Privacy Policy

Last updated: February 2026

QueueJump Group Ltd (“we”, “us”, “our”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, and protect your personal information when you use our pre-order platform for street food vendors, pop-ups, and events.

We are registered in England and Wales. We comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Information We Collect

For Customers

  • Name and email address (for order confirmations and collection notifications)
  • Phone number (optional, if you choose to provide it)
  • Order history and preferences
  • Vendor following preferences (if you choose to follow vendors)
  • Payment information (processed securely by Stripe, not stored by us)
  • Device and browser information (for security and fraud prevention)

For Vendors

  • Business name, trading name, and contact information
  • Account credentials and authentication data
  • Team member details (if you add staff to your account)
  • Bank and payment details (securely handled via Stripe Connect)
  • Menu information, food outlet details, and session schedules
  • Order and transaction history
  • Subscription and billing information

2. How We Use Your Information

We use your information to:

  • Process orders and facilitate payments
  • Send order confirmations, collection notifications, and updates
  • Notify you when vendors you follow publish new sessions (if you've chosen to follow vendors)
  • Provide customer support and respond to enquiries
  • Improve and personalise our services
  • Comply with legal obligations (including financial record-keeping)
  • Prevent fraud, abuse, and unauthorised access
  • Send important service updates and account notifications

Legal basis: We process your data based on contract performance, legitimate interests (fraud prevention, service improvement), legal obligations (financial records), and your consent (for following vendors and marketing communications).

3. Data Sharing and Third Parties

We share data only as necessary to provide our services:

  • Vendors: When you place an order, we share your name, email, phone number (if provided), order details, and any special requests with the vendor. This is essential for order fulfilment.
  • Stripe: Payment processing and vendor payouts. Stripe handles all card data directly and maintains PCI DSS compliance. See Stripe's privacy policy at stripe.com/gb/privacy.
  • Resend: Transactional email delivery (order confirmations, ready notifications, vendor session alerts).
  • Supabase: Our database and authentication provider. Data is hosted in secure EU data centres. See Supabase's privacy policy at supabase.com/privacy.

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

4. Data Retention

We retain order and transaction data for 7 years to comply with UK tax and accounting regulations (HMRC requirements). After this period, data is securely deleted unless we are legally required to retain it longer.

You may request deletion of your account and personal data at any time. However, we must retain transaction records for the statutory period even after account deletion. We will anonymise or pseudonymise this data where possible.

5. Your Rights (UK GDPR)

Under UK GDPR, you have the following rights:

  • Right of access: Request a copy of your personal data
  • Right to rectification: Correct inaccurate or incomplete data
  • Right to erasure: Request deletion of your data (subject to legal retention requirements)
  • Right to restrict processing: Limit how we use your data in certain circumstances
  • Right to data portability: Receive your data in a machine-readable format
  • Right to object: Object to processing based on legitimate interests
  • Right to withdraw consent: Withdraw consent at any time (e.g., unfollow vendors, opt out of notifications)

To exercise any of these rights, please contact us at privacy@queuejump.app. We will respond within 30 days.

6. Cookies and Tracking

We use essential cookies for authentication and session management. These cookies are necessary for the platform to function and cannot be disabled.

We may use analytics cookies (with your consent) to understand how our service is used and to improve the user experience. You can manage your cookie preferences through your browser settings.

7. Security

We implement industry-standard security measures to protect your data, including:

  • End-to-end HTTPS encryption for all data transmission
  • Secure authentication and password hashing
  • Regular security audits and monitoring
  • Data hosted in secure EU data centres with ISO 27001 certification
  • Restricted access controls and role-based permissions

Payment card data is handled exclusively by Stripe (a PCI DSS Level 1 certified provider) and never touches or is stored on our servers.

8. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes via email or through the platform.

9. Contact and Complaints

If you have any questions, concerns, or requests regarding your privacy or this policy, please contact us at privacy@queuejump.app.

QueueJump Group Ltd
London, United Kingdom

You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO) if you believe we have not handled your data appropriately. Visit ico.org.uk for more information.