Privacy Policy

Last updated: 20th April 2026

This Privacy Policy explains how CompliChef™ (a trading name of Nicholas Richards) collects, stores, and uses your personal data across the Portal, KitchenPortal, StaffPortal, and RecruitPortal.

1. Who We Are

CompliChef™ is operated by Nicholas Richards in the United Kingdom.
Contact: privacy@complichef.co.uk

2. Data We Collect

  • Account details (name, email, organisation, password — hashed)
  • Compliance data (logs, checklists, training, temperature data)
  • Staff records — collected via the StaffPortal and stored encrypted at rest, including:
    • Personal details (full name, date of birth, email, mobile/phone number, profile photo)
    • Address information
    • Employment details (job title, role, start date, employment status)
    • Right to Work documentation
    • Emergency contact details
    • Bank details (for payroll purposes)
    • Health and medical information (special category data under UK GDPR Art. 9)
    • HR notes and internal records
    • Uploaded documents (contracts, ID, certificates, etc.)
    • National Insurance number
  • Recruitment data (job ads, applications, notes)
  • Billing data (via third-party providers like PayPal)
  • Technical/usage data (IP address, browser, device, activity)

3. How We Use Your Data

  • To provide access to all CompliChef™ platforms
  • To generate HACCP and compliance reports
  • To process payments, subscriptions and credits
  • To support business operations and customer service
  • To improve platform performance and security

4. Legal Basis

  • Contractual necessity (your subscription)
  • Legitimate interests (platform security & improvement)
  • Legal obligations (billing records)
  • Consent (marketing emails)

5. Data Retention & Regulatory Obligations

We retain personal data only for as long as necessary to provide our services, meet contractual commitments, and comply with legal and regulatory obligations.

Certain categories of data — including compliance logs, HACCP records, temperature logs, training records, audit history, and account activity — may be retained after account closure where required for:

  • UK food safety and regulatory requirements
  • Responding to lawful requests from authorities (e.g. EHOs, FSA, police)
  • Legal claims, dispute resolution, or enforcement matters

Account deletion does not automatically erase data that must be retained by law.

6A. Disclosure to Regulatory & Law Enforcement Authorities

We may disclose relevant data where required to do so by law, court order, or lawful request from regulatory or enforcement authorities.

Such disclosures are limited to what is legally required and are logged for accountability. We do not provide informal, unauthorised, or voluntary access to customer data.

7. Security

All data is encrypted in transit (HTTPS) and encrypted at rest in our databases. Staff portal data — including personal, financial, and health/medical records — is subject to additional encryption at the field level within our storage systems. Access is strictly controlled on a role and permission basis. No system is 100% secure — users must also protect their account credentials.

7A. Two-Factor Authentication (2FA)

CompliChef™ enforces Two-Factor Authentication (2FA) as a mandatory security control across its platforms:

  • Portal (portal.complichef.co.uk): 2FA is required for all users on every login.
  • Staff Portal (staffportal.complichef.co.uk): 2FA is mandatory for all Owner and Manager role accounts on every login. Standard staff accounts are not currently subject to mandatory 2FA.

Two authentication methods are supported:

  • Authenticator App (TOTP): Time-based one-time codes via Google Authenticator or a compatible app. Where set up, this is the primary method.
  • Email OTP: A one-time code sent to the account's registered email address. This is the default method where an authenticator app has not been configured.

We strongly recommend all Owner and Manager accounts configure an authenticator app for stronger protection. Setup is available via Account Settings.

8. Your Rights (UK GDPR)

  • Right to access
  • Right to correction
  • Right to deletion (subject to legal, regulatory, and contractual retention obligations)
  • Right to data portability
  • Right to object
  • Right to withdraw consent

9. Cookies

CompliChef uses cookies for authentication, session security and usage analytics.

10. Recruitment Data

If you use CompliChef Recruit, you act as the data controller for candidate data. We process that data on your behalf as a data processor.

