we store them for the purpose of running their Deelz listing only.

3. How we use your data

  • To operate Deelz - log you in, show deals near you, let restaurants manage their listings.
  • To show restaurants how their deals are performing (aggregated only).
  • To send essential transactional emails - deal approvals, password resets, account notifications, trial reminders.
  • To send marketing emails to operators who've signed up, until they opt out. Marketing emails carry a one-click unsubscribe link and accept a reply of "STOP" or "UNSUBSCRIBE".
  • To detect and prevent abuse or fraud.
  • To improve the product - which features get used, where people drop off.

We do not sell your personal data. We do not share your personal data with advertisers. We do not run third-party advertising pixels.

4. Sub-processors we work with

We rely on a small number of third-party service providers to run Deelz. They are bound by data processing agreements and only receive what they need to do their job:

  • Cloud infrastructure - hosts our database, file storage, authentication, backend functions, and app hosting. Primarily in EU regions.
  • Map and location services - powers search, maps, and address autocomplete on our surfaces.
  • Analytics - privacy-respecting product analytics running under Consent Mode. Cookies only drop after you accept our cookie banner. IP addresses are anonymised at source.
  • AI sub-processor - processes public website text we fetch to help restaurants draft listings. Does not receive user account data.
  • Email delivery - sends our transactional and marketing emails.
  • Sign-in providers - if you use "Sign in with Apple" or a similar federated option.
  • Push notification delivery - if you've allowed push on iOS.

We keep a current sub-processor list internally and can share the specific vendor names on request at privacy@deelz.uk.

We may also disclose data if required by law, to enforce our Terms of Service, or to protect the rights and safety of Deelz, our users, or the public.

5. Public datasets we use (not shared back)

Deelz uses a small number of public data sources to power discovery features. These are read-only on our side; we do not send your personal data to any of them.

  • Open map data for London, under its respective open licence (attribution retained in-app).
  • Public transport station coordinates, bundled with the iOS app so we can display the nearest station beside each deal. Nothing is sent to any transport authority.

6. Where your data lives

Your data is stored primarily in the European Union. Some sub-processors may process data outside the UK/EU under Standard Contractual Clauses or equivalent transfer mechanisms.

7. How long we keep data

  • Account data - as long as your account exists, plus up to 30 days after deletion to allow for recovery and to satisfy our audit logs. You can delete your account at any time.
  • Deal listings - indefinitely, even for inactive restaurants, unless you ask us to delete them.
  • Usage and analytics - raw event data up to 2 years; aggregated stats indefinitely.
  • Support correspondence - typically 2 years.
  • Outreach records - see Section 10. If you ask us to stop contacting you, we keep a suppression record indefinitely so we don't accidentally email you again.

8. Cookies and similar tech

We use a small number of cookies and local storage entries. Essential ones load by default; analytics ones only load after you accept the cookie banner.

  • Essential: authentication, theme preference, saved deals (iOS local storage), UI state, marketing attribution signals for your session.
  • Analytics (opt-in via cookie banner): first-party product analytics. IP anonymised at source. No cross-site tracking.

We don't use tracking cookies for advertising. You can change your cookie preference at any time.

9. Your rights under UK GDPR

You have the following rights over your personal data. To exercise any of them, email privacy@deelz.uk.

  • Access - ask for a copy of the data we hold on you.
  • Rectification - ask us to correct inaccurate data.
  • Erasure ("right to be forgotten") - ask us to delete your data. You can also delete your account directly from the iOS app (Settings → Delete account) or the portal.
  • Portability - ask for your data in a machine-readable format.
  • Objection - object to certain kinds of processing (e.g., direct marketing). One-click unsubscribe links in every marketing email action this instantly.
  • Restriction - ask us to pause processing in specific circumstances.
  • Withdraw consent - withdraw any consent you've given (e.g., location permission, analytics cookie acceptance).

We'll respond within 30 days. If you're unhappy with how we handle your data, you can also complain to the UK Information Commissioner's Office (ico.org.uk).

10. Outreach to restaurants we haven't heard from yet

We contact London restaurants that haven't signed up with an email describing the platform. If you've received one and want to know how this works:

  • Where the data comes from: we combine public business directories, public emails listed on your own website's contact pages, and address data used for accuracy. We do not buy contact lists from third parties.
  • Lawful basis: UK GDPR legitimate interest for B2B marketing to business contacts, balanced against the expectation that a visible business email is open to commercial correspondence. We send one initial email per restaurant; we do not mass-blast follow-ups.
  • Opt-out: every outreach email has a one-click unsubscribe link and accepts a reply of "STOP" or "UNSUBSCRIBE". Taking either action suppresses you permanently across our systems.
  • Corrections: if we've reached a wrong address or described your business incorrectly, reply telling us and we'll fix the record immediately.

If you're a director or sole proprietor whose personal email is listed publicly by your business (for example, on your own site), you can ask us to suppress that address at any time at privacy@deelz.uk.

11. Children

Deelz is not designed for or directed to children under 13. We don't knowingly collect data from anyone under 13. If you think a child has created an account, contact us and we'll remove it.

12. Security

We use industry-standard security practices: HTTPS everywhere, managed password hashing, principle-of-least-privilege access controls, server-side security rules, and the physical + network security of our cloud infrastructure. No system is perfect - if we ever suffer a security incident affecting your data, we'll notify you promptly and report it to the ICO as required.

13. Changes to this policy

If we make material changes, we'll update the "Last updated" date at the top and notify existing users by email. Continued use of Deelz after the changes go live counts as acceptance.

14. Contact

Questions, complaints, or GDPR requests: privacy@deelz.uk

Data Controller: Kaeronea Limited (company number 14797526), registered office: 86-90 Paul Street, London, England, EC2A 4NE.

This is a good-faith plain-English summary of how we handle your data. It isn't legal advice. If you run a legal team, have them review this before relying on it.