10A. Staff Portal Data

Where you use the CompliChef™ StaffPortal to store staff records, you act as the data controller for that personal data. CompliChef™ acts as the data processor under UK GDPR Article 28, processing that data solely on your instruction.

Staff records held in the StaffPortal may include special category data as defined under UK GDPR Article 9 — in particular, health and medical information. As data controller, you are responsible for:

  • Ensuring a lawful basis exists for collecting and storing each category of staff data
  • Obtaining any required consent from staff members for special category data
  • Handling data subject access requests, correction requests, and deletion requests from your employees
  • Informing your staff that their records are stored on the CompliChef™ platform

All staff data held in the StaffPortal is encrypted at rest. Access is restricted to authorised users within your account only. CompliChef™ does not access, share, or use staff record data for any purpose other than providing the platform to you.

10B. StaffPortal — GPS Location Data (Login & Clock-In/Out)

Where your organisation enables the GPS Access feature within the CompliChef™ StaffPortal, the platform will request and record the geographic location of a staff member's device at the following points:

  • Login — to verify the staff member is accessing the portal from a permitted location
  • Clock-in — to confirm the staff member is physically present at the correct site before their attendance is recorded
  • Clock-out — to confirm location at the point of ending a shift

What is collected at each GPS event:

  • GPS coordinates (latitude and longitude)
  • Timestamp of the event (login, clock-in, or clock-out)
  • Event type (login / clock-in / clock-out)
  • Staff member identifier
  • Device type and browser

What is not collected: Location data is captured only at the discrete points listed above. The StaffPortal does not continuously track, monitor, or record a staff member's location during their shift or between events.

Purpose: GPS location data is used to:

  • Verify that staff are logging in from an expected or permitted location
  • Ensure that clock-in and clock-out events are recorded at the correct physical site, preventing remote or fraudulent attendance recording
  • Provide managers with a location-verified attendance audit trail

Controller and processor: Your organisation (the account holder) acts as the data controller for all GPS location data collected about your staff. CompliChef™ acts as the data processor under UK GDPR Article 28, processing this data solely on your instruction and for the purpose of providing the GPS Access feature.

Your responsibilities as employer: If you enable GPS location verification in the StaffPortal, you are responsible for:

  • Informing all affected staff — before the feature is enabled — that their location will be recorded at login, clock-in, and clock-out, in line with ICO guidance on monitoring at work
  • Establishing and documenting a lawful basis under UK GDPR for collecting location data at each event type (e.g. legitimate interests supported by a Legitimate Interests Assessment)
  • Updating your organisation's own privacy notice or staff handbook to clearly describe this monitoring and its purpose
  • Ensuring location-based attendance monitoring is proportionate, limited to what is necessary, and not used for purposes beyond verifying site attendance
  • Handling data subject access requests from staff members who wish to see their GPS attendance records
  • Retaining GPS attendance records only for as long as necessary for payroll, dispute resolution, or legal purposes, and deleting them thereafter

All GPS location records are encrypted at rest. Access is restricted to authorised manager and owner accounts within your organisation only. CompliChef™ does not use GPS location data for any purpose other than delivering the GPS Access feature to you.

10C. CareMenu Pro — Resident Profile Data

Where you use CareMenu Pro to manage resident dietary profiles, you act as the data controller for all resident personal data stored within the platform. CompliChef™ acts as the data processor under UK GDPR Article 28, processing that data solely on your instruction and for the purpose of delivering the CareMenu Pro service.

Resident profiles may include the following data:

  • Resident identifier — this may be recorded as a full name (first and last name) or as initials only, depending on how your organisation configures the profile. Both formats are treated as personal data under UK GDPR.
  • Room number or location reference
  • Dietary requirements and preferences
  • Allergen information (including the 14 major allergens under UK Food Information Regulations)
  • Texture-modified diet codes (e.g. IDDSI levels)
  • Religious, cultural, or lifestyle dietary requirements
  • Any free-text clinical or catering notes added by your staff

Special Category Data: Dietary, allergen, and texture-modified diet information may constitute health-related special category data under UK GDPR Article 9. As data controller, you are responsible for:

  • Ensuring a lawful basis and, where required, an Article 9 condition exists for processing resident health-related dietary data
  • Informing residents (or their representatives) that their dietary profile is stored on the CompliChef™ platform
  • Handling data subject access, correction, and deletion requests relating to resident profiles
  • Ensuring only authorised staff within your organisation have access to resident profile data

Identifiers — full name vs initials: If your organisation chooses to record residents using initials only rather than full names, this reduces the identifiability of the data within the platform. However, initials remain personal data in the context of a care setting where the individual can still be identified by staff. CompliChef™ recommends using the minimum identifier necessary for safe dietary management, consistent with your organisation's own data protection policy.

All resident profile data is encrypted at rest. Access is restricted to authorised users within your account only. CompliChef™ does not access, share, or use resident profile data for any purpose other than providing the CareMenu Pro service to you.

10D. StaffPortal — Encrypted Messaging

The CompliChef™ StaffPortal includes a built-in messaging system that allows owners, managers, and staff to communicate within their organisation. All messages are encrypted at rest using AES-256-GCM symmetric encryption. Messages are not readable by CompliChef™ staff or any third party — only authorised members of your organisation's messaging threads can view them.

What is collected:

  • Message content (stored encrypted in our database)
  • Sender and recipient identifiers
  • Timestamps (sent, read)
  • Read receipts (which members have read a message and when)
  • File attachments (images, documents) uploaded within a conversation
  • Thread membership records (who joined or left a conversation and when)

Who can access messages:

  • Only staff members who are active participants in a thread can read its messages
  • Messages are strictly scoped to your organisation — no cross-organisation access is possible
  • CompliChef™ does not read, scan, or analyse message content
  • Owners and managers may administer thread membership (add/remove members)

Who can initiate conversations:

  • By default, only owners and managers can start new conversations
  • Your organisation can enable staff-initiated messaging via your organisation's messaging settings

File attachments: Files sent within messages are stored encrypted on CompliChef™ servers and are accessible only to members of the relevant conversation thread. Supported file types are restricted for security purposes. Maximum attachment size is determined by your organisation's settings (default 25 MB).

Message deletion: Senders may delete their own messages. Deleted messages are replaced with a deletion notice — the original content is permanently removed and cannot be recovered. Read receipts and thread metadata may be retained after deletion.

Retention: Message data is retained for as long as your organisation's account is active. Upon account closure, messages are deleted in accordance with our standard data retention schedule, subject to any legal hold obligations.

Controller and processor: Your organisation acts as the data controller for messages sent between your staff. CompliChef™ acts as the data processor under UK GDPR Article 28, providing the encrypted messaging infrastructure solely for your use. You are responsible for ensuring that the use of internal messaging within your organisation complies with your own data protection obligations, including informing staff that their messages are stored on the CompliChef™ platform.

10E. Stripe — Payment Processing

Where you sign up to a CompliChef™ subscription via the portal, payment is processed securely by Stripe (Stripe Payments Europe, Ltd.), acting as an independent data controller for payment data. CompliChef™ does not store full card numbers. Stripe stores and processes card details in accordance with PCI-DSS standards.

  • Your card details are entered directly into Stripe's hosted checkout — CompliChef™ never sees them
  • We receive a Stripe customer ID and subscription ID for managing your account
  • Trial subscriptions require a card to be saved upfront; no charge is made until the trial period ends
  • You may cancel your subscription at any time before the trial or billing period ends to avoid a charge

Stripe's privacy policy is available at stripe.com/gb/privacy.

11. Updates to This Policy

We may update this Privacy Policy periodically. Continued use of the platform means acceptance of updated terms.

12. Contact

Questions or requests?
Email: privacy@complichef.co.uk